登录由droplist错误决定 [英] Login conditioned by droplist Error

问题描述

我想登录2种类型：Admin& Regualar用户，每个人都有差异表，我将通过下拉列表检查类型，



问题：它不会进入if语句检查类型。如何让它检查下拉列表的值是什么，并取决于它决定检查哪个表。





< br $>

I want to make login for 2 types: Admin & Regualar users, each one had diff table, where I`ll check the type by dropdownlist,

problem: it wont get into if statement that check the type. how to make it check whats the value of the droplist and depends on that it`ll decide to check in which table.

Imports System
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Data.SqlClient
Imports System.Configuration
Imports System.Data
Imports System.Threading


Public Class _Default
Inherits System.Web.UI.Page
Public s As String

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
    Session.Clear()

End Sub

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button1.Click
    Dim con As SqlConnection = New SqlConnection(ConfigurationManager.ConnectionStrings("RegconnectionString").ConnectionString)
    con.Open()
    Dim userCount As Int32 = GetUserCount(txtUserName.Text)
    Dim paasCount As Int32 = GetPassCount(TxtPassword.Text)
    Dim userCount2 As Int32 = GetUserCount(txtUserName.Text)
    Dim paasCount2 As Int32 = GetPassCount(TxtPassword.Text)
    Dim x As String = DrpType.SelectedValue

    If x = "Admin" Then
        If userCount2 > 0 And paasCount2 > 0 Then
            Session("FirstName") = txtUserName.Text
            Response.Redirect("LoggedIn.aspx")
            ClientScript.RegisterStartupScript(Page.GetType(), "Message", "alert(''Admin'')", True)
        Else
            lblErr.Visible = True
        End If


    ElseIf x = "Cus" Then
        If userCount > 0 And paasCount > 0 Then
            Session("FirstName") = txtUserName.Text
            Response.Redirect("LoggedIn.aspx")
            ClientScript.RegisterStartupScript(Page.GetType(), "Message", "alert(''Customer'')", True)
        Else
            lblErr.Visible = True
        End If
    End If
End Sub


'' Method to check existence for users
Public Shared Function GetUserCount(ByVal userName As String) As Int32
    Const sql1 = "SELECT COUNT(*) FROM Registration where username = @UserName"
    Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("RegconnectionString").ConnectionString)
        Using cmd = New SqlCommand(sql1, con)
            cmd.Parameters.AddWithValue("@UserName", userName)
            con.Open()
            Using reader = cmd.ExecuteReader()
                If reader.HasRows Then
                    reader.Read()
                    Dim count As Int32 = reader.GetInt32(0)
                    Return count
                End If
            End Using
        End Using
    End Using
End Function


'' Method to check PAssword for users
Public Shared Function GetPassCount(ByVal password As String) As Int32
    Const sql2 = "SELECT COUNT(*) FROM Registration where password = @Password"
    Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("RegconnectionString").ConnectionString)
        Using cmd = New SqlCommand(sql2, con)
            cmd.Parameters.AddWithValue("@Password", password)
            con.Open()
            Using reader = cmd.ExecuteReader()
                If reader.HasRows Then
                    reader.Read()
                    Dim count As Int32 = reader.GetInt32(0)
                    Return count
                End If
            End Using
        End Using
    End Using
End Function


        '' Method to check existence for admin
Public Shared Function GetUserCount2(ByVal userName2 As String) As Int32
    Const sql3 = "SELECT COUNT(*) FROM Adm_Login where username = @UserName"
    Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("RegconnectionString").ConnectionString)
        Using cmd = New SqlCommand(sql3, con)
            cmd.Parameters.AddWithValue("@UserName", userName2)
            con.Open()
            Using reader = cmd.ExecuteReader()
                If reader.HasRows Then
                    reader.Read()
                    Dim count As Int32 = reader.GetInt32(0)
                    Return count
                End If
            End Using
        End Using
    End Using
End Function


         '' Method to check PAssword for admin
Public Shared Function GetPassCount2(ByVal password2 As String) As Int32
    Const sql4 = "SELECT COUNT(*) FROM Adm_Login where password = @Password"
    Using con As New SqlConnection(ConfigurationManager.ConnectionStrings("RegconnectionString").ConnectionString)
        Using cmd = New SqlCommand(sql4, con)
            cmd.Parameters.AddWithValue("@Password", password2)
            con.Open()
            Using reader = cmd.ExecuteReader()
                If reader.HasRows Then
                    reader.Read()
                    Dim count As Int32 = reader.GetInt32(0)
                    Return count
                End If
            End Using
        End Using
    End Using
End Function


Public Sub DrpType_SelectedIndexChanged(sender As Object, e As EventArgs) Handles DrpType.SelectedIndexChanged

End Sub

End Class

推荐答案

即使我对.NET有点新鲜/>


无论如何s，使用



如果x ==管理员那么





并设置一个断点来检查流量。





希望它有所帮助。



干杯。

Even I am a bit new to .NET

Anyways, use

If x == "Admin" Then


and put a break point to check the flow.


Hope it helps.

Cheers.

代码中存在太多缺陷。首先，如何绑定下拉列表？你有硬编码吗（你在aspx页面中包含了listitems）？当您在按钮点击时验证用户的凭据时，为什么在更改下拉列表的选定索引时需要回发？您分两部分验证用户或管理员（用户ID和密码分开）！假设有两个用户user1和userr2 user1有密码password1而user2有密码password2，现在当user1登录时，他输入用户名：user1和密码：password2。这是不正确的信息，您的代码仍会对用户进行身份验证并允许他登录。管理员也是如此。为了使其工作，请按照下列步骤操作：



1）要求用户输入其用户ID和密码，并从下拉列表中选择类型（用户或管理员）

2）在检查数据库信息之前应用适当的服务器端和客户端验证。

3）编写两个函数来验证用户validateUser（string _userName，string _password ）和validateAdmin（字符串_userName，字符串_password）

4）按钮'的点击事件写：

There are too many flaws in your code. First of all how do you bind your dropdown list? Have you hard coded it(you have included listitems in aspx page)? Why do you need a postback when dropdownlist''s selected index is changed when you are validating user''s credentials on button''s click? You are validating user or admin in two parts (user id and password seperately)! Suppose there are two users user1 and userr2 user1 has password password1 and user2 has password password2, now when user1 logs in he enters username: user1 and password: password2. This is incorrect information, still your code will authenticate the user and allows him to log in. And same goes for Admin. In order to make it work, follow these steps:

1) Ask the user to enter its user id and password and select the type from dropdownlist(user or admin)
2) Apply proper server-side and client-side validation before checking the information against database.
3) write two functions to validate users validateUser(string _userName, string _password) and validateAdmin(string _userName, string _password)
4) On button''s click event write:

if(DrpType.SelectedItem.Text == "Admin")
validateAdmin(txtUserName.Text,TxtPassword.Text)
else
validateUsertxtUserName.Text,TxtPassword.Text)

这两个函数都应根据用户名和密码验证用户。



希望它有帮助。

Both the functions should validate the user based on username "and" password.

Hope it helps.

这篇关于登录由droplist错误决定的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！