如何在2种不同条件下登录? [英] How to do login with 2 different conditions?
本文介绍了如何在2种不同条件下登录?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
任何人都可以HLP吗?
如何使用2种不同的登录条件登录?
1.输入正确的电子邮件时,错误的密码,应显示无效的用户名和密码".
2.当我们输入错误的电子邮件&错误的密码显示请注册以登录" ...
代码:
Hi,
Can anyone hlp?
How to do login with 2 different cnditions?
1.when we enter proper email & wrong password it should show "Invalid Username & password".
2.when we enter just wrong email & wrong password it shold show "Please register to login"...
code:
protected void ImageButton1_Click5(object sender, ImageClickEventArgs e)
{
if (cn.State == ConnectionState.Closed)
{
cn.Open();
}
//int chkusers;
string loginemailid, password;
string fuid = null;
loginemailid = txtusername.Text.Trim();
password = txtpw.Text.Trim();
Session["username"] = loginemailid;
Session["password"] = password;
//cn.Open();
SqlCommand cmd = new SqlCommand("select loginemailid,password from tbl_register where loginemailid='" + txtusername.Text + "' and password='" + txtpw.Text + "'", cn);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
while (dr.Read())
{
loginemailid = dr["loginemailid"].ToString();
password = dr["password"].ToString();
string userid = mydac.findid(fuid, loginemailid, password);
Response.Redirect("Home.aspx?userid=" + userid);
}
dr.Close();
}
else
{
lblmsg.Text = "Invalid Username and Password";
}
}
推荐答案
这种方法有很多问题.
1)您不应报告其他错误-如果这样做,它会告诉顽皮的人他们具有有效的用户ID,但密码错误.
2)我什至可以不尝试绕过您的密码检查!如果可以的话,任何人都可以!使用参数化查询,否则您的数据库将受到SQL注入攻击的威胁,该攻击可能会损坏或破坏它.
3)切勿以明文形式存储密码-这是主要的安全隐患.这里有一些有关如何执行此操作的信息:密码存储:如何进行 [ ^ ]
There are so many things wrong with that approach.
1) You shouldn''t report different errors - if you do, it tells the naughty peoiple thjat they have a valid user id, but a bad password.
2) I could bypass your password checking without even trying! And if I can, anyone can! Use parametrized queries, or your database is at risk from an SQL Injection attack which could damage or destroy it.
3) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
你好,
试试这个
Hi sat,
try this
static int loginfail = 0;
if (dr.HasRows)
{
//do something
}
else
{
lblmsg.Text = "Invalid Username and Password";
loginfail++;
}
if(loginfail==3)
{
lblmsg.Text = "Please register to Login;
}
我想到了一些事情:
- 根据您的代码,您将密码存储为纯文本格式,这非常糟糕并且存在很高的安全风险.您应该(最好)使用加盐的哈希值(最好)使用加密的值.我只建议后者,前提是要求用户可以检索密码,并且我甚至建议不要这样做.
- 请考虑使用.net提供程序进行身份验证和授权:已经完成了您正在做的工作.
SqlMemberShip和角色提供程序将立即完成您想要做的事情(观看此视频 [
A few things spring to mind:
- According to your code, you are storing passwords in plain text, this is extremely bad and poses a high security risk. You should (best) use a salted hash or (less good) use encrypted values. I would only suggest the latter if it is mandated somewhere that users should be able to retrieve their passwords, and I would even advise against this as a requirement
- Please consider using the .net providers for authentication and authorisation: the already do the work you are doing. The
SqlMemberShipand role providers will do pretty much what you want out of the box(See this video[^]). If you need to, you can write your own providers or subclass existing ones (See this video[^])
这篇关于如何在2种不同条件下登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
