如何根据提供的用户凭据设置不同的登录路径。 [英] How do I set different login paths depending on the user credentials provided.

问题描述

我有一个登录页面，并希望如果提供的用户凭据是管理员（用户名=管理员），则应打开名为AdminPage的窗口表单应用页面。另外一个名为Main_Page的窗体应用程序应该打开。



我尝试了什么：

< br $>

Hi , I have a Login page and want that if the user credentials provided are those of the Administrator(Username = Administrator) then a Window Form App Page called "AdminPage" should open up. Else another Window Form App called "Main_Page" should open up.

What I have tried:

try
           {
               SqlConnection cn = new SqlConnection("Data Source=PV10\\LOCALSERVER;Initial Catalog=SmallSoftwareDB;Integrated Security=True;Pooling=False");
               SqlCommand cmd = new SqlCommand("select * from UserCredentials where Username='" + textBox1.Text + "' and Password='" + textBox2.Text + "'", cn);
               SqlDataReader dr;
               cn.Open();
               dr = cmd.ExecuteReader();
               int cnt = 0;
               while (dr.Read())
               {
                   cnt++;
               }
               if (cnt == 1)
               {
                   MessageBox.Show("Successful Login...", "Message", MessageBoxButtons.OK, MessageBoxIcon.Information);
                   string query = "select Username, Password from UserCredentials where Username='Administrator";
                   SqlCommand cmdA = new SqlCommand(query, cn);
                   dr = cmdA.ExecuteReader();
                   int k = 0;
                   while (dr.Read())
                   {
                       k++;
                   }
                   if (k == 1)
                   {
                       AdminPage A_P = new AdminPage();
                       A_P.Tag = this;
                       A_P.Show(this);
                       Hide();
                   }
                   Main_Page Mp = new Main_Page();
                   Mp.Tag = this;
                   Mp.Show(this);
                   Hide();
                   cn.Close();
                   textBox1.Clear();
                   textBox2.Clear();
               }
               else
               {
                   MessageBox.Show("Invalid UserName or Password", "Message", MessageBoxButtons.RetryCancel, MessageBoxIcon.Warning);
                   textBox1.Clear();
                   textBox2.Clear();
               }
           }
           catch (Exception err)
           {
               MessageBox.Show(err.Message, " ", MessageBoxButtons.OK, MessageBoxIcon.Warning);
           }

推荐答案

您的代码正在执行

Your code is executing

select Username, Password from UserCredentials where Username='Administrator'

总是会返回无论用户的凭据是什么，您都会得到一个结果，因此它会认为每个人都是管理员。如果用户名是管理员是唯一表明他们是管理员的东西，那么只需检查一下;

which is always going to return you a result regardless of what the user's credentials are, so it will think everyone is admin. If the username being Administrator is the only thing that indicates they are admin then simply do a check for that;

if (textBox1.Text.Equals("Administrator", StringComparison.InvariantCultureIgnoreCase))
{
    // user is admin
}

还要看一下使用参数化查询而不是通过字符串连接创建sql查询，因为你的代码容易受到SQL注入攻击。此外，不是做一个while \read循环并递增计数，你可以检查if（dr.Read（）），因为它有多少结果并不重要。您还可以执行从表中选择计数（*）....然后执行ExecuteScalar调用以读取计数结果，看它是0还是1，或者其他什么。

Also look at using parameterised queries rather than creating your sql queries via string concatenation as your code is vulnerable to SQL injection attacks. Also rather than doing a while\read loop and incrementing a count you can just check "if (dr.Read())" as it doesn't really matter how many results there are. You can also do a "select count(*) from table where...." and then do an ExecuteScalar call to read the result of the count and see if it is 0 or 1, or whatever.

if (textBox1.Text.Equals("Administrator", StringComparison.InvariantCultureIgnoreCase))
{
// user is admin
}

这篇关于如何根据提供的用户凭据设置不同的登录路径。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！