什么阻止我登录? [英] What is stopping me from Logging in?
问题描述
我有一个登录页面,当我输入无效的用户名和密码时,我收到了正确的错误消息。当我输入有效的用户名和密码并单击登录按钮时,出现错误消息无效的用户名/密码!!!所以我从数据库中复制了用户名和密码,并显示相同的错误。它不会让我登录。我做错了什么?
<前lang =c#> 受保护 void Page_Load( object sender,EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings [ HotConnectionString]。ConnectionString);
con.Open();
string cmdStr = 选择计数(* )来自Tablepass,其中EmailAddress =' + TextBoxEA.Text + ';
SqlCommand userExist = new SqlCommand(cmdStr,con);
SqlCommand cmd = new SqlCommand( select来自Tablepass的INST_ID,EmailAddress,con);
int temp = Convert.ToInt32(userExist.ExecuteScalar()。ToString());
if (temp == 0 )
{
ScriptManager。 RegisterStartupScript( this , this .GetType(), script, alert('用户名不存在!!!你必须先填写注册!!!');, true );
TextBoxEA.Text = string .Empty;
}
else if (temp == 1 )
{
ScriptManager.RegisterStartupScript( this , this .GetType(), script, alert('无效的用户名/密码!!!');, true ) ;
TextBoxEA.Text = string .Empty;
}
}
}
受保护 void Button1_Click ( object sender,EventArgs e)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings [ HotConnectionString]。ConnectionString);
con.Open();
if ( true )
{
SqlCommand level = new SqlCommand( select accessLevel,Password,INST_ID来自Tablepass,其中EmailAddress = @EmailAddress AND Password = @Password,con);
level.Parameters.Add( new SqlParameter( EmailAddress,TextBoxEA.Text));
level.Parameters.Add( new SqlParameter( 密码,TextBoxPW.Text));
SqlDataReader reader = level.ExecuteReader();
DataTable dt1 = new DataTable();
dt1.Load(读者);
foreach (DataRow dr1 in dt1.Rows)
{
int returnedLevel = Convert.ToInt32(dr1 [ 0 ]。ToString());
int inst_id = Convert.ToInt32(dr1 [ 2 ]。ToString());
会话[ inst_id] = inst_id;
if (returnedLevel == 1 )
{
Response.Redirect( FormAPublic.aspx);
}
else if (returnedLevel == 2 )
{
Response.Redirect( FormCPrivateNon.aspx );
}
else if (returnedLevel == 3 )
{
Response.Redirect( FormDPrivateFor.aspx );
}
else if (returnedLevel == 7 )
{
Response.Redirect( CEOPage.aspx );
}
else if (returnedLevel == 8 )
{
Response.Redirect( DBPage.aspx );
}
else if (returnedLevel == 11 )
{
Response.Redirect( FormAPublicL.aspx );
}
else if (returnedLevel == 21 )
{
Response.Redirect( FormCPrivateNonL.aspx );
}
else if (returnedLevel == 31 )
{
Response.Redirect( FormDPrivateForL.aspx );
}
else if (returnedLevel == 0 )
{
Response.Redirect( Oops2.aspx );
}
}
}
}
} 观察
因为你有 if(IsPostBack),等等按钮单击,它将进入,如果阻止。
在下面的行中,它会找到用户,所以temp将为1.
int temp = Convert.ToInt32(userExist.ExecuteScalar()。ToString( ));
因此,它将进入否则,如果并显示消息。
else if (temp == 1 )
{
ScriptManager.RegisterStartupScript( this ,这 .GetType(), script, alert('无效的用户名/密码!!!');, true );
TextBoxEA.Text = string .Empty;
}
建议
我想你应该有 if(!IsPostBack)而不是 if(IsPostBack)
你有很多事情要做,我会尝试把它分解成碎片,但这是我怀疑你的问题。
< pre lang =c#> SqlCommand cmd = new SqlCommand( 选择INST_ID,来自Tablepass的EmailAddress,con);
您的SQL命令从TablePass中选择INST_ID和EmailAddress。然后执行ExecuteNonScalar,当使用Select时不返回记录数,它返回第一行的第一个值,因此无论INST_ID是否为它返回的第一行。
我认为你想做的事情更像是:
SqlCommand cmd = new SqlCommand( 从Tablepass中选择count(*)WHERE emailAddress =# emailID和密码= @password,con);
cmd.Parameters.AddWithValue(@emailID,TextboxEA);
cmd.Parameters.AddWithValue(@ password,TextboxPW);
bool goodLogIn =( int )cmd.ExecuteNonQuery()== < span class =code-digit> 1 ;
这就是我所做的。
受保护 void Page_Load( object sender,EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings [ HotConnectionString]的ConnectionString)。
con.Open();
string cmdStr = 选择计数(* )来自Tablepass,其中EmailAddress =' + TextBoxEA.Text + ';
SqlCommand userExist = new SqlCommand(cmdStr,con);
SqlCommand cmd = new SqlCommand( select来自Tablepass的INST_ID,EmailAddress,con);
int temp = Convert.ToInt32(userExist.ExecuteScalar()。ToString());
if (temp == 0 )
{
ScriptManager。 RegisterStartupScript( this , this .GetType(), script, alert('用户名不存在!!!你必须先填写注册!!!');, true );
TextBoxEA.Text = string .Empty;
}
else if (temp == 1 )
{
ScriptManager.RegisterStartupScript( this , this .GetType(), script, alert('无效的用户名/密码!!!');, true ) ;
}
}
}
受保护 void Button1_Click( object sender,EventArgs e)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings [ HotConnectionString]。ConnectionString );
con.Open();
if ( true )
{
SqlCommand level = new SqlCommand( select accessLevel,Password,INST_ID来自Tablepass,其中EmailAddress = @EmailAddress AND Password = @Password,con);
level.Parameters.Add( new SqlParameter( EmailAddress,TextBoxEA.Text));
level.Parameters.Add( new SqlParameter( 密码,TextBoxPW.Text));
SqlDataReader reader = level.ExecuteReader();
DataTable dt1 = new DataTable();
dt1.Load(读者);
foreach (DataRow dr1 in dt1.Rows)
{
int returnedLevel = Convert.ToInt32(dr1 [ 0 ]。ToString());
int inst_id = Convert.ToInt32(dr1 [ 2 ]。ToString());
会话[ inst_id] = inst_id;
if (returnedLevel == 1 )
{
Response.Redirect( FormAPublic.aspx);
}
else if (returnedLevel == 2 )
{
Response.Redirect( FormCPrivateNon.aspx );
}
else if (returnedLevel == 3 )
{
Response.Redirect( FormDPrivateFor.aspx );
}
else if (returnedLevel == 7 )
{
Response.Redirect( CEOPage.aspx );
}
else if (returnedLevel == 8 )
{
Response.Redirect( DBPage.aspx );
}
else if (returnedLevel == 11 )
{
Response.Redirect( FormAPublicL.aspx );
}
else if (returnedLevel == 21 )
{
Response.Redirect( FormCPrivateNonL.aspx );
}
else if (returnedLevel == 31 )
{
Response.Redirect( FormDPrivateForL.aspx );
}
else if (returnedLevel == 0 )
{
Response.Redirect( Oops2.aspx );
}
}
}
}
}
我拿出了TextBoxEA.Text = string .Empty;来自错误消息,我能够登录。输入无效的用户名和密码时仍会显示错误。感谢。
I have a login page and when I enter an invalid username and password I get the correct error message that I should get. When I enter in a valid username and password and click the Login button I get an error message Invalid UserName/Password!!!. So I copied the username and password from the database and the same error displayes. It will not let me login. What did I do wrong?
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
TextBoxEA.Text = string.Empty;
}
else if (temp == 1)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
TextBoxEA.Text = string.Empty;
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
con.Open();
if (true)
{
SqlCommand level = new SqlCommand("select accessLevel, Password, INST_ID from Tablepass where EmailAddress = @EmailAddress AND Password = @Password", con);
level.Parameters.Add(new SqlParameter("EmailAddress", TextBoxEA.Text));
level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text));
SqlDataReader reader = level.ExecuteReader();
DataTable dt1 = new DataTable();
dt1.Load(reader);
foreach (DataRow dr1 in dt1.Rows)
{
int returnedLevel = Convert.ToInt32(dr1[0].ToString());
int inst_id = Convert.ToInt32(dr1[2].ToString());
Session["inst_id"] = inst_id;
if (returnedLevel == 1)
{
Response.Redirect("FormAPublic.aspx");
}
else if (returnedLevel == 2)
{
Response.Redirect("FormCPrivateNon.aspx");
}
else if (returnedLevel == 3)
{
Response.Redirect("FormDPrivateFor.aspx");
}
else if (returnedLevel == 7)
{
Response.Redirect("CEOPage.aspx");
}
else if (returnedLevel == 8)
{
Response.Redirect("DBPage.aspx");
}
else if (returnedLevel == 11)
{
Response.Redirect("FormAPublicL.aspx");
}
else if (returnedLevel == 21)
{
Response.Redirect("FormCPrivateNonL.aspx");
}
else if (returnedLevel == 31)
{
Response.Redirect("FormDPrivateForL.aspx");
}
else if (returnedLevel == 0)
{
Response.Redirect("Oops2.aspx");
}
}
}
}
}Observation
As you haveif (IsPostBack), so on Button Click, it will go insideifblock.
On the below line, it will find the user, so temp will be 1.
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
So, it will go insideelse ifand show you the message.
else if (temp == 1) { ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true); TextBoxEA.Text = string.Empty; }
Suggestion
I guess you should haveif (!IsPostBack)instead ofif (IsPostBack)
You have a lot going on here, I would try to break it down into pieces, but here is what I suspect is your problem.
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
Your SQL command selects INST_ID and EmailAddress from TablePass. You then execute the ExecuteNonScalar, which when using a Select doesn't return the count of records, it returns the first value from the first row, so whatever INST_ID is for the first row it returns.
What I think you want to do is something more like this:
SqlCommand cmd = new SqlCommand("select count(*) from Tablepass WHERE emailAddress = #emailID AND password = @password", con); cmd.Parameters.AddWithValue(@emailID, TextboxEA); cmd.Parameters.AddWithValue(@password, TextboxPW); bool goodLogIn = (int)cmd.ExecuteNonQuery() == 1;
This is what I did.
protected void Page_Load(object sender, EventArgs e) { if (IsPostBack) { SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString); con.Open(); string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'"; SqlCommand userExist = new SqlCommand(cmdStr, con); SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con); int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString()); if (temp == 0) { ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true); TextBoxEA.Text = string.Empty; } else if (temp == 1) { ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true); } } } protected void Button1_Click(object sender, EventArgs e) { SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString); con.Open(); if (true) { SqlCommand level = new SqlCommand("select accessLevel, Password, INST_ID from Tablepass where EmailAddress = @EmailAddress AND Password = @Password", con); level.Parameters.Add(new SqlParameter("EmailAddress", TextBoxEA.Text)); level.Parameters.Add(new SqlParameter("Password", TextBoxPW.Text)); SqlDataReader reader = level.ExecuteReader(); DataTable dt1 = new DataTable(); dt1.Load(reader); foreach (DataRow dr1 in dt1.Rows) { int returnedLevel = Convert.ToInt32(dr1[0].ToString()); int inst_id = Convert.ToInt32(dr1[2].ToString()); Session["inst_id"] = inst_id; if (returnedLevel == 1) { Response.Redirect("FormAPublic.aspx"); } else if (returnedLevel == 2) { Response.Redirect("FormCPrivateNon.aspx"); } else if (returnedLevel == 3) { Response.Redirect("FormDPrivateFor.aspx"); } else if (returnedLevel == 7) { Response.Redirect("CEOPage.aspx"); } else if (returnedLevel == 8) { Response.Redirect("DBPage.aspx"); } else if (returnedLevel == 11) { Response.Redirect("FormAPublicL.aspx"); } else if (returnedLevel == 21) { Response.Redirect("FormCPrivateNonL.aspx"); } else if (returnedLevel == 31) { Response.Redirect("FormDPrivateForL.aspx"); } else if (returnedLevel == 0) { Response.Redirect("Oops2.aspx"); } } } } }
I took out theTextBoxEA.Text = string.Empty;from the error message and I was able to Login. The error still displays when you enter an invalid username and password. Thanks.
这篇关于什么阻止我登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
