登录密码验证 [英] log in password verification
问题描述
在这里,我正在验证我到另一个页面的密码,但它始终在重定向.我认为这里有问题...请在这里帮助我...
我的代码是:
here, i m verifying my password to an another page,but it is always redirecting.I think there is something wrong...plz help me here...
my code is:
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
con.Open();
string cmdstr = "select count(*) from Reg where UserName='" + TextBox1.Text + "'";
SqlCommand checkUser = new SqlCommand(cmdstr, con);
int temp = Convert.ToInt32(checkUser.ExecuteScalar().ToString());
if (temp == 1)
{
string cmdstr2 = "select Password from Reg where UserName='" + TextBox1.Text + "'";
SqlCommand pass = new SqlCommand(cmdstr2, con);
string password = pass.ExecuteScalar().ToString();
con.Close();
if (password == TextBox2.Text)
Session["name"] = TextBox1.Text;
Response.Redirect("AfterLogin.aspx?Name="+TextBox1.Text);
}
else
{
Label2.Visible = true;
Label2.Text = "invalid username or password";
}
}
}
}
推荐答案
我们是对的!如果密码与会话匹配,则设置该会话,因为那是"if(passord == ....)"之后的第一行代码,但是每次都会命中ResponseRedirect.
尝试
Wes is right! if the passwords match the session is set because that is the first line of code after the "if(passord==....)" But the ResponseRedirect is hit every time.
try to
if (password == TextBox2.Text)
{
Session["name"] = TextBox1.Text;
Response.Redirect("AfterLogin.aspx?Name="+TextBox1.Text);
}
如果您已连接调试器,您将看到此行为.如果您的代码也更简洁一点,您可能会看到它.按CTRL + K D在VS中格式化代码.
代码的另一件事是您正在执行2 ExecuteScalar().您只需要一个.我用一种更简洁的方式重写了您的代码:
If you had attached the debugger you would have seen this behavior. You would probably seen it if your code was a little cleaner also. Hit CTRL+K D to format your code in VS.
Another thing with your code is that you are doing 2 ExecuteScalar(). You only need one. I have rewritten your code in a slightly cleaner way:
protected void Button1_Click(object sender, EventArgs e)
{
// I always user variables. Then I don't have refer to textboxes each time.
string username = Textbox1.Text;
string password = TextBox2.Text;
SqlConnection conn = new SqlConnection("ConnectionString");
string sql = "select password from Reg where UserName=@Username";
SqlCommand cmd = new SqlCommand(sql, conn);
// use sql parameter to avoid sql injection!
cmd.Parameters.AddWithValue("@Username", username);
//Open the connection as close to any other db-stuff.
// don't keep it open unless you have to use it
conn.Open();
// ExecuteScalar() (which is an object) can be null!
// using Convert.ToString() prevents any Null Reference Exception.
// Convert.ToString(null) returns string.Empty
string pwdFromDb = Convert.ToString(cmd.ExecuteScalar());
// All database stuff is ok.
cmd.Dispose();
conn.Close(); // Always close DB connection when done!
// Now we can do the redirect logic
if(pwdFromDb == password) // this will make your pwd case sensitive
{
// user is found and passwords are equal
// Set session and redirect user
Session["name"] = username;
Response.Redirect("AfterLogin.aspx?Name=" + username);
}
else
{
// userFoundAndPwdIsOk is false..
Label2.Visible = true;
Label2.Text = "invalid username or password";
}
}
给您的一些提示:
1)在您的sql中发送变量时,请始终使用命令参数!
2)在if(){...}
周围使用方括号
3)切勿将密码存储为明文.对其进行哈希处理并使用密码盐.
A few tips for you:
1) Always use command parameters when sending variables in your sql!
2) Use brackets around your if''s if(){...}
3) Never store passwords as clear text. Hash it and use a password salt.
for (int i = 4; i < 1000; i++)
{
Console.WriteLine(i + ") ALWAYS use command parameters!");
}
这篇关于登录密码验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
