VB.NET 和“登录会话" [英] VB.NET and a 'login session'

问题描述

我正在 VB 中制作一个使用 MySQL 作为数据库的应用程序.我有一个 frmMain 和一个名为 frmLogin 的表单.当我登录时，登录表单会检查数据库是否用户输入了正确的用户名和密码.我希望他们返回到 frmMain 并在 frmMain 中将信息(例如 ID、登录名和角色)作为字符串(或更安全的东西)传递，但我没有知道什么是最好的方法.

I am making a application in VB that uses MySQL as database. I have a frmMain and a form called frmLogin. When I login, the login form checks the database if the user entered the correct username and password. I want them to return to frmMain and pass the information (eg. id, login name and role) as a string (or something safer) in frmMain but I don't know whats the best way to do it.

这是我在 frmLogin 中的代码(我知道 sql 注入):

Here is my code in frmLogin (I know about the sql injections):

Private Sub btnLogin_Click(sender As System.Object, e As System.EventArgs) Handles btnLogin.Click
    Dim loginResult As String

    If String.IsNullOrEmpty(TextGebruikersNaam.Text) Or String.IsNullOrEmpty(TextGebruikersPass.Text) Then
        MsgBox("Voer uw gebruikersnaam en wachtwoord in om in te loggen. ", MsgBoxStyle.Exclamation, "Foutmelding")
        TextGebruikersNaam.Focus()
    Else
        Dim newPass As String
        newPass = HashString.getSHA1Hash(TextGebruikersPass.Text)

        loginResult = SQLHook.Counter("SELECT COUNT(*) FROM tblgebruikers WHERE GebruikersNaam='" & TextGebruikersNaam.Text.Replace("'", "''") & "' AND GebruikersPass='" & newPass.Replace("'", "''") & "'")

        If loginResult = 1 Then
            ' Login is cewl, now set some strings and unload this form so user
            ' could continue on frmMain.
        Else
            MsgBox("De gebruikersnaam of wachtwoord is onjuist.", MsgBoxStyle.Exclamation, "Foutmelding")
            TextGebruikersPass.Text = ""
            TextGebruikersPass.Focus()
        End If
    End If
End Sub

是否有安全的方法来设置(例如)带有用户名和角色的字符串(在数据库中也作为GebruikersRole"行.

Is there are safe way to set a (eg.) String with the username and a role (thats inside the database too as a 'GebruikersRole' row.

感谢您的帮助.

推荐答案

使用会话或应用程序变量来保持您的数据可通过我们的应用程序访问，或者您可以创建一个像 Person info 这样的类并将这些值分配给该类中的属性和它可以在整个应用程序中访问

use session or application variables to keep your data accessible through our the application or you can create a class like Person info and assign those value to properties within that class and it'll be accessible throughout the application

创建一个类

班级人员

private _username as string

private _username as string

公共共享属性用户名作为字符串得到返回_用户名结束获取设置(字符串的值)_用户名 = 值结束集

public shared property username as string get return _username end get set(value of string) _username = value end set

结束课程

这将使整个应用程序都可以使用登录信息，只需引用 person 对象即可.

this will make the the login info available to the entire application just reference the person object.

这篇关于VB.NET 和“登录会话"的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！