📄 login.aspx
字号:
<%@Page Language="C#" EnableViewState="True" EnableSessionState="True" %>
<%@Import Namespace="System.Data" %>
<%@Import Namespace="System.Data.SqlClient" %>
<script Language="C#" runat="server">
// -------------------------------------------------------
// page-level variable to hold style size
String sStyleSize = "Standard";
// page-level variable to hold current user ID
String sUserID;
// page-level variable to hold DB connection string
String sConnect;
// -------------------------------------------------------
void Page_Load() {
// get current UserID from Session
sUserID = (String)Session["WccUserID"];
if (sUserID == "" || sUserID == null) {
// not is Session so browser does not support
// sessions or did not load default.aspx first
Response.Clear();
Response.Redirect("../default.aspx");
Response.End();
}
// get style sheet size from Session
sStyleSize = (String)Session["WccStyleSize"];
// get database connection string from web.config
sConnect = ConfigurationSettings.AppSettings["XroxCarsConnectString"];
// if this is a temporary login name, may need to register
if (sUserID.Substring(0, 1) == "~") {
// make register controls visible
pnlRegister.Visible = true;
}
else {
// hide register controls
pnlRegister.Visible = false;
// display this user's ID in login text box
txtLogonUserID.Text = sUserID;
}
// as we're using only server-side validation, and have
// two separate sets of validation controls, we need to
// disable client-side validation and disable the default
// automatic validation to allow page to be submitted
// when only some of the controls are visible/filled
foreach (BaseValidator oValidator in Page.Validators) {
oValidator.EnableClientScript = false;
oValidator.Enabled = false;
}
// see if we are using cookie-less sessions
if (Session.IsCookieless) {
// set authentication flag is session to "no"
// set to "yes" after successful login/registration
Session["WCCUserAuthenticated"] = "no";
// hide the persistent cookie auto-logon option
// as this only applies to Forms-based authentication
spnHideChecbox.Visible = false;
}
}
// -------------------------------------------------------
void DoRegister(object oSender, EventArgs oArgs) {
// runs when the "Register" button is clicked
// add user to database, migrate any existing quotes
// and redirect them to the "My Cars" page
// cause appropriate set of validation controls to
// check the values of the controls on the page
String sValidatorID;
foreach (BaseValidator oValidator in Page.Validators) {
sValidatorID = oValidator.ID;
if (sValidatorID.IndexOf("Logon") < 0) {
// this is a validator for the "Register" controls
// so enable it and perform validation
oValidator.Enabled = true;
oValidator.Validate();
}
}
// see if validation controls indicate that all values
// in appropriate set of controls on page are valid
// if not, page will display validation errors
if (Page.IsValid) {
// save existing "anonymous" user ID
String sAnonID = sUserID;
if (InsertNewUser()) {
// inserted new user into tblUsers in DB so now
// update any existing quotes for old temporary
// anonymous user ID to new registered user ID
MigrateExistingRows(sAnonID, sUserID);
// redirect to page originally requested (mycars.aspx)
// depends on what session support we are using
if (Session.IsCookieless) {
// using custom session-based authentication
RedirectFromCookielessLoginPage(sUserID);
}
else {
// using Forms-based authentication
// update cookie to reflect new user name
UpdateUserIDCookie();
// do not create persistent authentication cookie this time
FormsAuthentication.RedirectFromLoginPage(sUserID, false);
}
}
else {
// display error details
lblRegisterMsg.Text = "* Sorry, the User ID you have specified is already in use.";
}
}
}
// -------------------------------------------------------
void DoLogin(object oSender, EventArgs oArgs) {
// runs when the "Login" button is clicked
// check if User ID and password exist in database
// and redirect them to the "My Cars" page if valid
String sValidatorID;
foreach (BaseValidator oValidator in Page.Validators) {
sValidatorID = oValidator.ID;
if (sValidatorID.IndexOf("Logon") > 0) {
// this is a validator for the "Login" controls
// so enable it and perform validation
oValidator.Enabled = true;
oValidator.Validate();
}
}
// see if validation controls indicate that all values
// in appropriate set of controls on page are valid
// if not, page will display validation errors
if (Page.IsValid) {
// if user has already registered but entered site this time
// with a temporary UserID (if using cookieless sessions, or
// they have deleted the UserID cookie in their browser or
// are using a different machine) we need to save the
// temporary ID so that we can migrate any quotes they received
// before switching over to their registered user name
String sAnonID = "";
if (sUserID.Substring(0, 1) == "~") {
sAnonID = sUserID;
}
if (AuthenticateUser()) {
// after authentication sUserID contains registered User ID
// if they were using an anonymous ID then now need to migrate
// any existing quotes to registered user ID they provided
if (sAnonID != "" && sAnonID != null) {
MigrateExistingRows(sAnonID, sUserID);
}
// redirect to page originally requested (mycars.aspx)
// depends on what session support we are using
if (Session.IsCookieless) {
// using custom session-based authentication
RedirectFromCookielessLoginPage(sUserID);
}
else {
// using Forms-based authentication
// update cookie to reflect current user name
UpdateUserIDCookie();
// redirect to page they originally requested
// create persistent cookie if selected in page
FormsAuthentication.RedirectFromLoginPage(sUserID, chkPersist.Checked);
}
}
}
}
// -------------------------------------------------------
Boolean InsertNewUser() {
// add a new user to the database
// specify the stored procedure name
String sProcName = "InsertNewUser";
// create connection and command objects
SqlConnection sqlConn = new SqlConnection(sConnect);
SqlCommand sqlComm = new SqlCommand(sProcName, sqlConn);
sqlComm.CommandType = CommandType.StoredProcedure;
// create SHA1 hash of password provided (could use "MD5" instead)
String sPWHash = FormsAuthentication.HashPasswordForStoringInConfigFile(txtPWord.Text, "SHA1");
// get proposed new UserID from text box
String sNewUserID = txtUserID.Text;
// add parameters to Command
sqlComm.Parameters.Add("@UserID", sNewUserID);
sqlComm.Parameters.Add("@UserPW", sPWHash);
sqlComm.Parameters.Add("@UserName", txtName.Text);
sqlComm.Parameters.Add("@Address", txtAddr.Text);
sqlComm.Parameters.Add("@City", txtCity.Text);
sqlComm.Parameters.Add("@State", txtState.Text);
sqlComm.Parameters.Add("@Country", txtCountry.Text);
sqlComm.Parameters.Add("@Phone", txtPhone.Text);
sqlComm.Parameters.Add("@Email", txtEmail.Text);
try {
// execute the stored procedure
sqlConn.Open();
if (sqlComm.ExecuteNonQuery() == 1) {
// new user insert succeeded so update session and variables
sUserID = sNewUserID;
Session["WCCUserID"] = sNewUserID;
return true;
}
else {
return false;
}
}
catch (Exception e) {
return false;
}
finally {
sqlConn.Close();
}
}
// -------------------------------------------------------
Boolean AuthenticateUser() {
// check if this UserID/password is valid
// get login User ID specified in form controls
// and remove any stray spaces from start and end
String sLogonID = txtLogonUserID.Text;
sLogonID = sLogonID.Trim();
// specify the stored procedure name
String sProcName = "AuthenticateUser";
// create connection and command objects
SqlConnection sqlConn = new SqlConnection(sConnect);
SqlCommand sqlComm = new SqlCommand(sProcName, sqlConn);
sqlComm.CommandType = CommandType.StoredProcedure;
// create SHA1 hash of password provided (could use "MD5" instead)
String sPWHash = FormsAuthentication.HashPasswordForStoringInConfigFile(txtLogonPWord.Text, "SHA1");
// add parameters to Command. Note that using a hash
// instead of plain text means we don't have to worry
// about case-sensitivity when comparing values
sqlComm.Parameters.Add("@UserID", sLogonID);
sqlComm.Parameters.Add("@UserPW", sPWHash);
try {
// execute the stored procedure
sqlConn.Open();
if (sqlComm.ExecuteScalar() == sLogonID) {
// found matching row so use new logon as UserID and update session
sUserID = sLogonID;
Session["WCCUserID"] = sUserID;
return true;
}
else {
// no matching row found
lblLoginMsg.Text = "* Invalid User ID or password, please try again...";
return false;
}
}
catch (Exception e) {
// display error details
lblLoginMsg.Text = "* Error while accessing database.<br />"
+ e.Message + "<br />" + e.Source;
return false;
}
finally {
sqlConn.Close();
}
}
// -------------------------------------------------------
void RedirectFromCookielessLoginPage(String sUserID) {
// custom routine to redirect client to mycars.aspx page after
// successful authentication when using cookieless sessions
// set session flag to indicate registration succeeded
Session["WCCUserAuthenticated"] = "yes";
Response.Clear();
Response.Redirect("mycars.aspx");
Response.End();
}
// -------------------------------------------------------
Boolean MigrateExistingRows(String sAnonID, String sNewID) {
// migrate existing quotes in database for anonymous user
// to the new user ID they specified when registering
// specify the stored procedure name
String sProcName = "MigrateQuotes";
// create connection and command objects
SqlConnection sqlConn = new SqlConnection(sConnect);
SqlCommand sqlComm = new SqlCommand(sProcName, sqlConn);
sqlComm.CommandType = CommandType.StoredProcedure;
// add parameters to Command
sqlComm.Parameters.Add("@AnonUserID", sAnonID);
sqlComm.Parameters.Add("@NewUserID", sNewID);
try {
// execute the stored procedure
sqlConn.Open();
sqlComm.ExecuteNonQuery();
return true;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -