adminlogin.aspx.cs

本程序基于 asp.net 2.0 +sql server 2

using System;
using System.Data;
using System.Configuration;
using System.Collections;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using lalablog;
public partial class admin_adminLogin : System.Web.UI.Page
{
    string username, password;
    string loginip;
    DateTime logintime;

    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["admin"] != null)
            Response.Redirect("adminBlog.aspx");
        tb_username.Focus();
    }


    private void addlogin()
    {

        this.loginip = Request.UserHostAddress;
        this.logintime = DateTime.Now;

        string strconn = ConfigurationManager.ConnectionStrings["dsn"].ToString();
        SqlConnection cn = new SqlConnection(strconn);
        cn.Open ();
        string sql = "update admin_user set loginip='" + this.loginip + "'";
        sql += ",logintime='" + this.logintime + "'";

        SqlCommand cm = new SqlCommand(sql, cn);

        try
        {
            cm.ExecuteNonQuery();
        }
        catch (SqlException ex)
        { }
        finally
        {
            cn.Close();
        }
    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        msg.Text = login();
        Response .Redirect ("adminBlog.aspx");
    }

    private string login()
    {
         username = Server.HtmlEncode(tb_username.Text );
       password = Server.HtmlEncode(tb_password.Text );
        password = FormsAuthentication.HashPasswordForStoringInConfigFile(password, "SHA1");

        string strconn = ConfigurationManager.ConnectionStrings["dsn"].ToString();
        SqlConnection cn = new SqlConnection(strconn);
        string sql = "select adminid,username,password from admin_user where username='" + this.username + "'";

        try
        {
            cn.Open();
            SqlCommand cm = new SqlCommand(sql, cn);
            SqlDataReader dr = cm.ExecuteReader();

            //如果读到记录，说明用户名已存在
            if (dr.Read())
                if (dr["password"].ToString() == this.password)
                {                    
                    Session["admin"] = dr["adminid"].ToString();
                    this.addlogin();
                    return "success";
                }//用户名存在且密码正确
                else
                    return "password not correct";  //密码不正确
            else
                return "用户不存在";   //用户名不存在

        }
        catch (Exception ex)
        {
            return ex.Message;
        }
        finally
        {
            cn.Close();
        }
    }
}