asp+mysql__不同类型用户登录

未防注入//0.0

 

/**
*这里代码应用场景为多类用户登录,根据用户选择不同的单选按钮判断用户登录的类型,
*从而进行不同的数据表进行判断,用户的用户名和密码是否正确。
*/
 1 public partial class _Default : System.Web.UI.Page 
 2 {   
 3     public string USER = "", PASSWORD = "";//过滤用户的输入
 4     public int TYPE = -1;//验证用户选择的类型,初始值-1
 5     protected void Page_Load(object sender, EventArgs e)
 6     {
 7         if (!IsPostBack)
 8         {
 9             username.Text = "";
10             password.Text = "";
11         }
12     }
13     protected void Button1_Click(object sender, EventArgs e)//判断用户选择的身份,进行相应的调用函数
14     {
15         switch (xz.SelectedValue)
16         {
17             case "1": login(1); break;
18             case "2": login(2); break;
19             case "3": login(3); break;
20         }
21     }
22     protected void Button2_Click(object sender, EventArgs e) //根据用户选择的身份,跳转到相应的注册页面
23     {
24         switch (xz.SelectedValue)
25         {
26             case "1":Server.Transfer("zhuce.aspx");  break;
27             case "2": Server.Transfer("teachaerzhuce.aspx");  break;
28             case "3": Response.Write("<script>alert('管理员注册未开放!');</script>"); break;
29         }
30         
31     }
32     protected void login(int TYPE)//传人用户选择的类型,执行不同的操作
33     {
34         string Type = "";
35         switch (TYPE)
36         {
37             case 1: Type = "同学"; break;
38             case 2: Type = "老师"; break;
39             case 3: Type = "adminsitrator"; break;
40         }
41         USER = username.Text;
42         PASSWORD = password.Text;
43         if (yz(TYPE, USER, PASSWORD))//调用yz()函数进行判断
44         {
45             if (Type != "adminsitrator")
46             Response.Write("<script>alert('欢迎 " + Type + " 回家!');</script>");
47             Session["id"] = USER.ToString() ;
48             Session["bz"] = "yes";//标志
49             switch (TYPE)
50             {
51                 case 1: Server.Transfer("students.aspx"); break;
52                 case 2: Server.Transfer("teacher.aspx"); break;
53                 case 3: Response.Write("<script>alert('Sorry,administrator 回家了!');</script>");  break;
54             }
55         }
56         else
57         {
58             Response.Write("<script>alert('sorry,username or password error!');</script>");
59 
60         }
61 
62     }
63     protected bool yz(int TYPE, string USER, string PASSWORD)//根据选则的用户身份,进行验证数据库,成功TRUE,失败FALSE
64     {
65         string Type = "";
66         switch (TYPE)
67         {
68             case 1: Type = "stu_"; break;
69             case 2: Type = "tea_"; break;
70             case 3: Type = "admin_"; break;
71         }
72         string sqlstr = "select * from " + Type + " where " + Type + "user='" + USER + "' and " + Type + "pass='" + DB.MD5Encrypt(PASSWORD) + "';";
73         DB db = new DB();//DB类用来对数据库的操作
74       
75         MySqlDataReader selectcom = db.Select1(sqlstr);
76         while (selectcom.Read())
77         {
78             return true;
79         }
80         return false;
81     }
82 }

 

posted @ 2016-03-26 20:34  马丁黄瓜啊  阅读(2306)  评论(0编辑  收藏  举报