asp+mysql__不同类型用户登录
未防注入//0.0
/**
*这里代码应用场景为多类用户登录,根据用户选择不同的单选按钮判断用户登录的类型,
*从而进行不同的数据表进行判断,用户的用户名和密码是否正确。
*/
1 public partial class _Default : System.Web.UI.Page 2 { 3 public string USER = "", PASSWORD = "";//过滤用户的输入 4 public int TYPE = -1;//验证用户选择的类型,初始值-1 5 protected void Page_Load(object sender, EventArgs e) 6 { 7 if (!IsPostBack) 8 { 9 username.Text = ""; 10 password.Text = ""; 11 } 12 } 13 protected void Button1_Click(object sender, EventArgs e)//判断用户选择的身份,进行相应的调用函数 14 { 15 switch (xz.SelectedValue) 16 { 17 case "1": login(1); break; 18 case "2": login(2); break; 19 case "3": login(3); break; 20 } 21 } 22 protected void Button2_Click(object sender, EventArgs e) //根据用户选择的身份,跳转到相应的注册页面 23 { 24 switch (xz.SelectedValue) 25 { 26 case "1":Server.Transfer("zhuce.aspx"); break; 27 case "2": Server.Transfer("teachaerzhuce.aspx"); break; 28 case "3": Response.Write("<script>alert('管理员注册未开放!');</script>"); break; 29 } 30 31 } 32 protected void login(int TYPE)//传人用户选择的类型,执行不同的操作 33 { 34 string Type = ""; 35 switch (TYPE) 36 { 37 case 1: Type = "同学"; break; 38 case 2: Type = "老师"; break; 39 case 3: Type = "adminsitrator"; break; 40 } 41 USER = username.Text; 42 PASSWORD = password.Text; 43 if (yz(TYPE, USER, PASSWORD))//调用yz()函数进行判断 44 { 45 if (Type != "adminsitrator") 46 Response.Write("<script>alert('欢迎 " + Type + " 回家!');</script>"); 47 Session["id"] = USER.ToString() ; 48 Session["bz"] = "yes";//标志 49 switch (TYPE) 50 { 51 case 1: Server.Transfer("students.aspx"); break; 52 case 2: Server.Transfer("teacher.aspx"); break; 53 case 3: Response.Write("<script>alert('Sorry,administrator 回家了!');</script>"); break; 54 } 55 } 56 else 57 { 58 Response.Write("<script>alert('sorry,username or password error!');</script>"); 59 60 } 61 62 } 63 protected bool yz(int TYPE, string USER, string PASSWORD)//根据选则的用户身份,进行验证数据库,成功TRUE,失败FALSE 64 { 65 string Type = ""; 66 switch (TYPE) 67 { 68 case 1: Type = "stu_"; break; 69 case 2: Type = "tea_"; break; 70 case 3: Type = "admin_"; break; 71 } 72 string sqlstr = "select * from " + Type + " where " + Type + "user='" + USER + "' and " + Type + "pass='" + DB.MD5Encrypt(PASSWORD) + "';"; 73 DB db = new DB();//DB类用来对数据库的操作 74 75 MySqlDataReader selectcom = db.Select1(sqlstr); 76 while (selectcom.Read()) 77 { 78 return true; 79 } 80 return false; 81 } 82 }
