登陆

    <table cellpadding="0" cellspacing="0" style="width: 280px;" class="UsertdColor">
                    <tr>
                        <td style="vertical-align: bottom; height: 35px; text-align: center; width: 280px;">
                            <aspUser:UserText Caption="登录名称" ID="txtLoginName" ClientInstanceName="txtLoginName"
                                runat="server" ValidationExpression="<%$ appSettings:登录名称 %>" ValidationToolTip="<%$ appSettings:登录名称Hint %>"
                                ValidationGroup="Login" IsNotNull="true" ClientValueChanged="ShowAuthentication();" />
                        </td>
                    </tr>
                    <tr>
                        <td style="vertical-align: bottom; height: 35px; text-align: center; width: 280px;">
                            <aspUser:UserText Caption="登录密码" ID="txtPsw" runat="server" ValidationExpression="<%$ appSettings:登录密码 %>"
                                ValidationToolTip="<%$ appSettings:登录密码Hint %>" IsPassword="true" ValidationGroup="Login" onpaste="return false"
                                IsNotNull="true" />
                        </td>
                    </tr>
                </table>

后台:

    protected void butLongin_Click(object sender, EventArgs e)
    {
        if (txtLoginName.Text.Trim().Contains("'")
            || txtLoginName.Text.Trim().Contains(" ")
            || txtLoginName.Text.Trim().Contains("=")
            || txtLoginName.Text.Trim().ToLower().Contains(" or "))
        {
            lblLogin.Text = "系统不存在当前用户登录名称!";
            ErrorStat();
            return;
        }
        if (txtPsw.Text.Trim().Contains("'")
            || txtPsw.Text.Trim().Contains(" ")
            || txtPsw.Text.Trim().Contains("=")
            || txtPsw.Text.Trim().ToLower().Contains(" or "))
        {
            lblLogin.Text = "用户登录密码输入不正确!";
            ErrorStat();
            return;
        }
        string strsql = "select * from UserInfo where IsDeleted=0 and  LoginName ='" + txtLoginName.Text.Trim() + "'";
        DataTable tab = new DataTable();
        strsql = ZZ.Conn.Connection.getSqlTable(strsql, tab);

        if (strsql != string.Empty || tab == null)
        {
            PublicClass.setMessage(this, strsql);
            return;
        }
        if (tab.Rows.Count > 1 || tab.Rows.Count < 1)
        {
            lblLogin.Text = "系统不存在当前用户登录名称!";
            ErrorStat();
            return;
        }

        string User_ID = tab.Rows[0]["ID"].ToString().Trim();
        string LoginName = tab.Rows[0]["LoginName"].ToString().Trim();
        string authMess = proceAuthentication(User_ID, LoginName);

      if (tab.Rows[0]["Password"].ToString().Trim() != txtPsw.Text.Trim())
        {
            lblLogin.Text = "当前用户密码输入不正确!";
            ErrorStat();
            AuthMessMethod(authMess);
            return;
        }
string userName = tab.Rows[0]["UserName"].ToString().Trim();
        string passWord = tab.Rows[0]["PassWord"].ToString().Trim();

        Session["UserID"] = User_ID;
        Session["UserName"] = userName;
        Session["LoginName"] = LoginName;
        Session["PassWord"] = passWord;
        string sql = @"SELECT ManpowerEmployee.Name FROM ManpowerPosition INNER JOIN ManpowerEmployee ON 
ManpowerEmployee.ID = ManpowerPosition.ManpowerEmployee_ID 
WHERE ManpowerPosition.ManpowerPositionType_ID IN (100,101) AND ManpowerEmployee.Name ='" + userName + "'";
        string UserPowerName = ZZ.Conn.Connection.getSqlValue(sql);
        if (tab.Rows[0]["IsChanges"].ToString().Trim() != "1")
        {
            HttpContext.Current.Session["ModuleName"] = "用户信息管理";

            Response.Redirect("ManpowerManage/SysUserManageEdit.aspx?type=3&UserId=" + User_ID + "&changetype=1");
        }
        if (UserPowerName != string.Empty)
        {

            string InsertSql = "exec InsertLive  '" + UserPowerName + "' ";

            using (SqlConnection con = new SqlConnection(ZZ.Conn.Connection.getDSN()))
            {
                using (SqlCommand cmd = new SqlCommand(InsertSql, con))
                {
                    con.Open();
                    int val = cmd.ExecuteNonQuery();
                    con.Close();
                }

            }
        }

       
        Response.Redirect("~/Default.aspx");
    }

 

posted @ 2015-06-06 16:49  清空回声  阅读(185)  评论(0编辑  收藏  举报