前台代码:
<form id="form1" runat="server"> <center> <div> <asp:AccessDataSource ID="AccessDataSource1" runat="server" DataFile="pro.mdb" SelectCommand="SELECT [username], [userpwd], [userrole] FROM [973user]"></asp:AccessDataSource> <asp:Login ID="Login1" runat="server" BackColor="#EFF3FB" BorderColor="#B5C7DE" BorderPadding="4" BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="1em" ForeColor="#333333" Height="150px" PasswordLabelText="密 码:" TitleText="项目管理登录" Width="240px" OnAuthenticate="Login1_Authenticate"> <TitleTextStyle BackColor="#507CD1" Font-Bold="True" Font-Size="0.9em" ForeColor="White" /> <InstructionTextStyle Font-Italic="True" ForeColor="Black" /> <TextBoxStyle Font-Size="1em" /> <LoginButtonStyle BackColor="White" BorderColor="#507CD1" BorderStyle="Solid" BorderWidth="1px" Font-Names="Verdana" Font-Size="1em" ForeColor="#284E98" /> <LayoutTemplate> <table border="0" cellpadding="4" cellspacing="0" style="border-collapse: collapse" mce_style="border-collapse: collapse"> <tr> <td> <table border="0" cellpadding="0" style="width: 240px; height: 150px"> <tr> <td align="center" colspan="2" style="font-weight: bold; font-size: 0.9em; color: white;background-color: #507cd1" mce_style="font-weight: bold; font-size: 0.9em; color: white;background-color: #507cd1"> <h5>项目管理登录</h5> </td> </tr> <tr> <td align="center" style="width:50px;"> <asp:Label ID="UserNameLabel" runat="server" AssociatedControlID="UserName">用户名</asp:Label></td> <td align="left"> <asp:TextBox ID="UserName" runat="server" Font-Size="1em" CssClass="input"></asp:TextBox> <asp:RequiredFieldValidator ID="UserNameRequired" runat="server" ControlToValidate="UserName" ErrorMessage="必须填写“用户名”。" ToolTip="必须填写“用户名”。" ValidationGroup="Login1">*</asp:RequiredFieldValidator> </td> </tr> <tr> <td align="center" style="width:50px;"> <asp:Label ID="PasswordLabel" runat="server" AssociatedControlID="Password">密 码</asp:Label></td> <td align="left"> <asp:TextBox ID="Password" runat="server" Font-Size="1em" TextMode="Password" CssClass="input"></asp:TextBox> <asp:RequiredFieldValidator ID="PasswordRequired" runat="server" ControlToValidate="Password" ErrorMessage="必须填写“密码”。" ToolTip="必须填写“密码”。" ValidationGroup="Login1">*</asp:RequiredFieldValidator> </td> </tr> <tr> <td align="center" style="width:50px;"> <asp:Label ID="Label1" runat="server" AssociatedControlID="Password">验证码</asp:Label></td> <td align="left"> <asp:TextBox ID="GetCode" runat="server" CssClass="input"></asp:TextBox> <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="Password" ErrorMessage="必须填写“验证码”。" ToolTip="必须填写“验证码”。" ValidationGroup="Login1">*</asp:RequiredFieldValidator><asp:Image ID="Image1" runat="server" ImageUrl="~/include/GetImageCode.aspx" ImageAlign="Top" alt="看不清?点击更换" onclick="this.src=this.src+'?'" /> </td> </tr> <tr> <td align="center" colspan="2" style="color: red" mce_style="color: red"> <asp:Literal ID="FailureText" runat="server" EnableViewState="False"></asp:Literal> </td> </tr> <tr> <td align="center" colspan="2"> <asp:Button ID="LoginButton" runat="server" BackColor="White" BorderColor="#507CD1" BorderStyle="Solid" BorderWidth="1px" CommandName="Login" Font-Names="Verdana" Font-Size="1em" ForeColor="#284E98" Text="登录" ValidationGroup="Login1" /> </td> </tr> </table> </td> </tr> </table> </LayoutTemplate> </asp:Login> </div> </center> </form>
后台代码:
protected void Page_Load(object sender, EventArgs e) { Response.Cookies.Add(new HttpCookie("CheckCode", "")); } protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) { TextBox GetCode = Login1.FindControl("GetCode") as TextBox;//获取登陆控件中验证码文本框值 if (Request.Cookies["CheckCode"].Value == null) { Response.Write(@"<mce:script language=JavaScript><!-- {window.alert('您的浏览器设置已被禁用 Cookies,您必须设置浏览器允许使用 Cookies 选项后才能使用本系统!');} // --></mce:script>"); return; } else { if (String.Compare(Request.Cookies["CheckCode"].Value, GetCode.Text.ToString().Trim(), true) != 0) { Response.Write(@"<mce:script language=JavaScript><!-- {window.alert('验证码输入不正确!');} // --></mce:script>"); return; } string UserLoginID = Login1.UserName.ToString().Trim().Replace("'", "").Replace("=", "");//得到输入的用户名 string UserLoginPwd = Login1.Password.ToString().Trim().Replace("'", "").Replace("=", "");//得到输入的密码 //得到md5值 string md5Pwd = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(UserLoginPwd, "md5").ToLower(); StringBuilder sb = new StringBuilder(); sb.Append("select username,userpwd,lastlogintime,lastloginip,logintimes from [973user] where [username]=@username and [userpwd]=@userpwd and userrole=2"); OleDbParameter[] param = { OleDbHelper.GetParameter("username",OleDbType.Char,UserLoginID), OleDbHelper.GetParameter("userpwd",OleDbType.Char,md5Pwd) }; //下面部署自己的逻辑处理,以下仅供参考 try { DataTable table = OleDbHelper.ExecuteDt(sb.ToString(), param); if (table.Rows.Count==0) { e.Authenticated = false;//登录不通过 } else { Session.Timeout = 60; Session["lastlogintime"] = table.Rows[0]["lastlogintime"].ToString(); Session["lastloginip"] = table.Rows[0]["lastloginip"].ToString(); Session["logintimes"] = table.Rows[0]["logintimes"].ToString(); string userData = Session["lastlogintime"] + "#" + Session["lastloginip"] + "#" + Session["logintimes"]; FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, UserLoginID, DateTime.Now, DateTime.Now.AddMinutes(60), false, userData, FormsAuthentication.FormsCookiePath); string encTicket = FormsAuthentication.Encrypt(ticket); HttpCookie newCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encTicket); HttpContext.Current.Response.Cookies.Add(newCookie); string visitIP = Request.ServerVariables["REMOTE_ADDR"].ToString(); sb = new StringBuilder(); sb.Append("update 973user set lastlogintime='" +DateTime.Now+"',lastloginip=@lastloginip,logintimes=logintimes+1 where username=@username"); OleDbParameter[] param1 = { OleDbHelper.GetParameter("lastloginip",OleDbType.Char,15,"lastloginip",visitIP), OleDbHelper.GetParameter("username",OleDbType.Char,20,"username",UserLoginID) }; OleDbHelper.ExecuteSql(sb.ToString(), param1); e.Authenticated = true;//登录通过 Response.Redirect("admin_index.aspx"); } } catch (Exception ex) { Login1.FailureText = "数据库错误,错误原因:" + ex.Message; e.Authenticated = false; } } }