<table cellpadding="0" cellspacing="0" style=" 280px;" class="UsertdColor"> <tr> <td style="vertical-align: bottom; height: 35px; text-align: center; 280px;"> <aspUser:UserText Caption="登录名称" ID="txtLoginName" ClientInstanceName="txtLoginName" runat="server" ValidationExpression="<%$ appSettings:登录名称 %>" ValidationToolTip="<%$ appSettings:登录名称Hint %>" ValidationGroup="Login" IsNotNull="true" ClientValueChanged="ShowAuthentication();" /> </td> </tr> <tr> <td style="vertical-align: bottom; height: 35px; text-align: center; 280px;"> <aspUser:UserText Caption="登录密码" ID="txtPsw" runat="server" ValidationExpression="<%$ appSettings:登录密码 %>" ValidationToolTip="<%$ appSettings:登录密码Hint %>" IsPassword="true" ValidationGroup="Login" onpaste="return false" IsNotNull="true" /> </td> </tr> </table>
后台:
protected void butLongin_Click(object sender, EventArgs e) { if (txtLoginName.Text.Trim().Contains("'") || txtLoginName.Text.Trim().Contains(" ") || txtLoginName.Text.Trim().Contains("=") || txtLoginName.Text.Trim().ToLower().Contains(" or ")) { lblLogin.Text = "系统不存在当前用户登录名称!"; ErrorStat(); return; } if (txtPsw.Text.Trim().Contains("'") || txtPsw.Text.Trim().Contains(" ") || txtPsw.Text.Trim().Contains("=") || txtPsw.Text.Trim().ToLower().Contains(" or ")) { lblLogin.Text = "用户登录密码输入不正确!"; ErrorStat(); return; } string strsql = "select * from UserInfo where IsDeleted=0 and LoginName ='" + txtLoginName.Text.Trim() + "'"; DataTable tab = new DataTable(); strsql = ZZ.Conn.Connection.getSqlTable(strsql, tab); if (strsql != string.Empty || tab == null) { PublicClass.setMessage(this, strsql); return; } if (tab.Rows.Count > 1 || tab.Rows.Count < 1) { lblLogin.Text = "系统不存在当前用户登录名称!"; ErrorStat(); return; } string User_ID = tab.Rows[0]["ID"].ToString().Trim(); string LoginName = tab.Rows[0]["LoginName"].ToString().Trim(); string authMess = proceAuthentication(User_ID, LoginName); if (tab.Rows[0]["Password"].ToString().Trim() != txtPsw.Text.Trim()) { lblLogin.Text = "当前用户密码输入不正确!"; ErrorStat(); AuthMessMethod(authMess); return; } string userName = tab.Rows[0]["UserName"].ToString().Trim(); string passWord = tab.Rows[0]["PassWord"].ToString().Trim(); Session["UserID"] = User_ID; Session["UserName"] = userName; Session["LoginName"] = LoginName; Session["PassWord"] = passWord; string sql = @"SELECT ManpowerEmployee.Name FROM ManpowerPosition INNER JOIN ManpowerEmployee ON ManpowerEmployee.ID = ManpowerPosition.ManpowerEmployee_ID WHERE ManpowerPosition.ManpowerPositionType_ID IN (100,101) AND ManpowerEmployee.Name ='" + userName + "'"; string UserPowerName = ZZ.Conn.Connection.getSqlValue(sql); if (tab.Rows[0]["IsChanges"].ToString().Trim() != "1") { HttpContext.Current.Session["ModuleName"] = "用户信息管理"; Response.Redirect("ManpowerManage/SysUserManageEdit.aspx?type=3&UserId=" + User_ID + "&changetype=1"); } if (UserPowerName != string.Empty) { string InsertSql = "exec InsertLive '" + UserPowerName + "' "; using (SqlConnection con = new SqlConnection(ZZ.Conn.Connection.getDSN())) { using (SqlCommand cmd = new SqlCommand(InsertSql, con)) { con.Open(); int val = cmd.ExecuteNonQuery(); con.Close(); } } } Response.Redirect("~/Default.aspx"); }