zoukankan
html css js c++ java
一个登陆页面,包含了初始化用户,输入检测,错误处理等
<%
@ Page Language
=
"
C#
"
AutoEventWireup
=
"
true
"
CodeFile
=
"
Default.aspx.cs
"
Inherits
=
"
_Default
"
%>
<!
DOCTYPE html PUBLIC
"
-//W3C//DTD XHTML 1.0 Transitional//EN
"
"
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd
"
>
<
html xmlns
=
"
http://www.w3.org/1999/xhtml
"
>
<
head runat
=
"
server
"
>
<
title
>
无标题页
</
title
>
<
style type
=
"
text/css
"
>
<!--
#loginbk
{
640px;
height: 300px;
background
-
image: url(images
/
OA_logo.jpg);
position: relative;
top: 100px;
}
#login
{
margin
-
top: 205px;
font
-
size: 12px;
margin
-
left: 20px;
}
.boxInput
{
font
-
size: 12px;
border
-
bottom: black 1px solid;
border
-
top
-
style: none;
border
-
right
-
style: none;
border
-
left
-
style: none;
background
-
color: transparent;
}
#copyright
{
font
-
size: 12px;
color: black;
}
#alignbk
{
vertical
-
align: middle;
text
-
align: center;
}
#Validators
{
font
-
size: 12px;
vertical
-
align: middle;
text
-
align: center;
}
-->
</
style
>
</
head
>
<
body
>
<
form id
=
"
form1
"
runat
=
"
server
"
>
<
div id
=
"
Validators
"
>
<
asp:RequiredFieldValidator ID
=
"
RequiredFieldValidator1
"
runat
=
"
server
"
ErrorMessage
=
"
密码不能为空!
"
ControlToValidate
=
"
boxPassword
"
></
asp:RequiredFieldValidator
>
<
asp:Label ID
=
"
Alert
"
runat
=
"
server
"
Text
=
"
警告:
"
Visible
=
"
False
"
></
asp:Label
>
</
div
>
<
div id
=
"
alignbk
"
>
&
nbsp;
<
div id
=
"
loginbk
"
>
<
div id
=
"
login
"
>
<
table style
=
"
550px
"
>
<
tr
>
<
td style
=
"
16px
"
>
<
img src
=
"
images/AdminUser.gif
"
/></
td
>
<
td style
=
"
205px
"
>
帐号:
<
asp:TextBox ID
=
"
boxUserName
"
runat
=
"
server
"
CssClass
=
"
boxInput
"
></
asp:TextBox
></
td
>
<
td style
=
"
12px
"
>
<
img src
=
"
images/AdminPWD.gif
"
/></
td
>
<
td style
=
"
208px
"
>
密码:
<
asp:TextBox ID
=
"
boxPassword
"
runat
=
"
server
"
CssClass
=
"
boxInput
"
TextMode
=
"
Password
"
></
asp:TextBox
></
td
>
<
td style
=
"
100px
"
>
<
asp:ImageButton ID
=
"
btnLogin
"
runat
=
"
server
"
ImageUrl
=
"
~/images/AdminLogin.gif
"
OnClick
=
"
btnLogin_Click
"
/></
td
>
</
tr
>
</
table
>
</
div
>
<
div id
=
"
copyright
"
>
主办:
&
nbsp;
&
nbsp;
&
nbsp;
&
nbsp; Copyright
&
copy;
2006
<
a href
=
"
http://single.dlut.edu.cn
"
>
Single
</
a
>
All Rights
Reserved.
</
div
>
</
div
>
</
div
>
</
form
>
</
body
>
</
html
>
using
System;
using
System.Data;
using
System.Configuration;
using
System.Web;
using
System.Web.Security;
using
System.Web.UI;
using
System.Web.UI.WebControls;
using
System.Web.UI.WebControls.WebParts;
using
System.Web.UI.HtmlControls;
using
System.Data.SqlClient;
using
System.Text.RegularExpressions;
using
System.Collections;
public
partial
class
_Default : System.Web.UI.Page
{
protected
string
strConn
=
ConfigurationSettings.AppSettings[
"
strConnection
"
];
protected
int
numErr
=
5
;
//
初始化允许登陆出错的最大次数
protected
void
Page_Load(
object
sender, EventArgs e)
{
//
初始化帐号密码
//
*
//
InitializtionPWD();
//
*
if
(Session[
"
numErr
"
]
==
null
)
//
初始化错误次数记录数。
{
Session[
"
numErr
"
]
=
0
;
}
if
(
int
.Parse(Session[
"
numErr
"
].ToString())
>=
numErr)
{
btnLogin.Enabled
=
false
;
}
}
protected
void
btnLogin_Click(
object
sender, ImageClickEventArgs e)
{
if
(
int
.Parse(Session[
"
numErr
"
].ToString())
<
5
)
{
string
adminName
=
boxUserName.Text;
//
替换特殊字符',增添记录
if
(
!
CheckParams(adminName))
{
adminName
=
adminName.Replace(
"
\'
"
,
"
\'\'
"
);
//
adminName = adminName.Replace("=","\"=\"");
string
Insert
=
"
Insert INTO OA_BadIP(BadIP,BadString,CreatedTime) values('
"
+
Request.UserHostAddress
+
"
','危险用户名[
"
+
adminName
+
"
]尝试登陆!','
"
+
DateTime.Now
+
"
')
"
;
SqlConnection myConn2
=
new
SqlConnection(strConn);
SqlCommand myCommand2
=
new
SqlCommand(Insert, myConn2);
myConn2.Open();
myCommand2.ExecuteNonQuery();
myCommand2.Dispose();
myConn2.Close();
GoError(
"
请不要尝试破坏此系统!\\n你的计算机
"
+
Request.UserHostAddress
+
"
已经被记录!
"
);
}
//
建立数据库联接,验证用户!
string
password
=
FormsAuthentication.HashPasswordForStoringInConfigFile(boxPassword.Text,
"
SHA1
"
);
string
mySql
=
"
Select AdminPWD,AdminGroup,ColleageID From OA_Admin Where AdminName='
"
+
adminName
+
"
'
"
;
SqlConnection myConn
=
new
SqlConnection(strConn);
SqlCommand myCommand
=
new
SqlCommand(mySql, myConn);
myConn.Open();
SqlDataReader myReader;
myReader
=
myCommand.ExecuteReader();
if
(myReader.Read())
{
if
(password
==
myReader[
"
AdminPWD
"
].ToString())
{
Session[
"
AdminName
"
]
=
boxUserName.Text;
Session[
"
AdminGroup
"
]
=
myReader[
"
AdminGroup
"
].ToString();
Session[
"
ColleageID
"
]
=
myReader[
"
ColleageID
"
].ToString();
myReader.Close();
myConn.Close();
Response.Redirect(
"
mail.aspx
"
);
}
else
{
Session[
"
numErr
"
]
=
int
.Parse(Session[
"
numErr
"
].ToString())
+
1
;
Alert.Visible
=
true
;
Alert.Text
=
"
密码错误!你还有
"
+
(numErr
-
int
.Parse(Session[
"
numErr
"
].ToString())
+
1
)
+
"
次重试机会!
"
;
myReader.Close();
myConn.Close();
}
}
else
{
Session[
"
numErr
"
]
=
int
.Parse(Session[
"
numErr
"
].ToString())
+
1
;
Alert.Visible
=
true
;
Alert.Text
=
"
用户名不存在!你还有
"
+
(numErr
-
int
.Parse(Session[
"
numErr
"
].ToString())
+
1
)
+
"
次重试机会!
"
;
myReader.Close();
myConn.Close();
}
}
else
{
Alert.Visible
=
true
;
Alert.Text
=
"
错误记录达到最高上限,您在20分钟内无法登陆!
"
;
//
btnLogin.Enabled = false;
}
}
//
=====================================
//
下面的这段程序是初始化总管理员密码。
//
======================================
private
void
InitializtionPWD()
{
//
下面的这段程序是初始化管理员信息
//
帐号:admin
//
密码:admin
SqlConnection myConn
=
new
SqlConnection(strConn);
myConn.Open();
string
hashed
=
FormsAuthentication.HashPasswordForStoringInConfigFile(
"
admin
"
,
"
SHA1
"
);
string
strInsert
=
"
INSERT INTO OA_Admin(AdminName,AdminPWD,CreatedTime) Values('admin','
"
+
hashed
+
"
','
"
+
DateTime.Now
+
"
')
"
;
SqlCommand insert
=
new
SqlCommand(strInsert, myConn);
insert.ExecuteNonQuery();
insert.Dispose();
myConn.Close();
}
//
==============
//
错误提示!
//
==============
private
void
GoError(
string
strError)
{
Response.Write(
"
<script language=javascript>alert('
"
+
strError
+
"
\\n\\n系统将自动返回前一页面');history.back();</script>
"
);
}
//
===============================
//
过滤指定的字符,防止Sql注入。
//
=================================
bool
CheckParams(
params
object
[] args)
{
string
[] Lawlesses
=
{
"
=
"
,
"
'
"
}
;
if
(Lawlesses
==
null
||
Lawlesses.Length
<=
0
)
return
true
;
//
构造正则表达式,例:Lawlesses是=号和'号,则正则表达式为 .*[=}'].* (正则表达式相关内容请见MSDN)
//
另外,由于我是想做通用而且容易修改的函数,所以多了一步由字符数组到正则表达式,实际使用中,直接写正则表达式亦可;
string
str_Regex
=
"
.*[
"
;
for
(
int
i
=
0
; i
<
Lawlesses.Length
-
1
; i
++
)
str_Regex
+=
Lawlesses[i]
+
"
|
"
;
str_Regex
+=
Lawlesses[Lawlesses.Length
-
1
]
+
"
].*
"
;
//
foreach
(
object
arg
in
args)
{
if
(arg
is
string
)
//
如果是字符串,直接检查
{
if
(Regex.Matches(arg.ToString(), str_Regex).Count
>
0
)
return
false
;
}
else
if
(arg
is
ICollection)
//
如果是一个集合,则检查集合内元素是否字符串,是字符串,就进行检查
{
foreach
(
object
obj
in
(ICollection)arg)
{
if
(obj
is
string
)
{
if
(Regex.Matches(obj.ToString(), str_Regex).Count
>
0
)
return
false
;
}
}
}
}
return
true
;
}
}
查看全文
相关阅读:
2018年6月2号(线段树(2))
[朋友(dalao)们的友链](¦3[▓▓]让我安详的躺一会儿...
Hello,World
算法笔记:数论基础
[单源最短路]逃离僵尸岛
算法笔记:最小生成树
算法笔记:单调队列
算法笔记:高斯消元
[博客..配置?]博客园美化
[大模拟]LuoGu P2033 Chessboard Dance
原文地址:https://www.cnblogs.com/kokoliu/p/523622.html
最新文章
[bzoj] 牡牛和牝牛 题解
模板------模板
模拟费用流
后缀自动机(我太蒟了!)
P2046 [NOI2010]海拔
P4198 楼房重建
P3710 方方方的数据结构
P4848 崂山白花蛇草水
K-D tree 解决K远点对问题
P4135 作诗
热门文章
线段树维护二维平面中的线段
最小生成树
2018年8月14号(回顾spfa)
2018年8月9号(treap)
2018年6月8号(过河)
2018年6月7号(火柴排队)
2018年6月6号(P1541 乌龟棋)
2018年6月5号(离散化)
2018年6月4号(线段树(4))
2018年6月3号(线段树(3))
Copyright © 2011-2022 走看看