protected void BtnLogin_Click(object sender, EventArgs e) { string ConStr = ConfigurationManager.ConnectionStrings["ConStr"].ToString(); string GetNameSql = "SELECT [Title] FROM [dbo].[Info] WHERE [Title]='" + this.TxtName.Text+"'"; string GetPwdSql = "SELECT [Details] FROM [dbo].[Info] WHERE [Details]='" + this.Txtpwd.Text + "'"; string Name = string.Empty; string Pwd = string.Empty; using(SqlConnection conn=new SqlConnection(ConStr)) { conn.Open(); SqlCommand Pwdcomm = new SqlCommand(GetPwdSql, conn); Pwd = Convert.ToString(Pwdcomm.ExecuteScalar()); SqlCommand Namecomm = new SqlCommand(GetNameSql,conn); Name = Convert.ToString(Namecomm.ExecuteScalar()); if (Name == this.TxtName.Text && Pwd == this.Txtpwd.Text) { Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('登陆成功!');</script>"); } else { Response.Write("<script>alert('登陆失败!');</script>"); //Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('登陆失败!');</script>"); } if ((Name == this.TxtName.Text && Pwd != this.Txtpwd.Text) || (Name != this.TxtName.Text && Pwd == this.Txtpwd.Text)) { Session["count"] = Convert.ToInt32(Session["count"]) + 1; } if (Convert.ToInt32(Session["count"]) > 3) { string UpdateTime = "SELECT Datediff(minute, [LoginDate], GetDate()) FROM [Info] WHERE Title='" + this.TxtName.Text+"'"; SqlCommand comm = new SqlCommand(UpdateTime,conn); string countMiuntes=(30-Convert.ToInt32(comm.ExecuteScalar())).ToString(); if (Convert.ToInt32(countMiuntes) > 0) { Page.ClientScript.RegisterStartupScript(this.GetType(), "", "<script>alert('登陆超过三次失败!距离解禁还有" + countMiuntes + "分钟');</script>"); } if (Convert.ToInt32(countMiuntes) <= 0) { string GetNowTime = "UPDATE [Info] SET [LoginDate]='" + DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss") + "' WHERE Title='" + this.TxtName.Text + "'"; SqlCommand commtime = new SqlCommand(GetNowTime, conn); if (commtime.ExecuteNonQuery() > 0) { Session.RemoveAll(); } } } } }