using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using SCard;
using System.Data.SqlClient;
public partial class admin_Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
lit.Text = "";
Session["adminName"] = null;
}
}
protected void btnRes_Click(object sender, EventArgs e)
{
txtPwd.Text = "";
txtUserName.Text = "";//用户名密码设置为空白
txtUserName.Focus();//用户名取得焦点
}
protected void btnOK_Click(object sender, EventArgs e)
{
string pwd=txtPwd.Text.ToString();
string uname=txtUserName.Text.ToString();
if (uname.Length == 0 || pwd.Length == 0)
{
lit.Text = "alert('用户名密码不能为空!')";
}
else
{
if (isAdmin(uname, pwd))
{
Session["adminName"] = uname;
Response.Redirect("Index.aspx");
}
else
{
lit.Text = "alert('用户名或者密码错误!')";
}
}
}
private bool isAdmin(string strAdmin, string strPassword)
{
bool bTemp = false;
strPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "MD5");
DBConn myDB = new DBConn();
string mySql = "select * from admin where username='" + strAdmin + "' and password='" + strPassword + "'";
SqlDataReader mydr = myDB.getDataReader(mySql);
if (mydr.Read())
{
bTemp = true;
}
else
{
bTemp = false;
}
mydr.Close();
myDB.Close();
return bTemp;
}
}
解决了因为我对密码进行加密了,在数据库中就找不到了;注释掉加密那句就解决了
// strPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "MD5");
首先isAdmin(uname, pwd) 方法返回false,那么你将断点打进去isAdmin 方法内,
看下string mySql = "select * from admin where username='" + strAdmin + "' and password='" + strPassword + "'"; 这句话的sql是什么
扔到自己的数据库内看下是否有,
我猜应该是没有的,因为你strPassword = FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "MD5");是加密过的,
FormsAuthentication.HashPasswordForStoringInConfigFile(strPassword, "MD5");
MD5加密最好带一个盐值~!自己断点检查下加密后字符串是什么吧
这个问题应该还是用户名和密码其中的一个有误的