web.config中
<appSettings>
<!--user login-->
<add key="userName" value="sa|analyst"/>
<add key="userPwd" value="123456|123456"/>
</appSettings>
网站服务器代码
protected void IbtnEnter_Click(object sender, ImageClickEventArgs e)
{
string[] userName = System.Configuration.ConfigurationManager.AppSettings["userName"].ToString().Split('|');
string[] userPwd = System.Configuration.ConfigurationManager.AppSettings["userPwd"].ToString().Split('|');
for (int i = 0; i < userName.Length; i++)
{
if (DelSQLStr(TxtUserName.Text.Trim()) == userName[i])
{
if (SetMD5(DelSQLStr(TxtPassword.Text.Trim()),"MD5") == userPwd[i])
{
Session["userName"] = userName[i];
Response.Write("<script>parent.location.href='/admin/index.aspx';</script>");
break;
}
else
{
Response.Write("<script>alert('密码错误!')</script>");
}
}
else
{
Response.Write("<script>alert('用户名错误!')</script>");
}
}
}
/// <summary>
/// sql注入简单过滤
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
string DelSQLStr(string str)
{
if (str == null || str == "")
return "";
str = str.Replace(";", "");
str = str.Replace("'", "");
str = str.Replace("&", "");
str = str.Replace("%20", "");
str = str.Replace("--", "");
str = str.Replace("==", "");
str = str.Replace("<", "");
str = str.Replace(">", "");
str = str.Replace("%", "");
str = str.Replace("+", "");
str = str.Replace("-", "");
str = str.Replace("=", "");
str = str.Replace(",", "");
return str;
}
/// <summary>
/// MD5加密
/// </summary>
/// <param name="pwd"></param>
/// <param name="type"></param>
/// <returns></returns>
string SetMD5(string pwd, string type)
{
return System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(pwd, type);
}