using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
using System.Text;
public partial class userlogins : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnclike_Click(object sender, EventArgs e)
{
string username = txtuserName.Text.Trim();
string userpwd = txtPwd.Text.Trim();
string roles = "";
//判断用户是否存在
if (string.IsNullOrEmpty(username))
{
Response.Write("请输入用户名!");
return;
}
if (string.IsNullOrEmpty(userpwd))
{
Response.Write("请输入密码!");
return;
}
if (checkUser(username, userpwd))
{
roles =Convert.ToString( rolesname(username));
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, System.DateTime.Now, System.DateTime.Now.AddDays(2), false, roles);
Response.Cookies[FormsAuthentication.FormsCookieName].Value = FormsAuthentication.Encrypt(ticket);
Response.Redirect("admin/Massage.aspx");
}
}
//判断用户名是否在数据库中
public bool checkUser(string username,string userpwd)
{
SqlConnection con = new SqlConnection("server=.;uid=sa;pwd=sa;database=Users");
SqlCommand cmd = new SqlCommand(@"if exists (select *from Users where userName=@username and userpwd=@userpwd)
begin
select 1
end
else
begin
select 0
end", con);
SqlParameter[] par = new SqlParameter[]
{
new SqlParameter("@username",username),
new SqlParameter("@userpwd",userpwd)
};
if (par != null)
{
foreach (SqlParameter p in par)
{
cmd.Parameters.Add(p);
}
}
con.Open();
int i =Convert.ToInt32( cmd.ExecuteScalar());
con.Close();
if (i == 1)
{
return true;
}
else
{
return false;
}
}
public string rolesname(string username)
{
SqlConnection con = new SqlConnection("server=.;uid=sa;pwd=sa;database=Users");
SqlCommand cmd = new SqlCommand(@"select c.roleName from UserInRole a inner join Users b on a.userid=b.userid
inner join Roles c on a.roleid=c.roleId and b.userName=@username", con);
SqlParameter par = new SqlParameter("@username", username);
cmd.Parameters.Add(par);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataTable dt = new DataTable();
da.Fill(dt);
con.Open();
SqlDataReader dr = cmd.ExecuteReader();
StringBuilder sb=new StringBuilder();
string roles = "";
if (dr.Read())
{
for (int i = 0; i < dt.Rows.Count; i++)
{
roles = sb.Append(dt.Rows[i]["roleName"].ToString() + ",").ToString();
}
}
con.Close();
return roles;
}
}