第十一节 10图片权限控制
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><head runat="server"> <title></title></head><body> <form id="form1" runat="server"> 用户名: <asp:TextBox ID="tb_username" runat="server"></asp:TextBox> <br /> <br /> 密 码: <asp:TextBox ID="tb_password" runat="server" TextMode="Password"></asp:TextBox> <br /> <br /> <asp:Label ID="error" runat="server" Text="" style="color:red"></asp:Label> <br /> <br /> <asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="登 陆" /> </form></body></html> |
using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;using System.Data.SqlClient;using System.Data;/* 练习: 用户表增加一个级别字段,只有登妹用户才能下载images下的图片文件(session中标识是否登陆) * 如查用户没有登陆则首先重定向到登录界面让用户登录 * 用户登妹成功则跳转到下载列表页面,下载链接固定写好即可,如果登录用户是普通用户则在图片左上角加上"免费用户试用"的字样 * * */public partial class _Default : System.Web.UI.Page{ protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { string _username = tb_username.Text; string _password = tb_password.Text; if (_username != "" && _password != "") { //string[] info = this.Db_GetUsersByusername(_username); //SqlDataReader userinfo = this.Db_GetUsersByusername(_username); //string myusername = userinfo.GetString(userinfo.GetOrdinal("username")); //Console.Write(myusername); /*string myusername = userinfo.GetString(userinfo.GetOrdinal("username")); string mypasswrd = userinfo.GetString(userinfo.GetOrdinal("password")); Response.Write("提交成功!"); Console.Write("用户名:"+myusername+", 密码为:"+mypasswrd);*/ DataTable table = this.Db_GetUsersByusername(_username); if (table.Rows.Count == 1) { /*Response.Write("一共有多少行数据: " + table.Rows.Count); DataRow row = table.Rows[0]; string name = Convert.ToString(row["username"]); Response.Write("用户名:" + name);*/ //error.Text = "用户名存在"; //error.Visible = false; //判断密码是否正确 DataRow row = table.Rows[0]; string name = Convert.ToString(row["username"]); string password = Convert.ToString(row["password"]); Int64 uid = Convert.ToInt64(row["id"]); //int errornumber = 0; //if (row["errornumber"] != DBNull.Value) //errornumber = //DateTime errortime = 0; // Convert.IsDBNull(row["errortime"]) //int? errornumber = ; //DateTime? errortime = Convert.ToDateTime(row["errortime"]); //Response.End(); if (Convert.IsDBNull(row["errortime"]) != true && Convert.IsDBNull(row["errornumber"]) != true) { int errornumber = Convert.ToInt32(row["errornumber"]); DateTime errortime = Convert.ToDateTime(row["errortime"]); //计算当前时间和上次错误时间之间差的分钟数 double span = (DateTime.Now - errortime).TotalMinutes; if (errornumber > 5 & span <= 30) { error.Text = "错误次数过多,30分钟后再重试!"; error.Visible = true; return; } } if (password == _password) { Session["islong"] = true; Session["uid"] = uid; Response.Redirect("DownloadList.htm"); }else { //增加防暴力,重复错误5次,就锁定帐户半个小时(错误次数,上次错误时间) bool result = this.Db_UpdateErrorById(_username); if (result == true) { error.Text = "操作成功 密码错误!"; } else { error.Text = "操作失败 密码错误!"; } error.Visible = true; } }else { error.Text = "用户名不存在"; error.Visible = true; } } } public bool Db_UpdateErrorById(string username) { DataSet dataset = new DataSet(); using (SqlConnection conn = new SqlConnection(@"Data Source=.SQLEXPRESS;AttachDbFilename=E:MyProjectsC#net传智播客第十一节asp.net中级10图片权限控制App_DataDatabase.mdf;Integrated Security=True;User Instance=True")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { string daytime = DateTime.Now.ToString(); cmd.CommandText = "update T_Users SET errornumber = errornumber + 1, errortime='" + daytime + "' WHERE username='"+username+"'"; //cmd.Parameters.Add(new SqlParameter("_username", username)); //我日啊,用Sqlparameter今天晚上就是执行不过去 //cmd.Parameters.Add(new SqlParameter("iusername", username)); int val = cmd.ExecuteNonQuery(); if (val == 1) return true; else return false; } } } //取得用户名是否存在函数, 返回一个数组 //public string[] Db_GetUsersByusername(string username) public DataTable Db_GetUsersByusername(string username) { //string[] info = new string[2]; //定义一个长度为2的字符串数组,来保存用户名和密码 //SqlDataReader reader; DataSet dataset = new DataSet(); using (SqlConnection conn = new SqlConnection(@"Data Source=.SQLEXPRESS;AttachDbFilename=E:MyProjectsC#net传智播客第十一节asp.net中级10图片权限控制App_DataDatabase.mdf;Integrated Security=True;User Instance=True")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { cmd.CommandText = "select * FROM T_Users where username=@username"; cmd.Parameters.Add(new SqlParameter("username",username)); //DataSet dataset = new DataSet(); SqlDataAdapter adapter = new SqlDataAdapter(cmd); adapter.Fill(dataset); return dataset.Tables[0]; //using (SqlDataReader reader = cmd.ExecuteReader()) //{ //if (reader.Read()) //{ //string _username = reader.GetString(reader.GetOrdinal("username")); //string _passwrd = reader.GetString(reader.GetOrdinal("password")); //info[0] = _username; //info[1] = _passwrd; //return reader; //} //} } } //return dataset; //return reader; //return info; }} |
<%@ WebHandler Language="C#" Class="DownloadPic" %>using System;using System.Web;using System.Web.SessionState;using System.Data.SqlClient;using System.Data;using System.Drawing;using System.Drawing.Imaging;using System.Web.SessionState;public class DownloadPic : IHttpHandler, IRequiresSessionState { public void ProcessRequest (HttpContext context) { //context.Response.ContentType = "text/plain"; //context.Response.Write("Hello World"); //bool islong = bool(context.Session["islong"]); if (context.Session["islong"] == null) { context.Response.Redirect("Default.aspx"); //如果没有登陆,直接跳回页面 } else { string picname = context.Request["picname"]; int userId = Convert.ToInt32(context.Session["uid"]); DataTable table = this.Db_GetUsersByusername(userId); //context.Response.End(); context.Response.ContentType = "image/JPEG"; string encodeFileName = HttpUtility.UrlEncode(picname); //context.Response.AddHeader("Content-Disposition", string.Format("attachment; filename="{0}"", encodeFileName)); if (table.Rows.Count == 1) { DataRow row = table.Rows[0]; int level = (int)row["level"]; string username = (string)row["username"]; if (level == 1) //正式会员 { context.Response.WriteFile(picname); } else { //普通会员 using (Bitmap bitmap = new Bitmap(context.Server.MapPath(picname))) { using (Graphics g = Graphics.FromImage(bitmap)) { g.DrawString("免费用户试用-" + username, new Font("宋体", 20), System.Drawing.Brushes.Green, new System.Drawing.PointF(0, 0)); } bitmap.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg); } } } } } //取得用户名是否存在函数, 返回一个数组 public DataTable Db_GetUsersByusername(Int64 userid) { DataSet dataset = new DataSet(); using (SqlConnection conn = new SqlConnection(@"Data Source=.SQLEXPRESS;AttachDbFilename=E:MyProjectsC#net传智播客第十一节asp.net中级10图片权限控制App_DataDatabase.mdf;Integrated Security=True;User Instance=True")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { cmd.CommandText = "select * FROM T_Users where id=@userid"; cmd.Parameters.Add(new SqlParameter("userid", userid)); SqlDataAdapter adapter = new SqlDataAdapter(cmd); adapter.Fill(dataset); return dataset.Tables[0]; } } } public bool IsReusable { get { return false; } }} |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><head> <title></title> <script type="text/javascript"> var leftSeconds = 4; setInterval(function(){ if(leftSeconds <= 0) { window.location.href="Default.aspx"; } document.getElementById("leftDiv").innerText = leftSeconds; leftSeconds --; },1000); </script></head><body>请先登录,页面将在3秒以后转向登录页面!如果您想立即进入登录页面,请<a href="Default.aspx">点击这里</a><br />还有<div id="leftDiv"></div>秒</body></html> |
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><head> <title></title></head><body><a href="DownloadPic.ashx?picname=1.jpg">1</a><br /><a href="DownloadPic.ashx?picname=2.jpg">2</a><br /><a href="DownloadPic.ashx?picname=3.jpg">3</a><br /></body></html> |