• 一个登陆页面,包含了初始化用户,输入检测,错误处理等


    <%@ Page Language="C#" AutoEventWireup="true"  CodeFile="Default.aspx.cs" Inherits="_Default" %>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

    <html xmlns="http://www.w3.org/1999/xhtml" >
    <head runat="server">
        
    <title>无标题页</title>
        
    <style type="text/css">
    <!--
    #loginbk
    {
         640px;
        height: 300px;
        background
    -image: url(images/OA_logo.jpg);
        position: relative;
        top: 100px;
    }

    #login
    {
        margin
    -top: 205px;
        font
    -size: 12px;
        margin
    -left: 20px;
    }

    .boxInput
    {
        font
    -size: 12px;
        border
    -bottom: black 1px solid;
        border
    -top-style: none;
        border
    -right-style: none;
        border
    -left-style: none;
        background
    -color: transparent;
    }

    #copyright
    {
        font
    -size: 12px;
        color: black;
    }

    #alignbk
    {
        vertical
    -align: middle;
        text
    -align: center;
    }

    #Validators
    {
        font
    -size: 12px;
        vertical
    -align: middle;
        text
    -align: center;
    }

    -->
    </style>
    </head>
    <body>
        
    <form id="form1" runat="server">
        
    <div id="Validators">
        
    <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ErrorMessage="密码不能为空!" ControlToValidate="boxPassword"></asp:RequiredFieldValidator>
        
    <asp:Label ID="Alert" runat="server" Text="警告:" Visible="False"></asp:Label>
        
    </div>

        
    <div id="alignbk">
            
    &nbsp;<div id="loginbk">
                
    <div id="login" >           
                   
    <table style=" 550px">
                       
    <tr>
                           
    <td style=" 16px">
                               
    <img src="images/AdminUser.gif" /></td>
                           
    <td style=" 205px">
                               帐号:
    <asp:TextBox ID="boxUserName" runat="server" CssClass="boxInput"></asp:TextBox></td>
                           
    <td style=" 12px">
                               
    <img src="images/AdminPWD.gif" /></td>
                           
    <td style=" 208px">
                               密码:
    <asp:TextBox ID="boxPassword" runat="server" CssClass="boxInput" TextMode="Password"></asp:TextBox></td>
                           
    <td style=" 100px">
                               
    <asp:ImageButton ID="btnLogin" runat="server" ImageUrl="~/images/AdminLogin.gif" OnClick="btnLogin_Click" /></td>
                       
    </tr>
                   
    </table>           
                
    </div>
                
    <div id="copyright">
                    主办:  
    &nbsp;&nbsp;&nbsp;&nbsp; Copyright &copy; 2006 <a href="http://single.dlut.edu.cn">
                        Single
    </a> All Rights
                    Reserved.
    </div>
                    
           
    </div>
     

        
    </div> 
        
    </form>
    </body>
    </html>
    using System;
    using System.Data;
    using System.Configuration;
    using System.Web;
    using System.Web.Security;
    using System.Web.UI;
    using System.Web.UI.WebControls;
    using System.Web.UI.WebControls.WebParts;
    using System.Web.UI.HtmlControls;
    using System.Data.SqlClient;
    using System.Text.RegularExpressions;
    using System.Collections;

    public partial class _Default : System.Web.UI.Page 
    {
        
    protected string strConn = ConfigurationSettings.AppSettings["strConnection"];
        
        
    protected int numErr = 5//初始化允许登陆出错的最大次数

        
    protected void Page_Load(object sender, EventArgs e)
        
    {
            
    //初始化帐号密码
            
    //*
            
    // InitializtionPWD();
            
    //*

            
    if (Session["numErr"== null )   //初始化错误次数记录数。
            {
                Session[
    "numErr"= 0;
            }



            
    if (int.Parse(Session["numErr"].ToString()) >= numErr)
            
    {
                btnLogin.Enabled 
    = false;
            }



        }


        
    protected void btnLogin_Click(object sender, ImageClickEventArgs e)
        
    {

            
    if (int.Parse(Session["numErr"].ToString()) < 5)
            
    {

                
    string adminName = boxUserName.Text;

                
                
    //替换特殊字符',增添记录
                if (!CheckParams(adminName))
                
    {
                    adminName 
    = adminName.Replace("\'","\'\'");
                   
    // adminName = adminName.Replace("=","\"=\"");
                    string Insert = "Insert INTO OA_BadIP(BadIP,BadString,CreatedTime) values('" + Request.UserHostAddress + "','危险用户名[" + adminName + "]尝试登陆!','" + DateTime.Now + "')";
                    
                    SqlConnection myConn2 
    = new SqlConnection(strConn);
                    SqlCommand myCommand2 
    = new SqlCommand(Insert, myConn2);
                    myConn2.Open();
                    myCommand2.ExecuteNonQuery();
                   
                    myCommand2.Dispose();
                    myConn2.Close();

                    GoError(
    "请不要尝试破坏此系统!\\n你的计算机" + Request.UserHostAddress + "已经被记录!");
                }


                
    //建立数据库联接,验证用户!
                string password = FormsAuthentication.HashPasswordForStoringInConfigFile(boxPassword.Text, "SHA1");

                
    string mySql = "Select AdminPWD,AdminGroup,ColleageID From OA_Admin Where AdminName='" + adminName + "'";


                SqlConnection myConn 
    = new SqlConnection(strConn);
                SqlCommand myCommand 
    = new SqlCommand(mySql, myConn);
                myConn.Open();
                SqlDataReader myReader;
                myReader 
    = myCommand.ExecuteReader();
                
    if (myReader.Read())
                
    {
                    
    if (password == myReader["AdminPWD"].ToString())
                    
    {
                        Session[
    "AdminName"= boxUserName.Text;
                        Session[
    "AdminGroup"= myReader["AdminGroup"].ToString();
                        Session[
    "ColleageID"= myReader["ColleageID"].ToString();
                        myReader.Close();
                        myConn.Close();
                        Response.Redirect(
    "mail.aspx");


                    }

                    
    else
                    
    {

                        Session[
    "numErr"= int.Parse(Session["numErr"].ToString()) + 1;
                        Alert.Visible 
    = true;
                        Alert.Text 
    = "密码错误!你还有" + (numErr - int.Parse(Session["numErr"].ToString())+1+ "次重试机会!";
                        myReader.Close();
                        myConn.Close();
                    }

                }

                
    else
                
    {
                    Session[
    "numErr"= int.Parse(Session["numErr"].ToString()) + 1;
                    Alert.Visible 
    = true;
                    Alert.Text 
    = "用户名不存在!你还有" + (numErr - int.Parse(Session["numErr"].ToString())+1+ "次重试机会!";

                    myReader.Close();
                    myConn.Close();
                }


            }

            
    else
            
    {
                Alert.Visible 
    = true;
                Alert.Text 
    = "错误记录达到最高上限,您在20分钟内无法登陆!";
                
    //btnLogin.Enabled = false;
            }


        }





        
    //=====================================
        
    //下面的这段程序是初始化总管理员密码。
        
    //======================================
        private void InitializtionPWD()
        
    {
            
    //下面的这段程序是初始化管理员信息
            
    //帐号:admin   
            
    //密码:admin 

            SqlConnection myConn 
    = new SqlConnection(strConn);
            myConn.Open();
            
    string hashed = FormsAuthentication.HashPasswordForStoringInConfigFile("admin""SHA1");
            
    string strInsert = "INSERT INTO OA_Admin(AdminName,AdminPWD,CreatedTime) Values('admin','" + hashed + "','" + DateTime.Now + "')";
            SqlCommand insert 
    = new SqlCommand(strInsert, myConn);
            insert.ExecuteNonQuery();
            insert.Dispose();
            myConn.Close();

        }



        
    //==============
        
    // 错误提示!
        
    //==============
        private void GoError(string strError)
        
    {
            Response.Write(
    "<script language=javascript>alert('" + strError + "\\n\\n系统将自动返回前一页面');history.back();</script>");

        }



        
    //===============================
        
    //过滤指定的字符,防止Sql注入。
        
    //=================================

        
    bool CheckParams(params object[] args)
        
    {
            
    string[] Lawlesses ="=""'" };
            
    if (Lawlesses == null || Lawlesses.Length <= 0return true;
            
    //构造正则表达式,例:Lawlesses是=号和'号,则正则表达式为 .*[=}'].*  (正则表达式相关内容请见MSDN)
            
    //另外,由于我是想做通用而且容易修改的函数,所以多了一步由字符数组到正则表达式,实际使用中,直接写正则表达式亦可;
            string str_Regex = ".*[";
            
    for (int i = 0; i < Lawlesses.Length - 1; i++)
                str_Regex 
    += Lawlesses[i] + "|";
            str_Regex 
    += Lawlesses[Lawlesses.Length - 1+ "].*";
            
    //
            foreach (object arg in args)
            
    {
                
    if (arg is string)//如果是字符串,直接检查
                {
                    
    if (Regex.Matches(arg.ToString(), str_Regex).Count > 0)
                        
    return false;
                }

                
    else if (arg is ICollection)//如果是一个集合,则检查集合内元素是否字符串,是字符串,就进行检查
                {
                    
    foreach (object obj in (ICollection)arg)
                    
    {
                        
    if (obj is string)
                        
    {
                            
    if (Regex.Matches(obj.ToString(), str_Regex).Count > 0)
                                
    return false;
                        }

                    }

                }

            }

            
    return true;
        }

    }

  • 相关阅读:
    python 装饰器
    python操作hbase
    python 数据压缩
    JsonSchema 启蒙
    python在webservice接口测试中的应用
    简单的python http接口自动化脚本
    解决python2安装MySQL-python模块报错
    实用小工具推荐(一)
    linux和mac使用virtualenv使用和安装
    少年,来点正能量吧!
  • 原文地址:https://www.cnblogs.com/kokoliu/p/523622.html
Copyright © 2020-2023  润新知