<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>无标题页</title>
<style type="text/css">
<!--
#loginbk
{
640px;
height: 300px;
background-image: url(images/OA_logo.jpg);
position: relative;
top: 100px;
}
#login
{
margin-top: 205px;
font-size: 12px;
margin-left: 20px;
}
.boxInput
{
font-size: 12px;
border-bottom: black 1px solid;
border-top-style: none;
border-right-style: none;
border-left-style: none;
background-color: transparent;
}
#copyright
{
font-size: 12px;
color: black;
}
#alignbk
{
vertical-align: middle;
text-align: center;
}
#Validators
{
font-size: 12px;
vertical-align: middle;
text-align: center;
}
-->
</style>
</head>
<body>
<form id="form1" runat="server">
<div id="Validators">
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ErrorMessage="密码不能为空!" ControlToValidate="boxPassword"></asp:RequiredFieldValidator>
<asp:Label ID="Alert" runat="server" Text="警告:" Visible="False"></asp:Label>
</div>
<div id="alignbk">
<div id="loginbk">
<div id="login" >
<table style=" 550px">
<tr>
<td style=" 16px">
<img src="images/AdminUser.gif" /></td>
<td style=" 205px">
帐号:<asp:TextBox ID="boxUserName" runat="server" CssClass="boxInput"></asp:TextBox></td>
<td style=" 12px">
<img src="images/AdminPWD.gif" /></td>
<td style=" 208px">
密码:<asp:TextBox ID="boxPassword" runat="server" CssClass="boxInput" TextMode="Password"></asp:TextBox></td>
<td style=" 100px">
<asp:ImageButton ID="btnLogin" runat="server" ImageUrl="~/images/AdminLogin.gif" OnClick="btnLogin_Click" /></td>
</tr>
</table>
</div>
<div id="copyright">
主办: Copyright © 2006 <a href="http://single.dlut.edu.cn">
Single</a> All Rights
Reserved.</div>
</div>
</div>
</form>
</body>
</html>
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Text.RegularExpressions;
using System.Collections;
public partial class _Default : System.Web.UI.Page
{
protected string strConn = ConfigurationSettings.AppSettings["strConnection"];
protected int numErr = 5; //初始化允许登陆出错的最大次数
protected void Page_Load(object sender, EventArgs e)
{
//初始化帐号密码
//*
// InitializtionPWD();
//*
if (Session["numErr"] == null ) //初始化错误次数记录数。
{
Session["numErr"] = 0;
}
if (int.Parse(Session["numErr"].ToString()) >= numErr)
{
btnLogin.Enabled = false;
}
}
protected void btnLogin_Click(object sender, ImageClickEventArgs e)
{
if (int.Parse(Session["numErr"].ToString()) < 5)
{
string adminName = boxUserName.Text;
//替换特殊字符',增添记录
if (!CheckParams(adminName))
{
adminName = adminName.Replace("\'","\'\'");
// adminName = adminName.Replace("=","\"=\"");
string Insert = "Insert INTO OA_BadIP(BadIP,BadString,CreatedTime) values('" + Request.UserHostAddress + "','危险用户名[" + adminName + "]尝试登陆!','" + DateTime.Now + "')";
SqlConnection myConn2 = new SqlConnection(strConn);
SqlCommand myCommand2 = new SqlCommand(Insert, myConn2);
myConn2.Open();
myCommand2.ExecuteNonQuery();
myCommand2.Dispose();
myConn2.Close();
GoError("请不要尝试破坏此系统!\\n你的计算机" + Request.UserHostAddress + "已经被记录!");
}
//建立数据库联接,验证用户!
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(boxPassword.Text, "SHA1");
string mySql = "Select AdminPWD,AdminGroup,ColleageID From OA_Admin Where AdminName='" + adminName + "'";
SqlConnection myConn = new SqlConnection(strConn);
SqlCommand myCommand = new SqlCommand(mySql, myConn);
myConn.Open();
SqlDataReader myReader;
myReader = myCommand.ExecuteReader();
if (myReader.Read())
{
if (password == myReader["AdminPWD"].ToString())
{
Session["AdminName"] = boxUserName.Text;
Session["AdminGroup"] = myReader["AdminGroup"].ToString();
Session["ColleageID"] = myReader["ColleageID"].ToString();
myReader.Close();
myConn.Close();
Response.Redirect("mail.aspx");
}
else
{
Session["numErr"] = int.Parse(Session["numErr"].ToString()) + 1;
Alert.Visible = true;
Alert.Text = "密码错误!你还有" + (numErr - int.Parse(Session["numErr"].ToString())+1) + "次重试机会!";
myReader.Close();
myConn.Close();
}
}
else
{
Session["numErr"] = int.Parse(Session["numErr"].ToString()) + 1;
Alert.Visible = true;
Alert.Text = "用户名不存在!你还有" + (numErr - int.Parse(Session["numErr"].ToString())+1) + "次重试机会!";
myReader.Close();
myConn.Close();
}
}
else
{
Alert.Visible = true;
Alert.Text = "错误记录达到最高上限,您在20分钟内无法登陆!";
//btnLogin.Enabled = false;
}
}
//=====================================
//下面的这段程序是初始化总管理员密码。
//======================================
private void InitializtionPWD()
{
//下面的这段程序是初始化管理员信息
//帐号:admin
//密码:admin
SqlConnection myConn = new SqlConnection(strConn);
myConn.Open();
string hashed = FormsAuthentication.HashPasswordForStoringInConfigFile("admin", "SHA1");
string strInsert = "INSERT INTO OA_Admin(AdminName,AdminPWD,CreatedTime) Values('admin','" + hashed + "','" + DateTime.Now + "')";
SqlCommand insert = new SqlCommand(strInsert, myConn);
insert.ExecuteNonQuery();
insert.Dispose();
myConn.Close();
}
//==============
// 错误提示!
//==============
private void GoError(string strError)
{
Response.Write("<script language=javascript>alert('" + strError + "\\n\\n系统将自动返回前一页面');history.back();</script>");
}
//===============================
//过滤指定的字符,防止Sql注入。
//=================================
bool CheckParams(params object[] args)
{
string[] Lawlesses ={ "=", "'" };
if (Lawlesses == null || Lawlesses.Length <= 0) return true;
//构造正则表达式,例:Lawlesses是=号和'号,则正则表达式为 .*[=}'].* (正则表达式相关内容请见MSDN)
//另外,由于我是想做通用而且容易修改的函数,所以多了一步由字符数组到正则表达式,实际使用中,直接写正则表达式亦可;
string str_Regex = ".*[";
for (int i = 0; i < Lawlesses.Length - 1; i++)
str_Regex += Lawlesses[i] + "|";
str_Regex += Lawlesses[Lawlesses.Length - 1] + "].*";
//
foreach (object arg in args)
{
if (arg is string)//如果是字符串,直接检查
{
if (Regex.Matches(arg.ToString(), str_Regex).Count > 0)
return false;
}
else if (arg is ICollection)//如果是一个集合,则检查集合内元素是否字符串,是字符串,就进行检查
{
foreach (object obj in (ICollection)arg)
{
if (obj is string)
{
if (Regex.Matches(obj.ToString(), str_Regex).Count > 0)
return false;
}
}
}
}
return true;
}
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>无标题页</title>
<style type="text/css">
<!--
#loginbk
{
640px;
height: 300px;
background-image: url(images/OA_logo.jpg);
position: relative;
top: 100px;
}
#login
{
margin-top: 205px;
font-size: 12px;
margin-left: 20px;
}
.boxInput
{
font-size: 12px;
border-bottom: black 1px solid;
border-top-style: none;
border-right-style: none;
border-left-style: none;
background-color: transparent;
}
#copyright
{
font-size: 12px;
color: black;
}
#alignbk
{
vertical-align: middle;
text-align: center;
}
#Validators
{
font-size: 12px;
vertical-align: middle;
text-align: center;
}
-->
</style>
</head>
<body>
<form id="form1" runat="server">
<div id="Validators">
<asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ErrorMessage="密码不能为空!" ControlToValidate="boxPassword"></asp:RequiredFieldValidator>
<asp:Label ID="Alert" runat="server" Text="警告:" Visible="False"></asp:Label>
</div>
<div id="alignbk">
<div id="loginbk">
<div id="login" >
<table style=" 550px">
<tr>
<td style=" 16px">
<img src="images/AdminUser.gif" /></td>
<td style=" 205px">
帐号:<asp:TextBox ID="boxUserName" runat="server" CssClass="boxInput"></asp:TextBox></td>
<td style=" 12px">
<img src="images/AdminPWD.gif" /></td>
<td style=" 208px">
密码:<asp:TextBox ID="boxPassword" runat="server" CssClass="boxInput" TextMode="Password"></asp:TextBox></td>
<td style=" 100px">
<asp:ImageButton ID="btnLogin" runat="server" ImageUrl="~/images/AdminLogin.gif" OnClick="btnLogin_Click" /></td>
</tr>
</table>
</div>
<div id="copyright">
主办: Copyright © 2006 <a href="http://single.dlut.edu.cn">
Single</a> All Rights
Reserved.</div>
</div>
</div>
</form>
</body>
</html>
using System;
using System.Data;
using System.Configuration;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Data.SqlClient;
using System.Text.RegularExpressions;
using System.Collections;
public partial class _Default : System.Web.UI.Page
{
protected string strConn = ConfigurationSettings.AppSettings["strConnection"];
protected int numErr = 5; //初始化允许登陆出错的最大次数
protected void Page_Load(object sender, EventArgs e)
{
//初始化帐号密码
//*
// InitializtionPWD();
//*
if (Session["numErr"] == null ) //初始化错误次数记录数。
{
Session["numErr"] = 0;
}
if (int.Parse(Session["numErr"].ToString()) >= numErr)
{
btnLogin.Enabled = false;
}
}
protected void btnLogin_Click(object sender, ImageClickEventArgs e)
{
if (int.Parse(Session["numErr"].ToString()) < 5)
{
string adminName = boxUserName.Text;
//替换特殊字符',增添记录
if (!CheckParams(adminName))
{
adminName = adminName.Replace("\'","\'\'");
// adminName = adminName.Replace("=","\"=\"");
string Insert = "Insert INTO OA_BadIP(BadIP,BadString,CreatedTime) values('" + Request.UserHostAddress + "','危险用户名[" + adminName + "]尝试登陆!','" + DateTime.Now + "')";
SqlConnection myConn2 = new SqlConnection(strConn);
SqlCommand myCommand2 = new SqlCommand(Insert, myConn2);
myConn2.Open();
myCommand2.ExecuteNonQuery();
myCommand2.Dispose();
myConn2.Close();
GoError("请不要尝试破坏此系统!\\n你的计算机" + Request.UserHostAddress + "已经被记录!");
}
//建立数据库联接,验证用户!
string password = FormsAuthentication.HashPasswordForStoringInConfigFile(boxPassword.Text, "SHA1");
string mySql = "Select AdminPWD,AdminGroup,ColleageID From OA_Admin Where AdminName='" + adminName + "'";
SqlConnection myConn = new SqlConnection(strConn);
SqlCommand myCommand = new SqlCommand(mySql, myConn);
myConn.Open();
SqlDataReader myReader;
myReader = myCommand.ExecuteReader();
if (myReader.Read())
{
if (password == myReader["AdminPWD"].ToString())
{
Session["AdminName"] = boxUserName.Text;
Session["AdminGroup"] = myReader["AdminGroup"].ToString();
Session["ColleageID"] = myReader["ColleageID"].ToString();
myReader.Close();
myConn.Close();
Response.Redirect("mail.aspx");
}
else
{
Session["numErr"] = int.Parse(Session["numErr"].ToString()) + 1;
Alert.Visible = true;
Alert.Text = "密码错误!你还有" + (numErr - int.Parse(Session["numErr"].ToString())+1) + "次重试机会!";
myReader.Close();
myConn.Close();
}
}
else
{
Session["numErr"] = int.Parse(Session["numErr"].ToString()) + 1;
Alert.Visible = true;
Alert.Text = "用户名不存在!你还有" + (numErr - int.Parse(Session["numErr"].ToString())+1) + "次重试机会!";
myReader.Close();
myConn.Close();
}
}
else
{
Alert.Visible = true;
Alert.Text = "错误记录达到最高上限,您在20分钟内无法登陆!";
//btnLogin.Enabled = false;
}
}
//=====================================
//下面的这段程序是初始化总管理员密码。
//======================================
private void InitializtionPWD()
{
//下面的这段程序是初始化管理员信息
//帐号:admin
//密码:admin
SqlConnection myConn = new SqlConnection(strConn);
myConn.Open();
string hashed = FormsAuthentication.HashPasswordForStoringInConfigFile("admin", "SHA1");
string strInsert = "INSERT INTO OA_Admin(AdminName,AdminPWD,CreatedTime) Values('admin','" + hashed + "','" + DateTime.Now + "')";
SqlCommand insert = new SqlCommand(strInsert, myConn);
insert.ExecuteNonQuery();
insert.Dispose();
myConn.Close();
}
//==============
// 错误提示!
//==============
private void GoError(string strError)
{
Response.Write("<script language=javascript>alert('" + strError + "\\n\\n系统将自动返回前一页面');history.back();</script>");
}
//===============================
//过滤指定的字符,防止Sql注入。
//=================================
bool CheckParams(params object[] args)
{
string[] Lawlesses ={ "=", "'" };
if (Lawlesses == null || Lawlesses.Length <= 0) return true;
//构造正则表达式,例:Lawlesses是=号和'号,则正则表达式为 .*[=}'].* (正则表达式相关内容请见MSDN)
//另外,由于我是想做通用而且容易修改的函数,所以多了一步由字符数组到正则表达式,实际使用中,直接写正则表达式亦可;
string str_Regex = ".*[";
for (int i = 0; i < Lawlesses.Length - 1; i++)
str_Regex += Lawlesses[i] + "|";
str_Regex += Lawlesses[Lawlesses.Length - 1] + "].*";
//
foreach (object arg in args)
{
if (arg is string)//如果是字符串,直接检查
{
if (Regex.Matches(arg.ToString(), str_Regex).Count > 0)
return false;
}
else if (arg is ICollection)//如果是一个集合,则检查集合内元素是否字符串,是字符串,就进行检查
{
foreach (object obj in (ICollection)arg)
{
if (obj is string)
{
if (Regex.Matches(obj.ToString(), str_Regex).Count > 0)
return false;
}
}
}
}
return true;
}
}