|
#2
dogdays2008-02-18 14:14
|
关于后台管理员登录的问题
登录程序已经搞好了,用户名或秘密不正确都不能登录
问题一:怎样将登录的用户名传递到后台管理页面上去?
问题二:如果有人知道管理页面的路径,可以跳过login.aspx页面,直接访问
admin.aspx页面直接上去,怎么办?
login.aspx:
前台代码:
<table width="200" border="1" cellpadding="0" cellspacing="0">
<tr>
<td style="height: 26px"><div align="center">
<span style="color: #ffffff">用户名:</span></div></td>
<td style="height: 26px"><div align="center">
<asp:TextBox ID="wyx_name" runat="server"
Width="80px"></asp:TextBox> </div></td>
</tr>
<tr>
<td style="height: 28px"><div align="center">
<span style="color: #ffffff">密 码:</span></div></td>
<td style="height: 28px"><div align="center">
<asp:TextBox ID="wyx_pass" runat="server" TextMode="Password"
Width="80px"></asp:TextBox> </div></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<asp:Button ID="Button1" runat="server"
OnClick="Button1_Click" Text="登录" /> </div> </td>
</tr>
</table>
后台代码:
protected void Page_Load(object sender, EventArgs e)
{
Session["username"] = wyx_name.Text;
}
protected void Button1_Click(object sender, EventArgs e)
{
string wyxpassword =
FormsAuthentication.HashPasswordForStoringInConfigFile(wyx_pass.Text,
"MD5");//将输入的密码转换成MD5加密法
Socut.Reader dr = new Socut.Reader("SELECT * FROM wyx_user
WHERE wyx_name='"+wyx_name.Text+"' AND wyx_pass='"+wyxpassword+"'");
if(dr.Read()) //如果用户密码正确
{
Response.Redirect("admin_index.aspx");//转向后台管理首页
}
else
{
Response.Write("<script>alert('嘿嘿,用户或密码不正确!')
</script>");//弹出提示信息
}
dr.Close();
}
admin.aspx:
前台代码:
<body style="text-align: left"><br>
欢迎 <asp:Label ID="Label1" runat="server"> </asp:Label>进入后台管
理:
</body>
后台代码:
protected void Page_Load(object sender, EventArgs e)
{
string username = Session["username"];
Label1.Text = username;
}