类库代码如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
/// <summary>
///CommonClass 的摘要说明
/// </summary>
public class CommonClass
{
public CommonClass()
{
}
/// <summary>
/// 数据库连接类
/// </summary>
/// <returns>连接对象</returns>
public SqlConnection GetConnection()
{
string myStr = ConfigurationManager.AppSettings["ConnectionString"].ToString();
SqlConnection myConn = new SqlConnection(myStr);
return myConn;
}
/// <summary>
/// 弹出框
/// </summary>
/// <param name="TxtMessage">弹出提示信息</param>
/// <param name="Url">对话框关闭后,转到地址</param>
/// <returns></returns>
///
public string MessageBox(string TxtMessage,string Url) {
string str;
str = "<script language=javascript>alert('"+TxtMessage+"');location='"+Url+"'</script>";
return str;
}
/// <summary>
/// 用来执行增删改功能
/// </summary>
/// <param name="sqlStr"> 操作的SQL语句</param>
/// <returns>成功返回true,失败返回FALSE</returns>
///
public Boolean ExecSQL(string sqlStr) {
SqlConnection myConn = GetConnection();
myConn.Open();
SqlCommand myCmd = new SqlCommand(sqlStr,myConn);
try
{
myCmd.ExecuteNonQuery();
myConn.Close();
}
catch {
myConn.Close();
return false;
}
return true;
}
/// <summary>
/// 返回数据源的数据集
/// </summary>
/// <param name="sqlStr">操作SQL语句</param>
/// <param name="TableName">数据表名称</param>
/// <returns>数据集DataSet</returns>
public DataSet GetDataSet(string sqlStr, string TableName) {
SqlConnection myConn = GetConnection();
myConn.Open();
SqlDataAdapter adapt = new SqlDataAdapter(sqlStr, myConn);
DataSet ds = new DataSet();
adapt.Fill(ds, TableName);
myConn.Close();
return ds;
}
/// <summary>
/// 验证登录,防止SQL注入式攻击
/// </summary>
/// <param name="loginName">用户名</param>
/// <param name="loginPwd">密码</param>
/// <returns></returns>
public int checkLogin(string loginName,string loginPwd) {
SqlConnection myConn = GetConnection();
SqlCommand myCmd = new SqlCommand( "select count(*) from tb_User where Name=@loginName and PassWord=@loginPwd",myConn);
myCmd.Parameters.Add(new SqlParameter("@loginName",SqlDbType.VarChar,20));
myCmd.Parameters["@loginName"].Value = loginName;
myCmd.Parameters.Add(new SqlParameter("@loginPwd", SqlDbType.VarChar, 50));
myCmd.Parameters["@loginPwd"].Value = loginPwd;
myConn.Open();
int i = (int)myCmd.ExecuteScalar();
myCmd.Dispose();
myConn.Close();
return i;
}
/// <summary>
/// 实现随机验证码
/// </summary>
/// <param name="n">验证码个数</param>
/// <returns>返回生成的随机数</returns>
public string RandomNum(int n) {
string strchar = "0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z";
string[] VcArray = strchar.Split(',');
string VNum = "";
int temp = -1;
Random rand=new Random();
for (int i=1; i < n + 1; i++) {
if (temp != -1) {
rand = new Random(i*temp*unchecked((int)DateTime.Now.Ticks));
}
int t = rand.Next(61);
if (temp != -1 && temp == t) {
return RandomNum(n);
}
temp = t;
VNum += VcArray[t];
}
return VNum;
}
}
.aspx代码如下:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Login.aspx.cs" Inherits="Login" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<style type="text/css">
.tbl_login{ padding:10px; margin:10px;}
.tbl_login td{ padding:10px; border:1px solid gray;}
</style>
</head>
<body>
<form id="form1" runat="server">
<div>
<asp:Table ID="Table1" runat="server" CssClass="tbl_login">
<asp:TableRow runat="server">
<asp:TableCell>管理员姓名:</asp:TableCell>
<asp:TableCell><asp:TextBox ID="txt_name" runat="server"></asp:TextBox></asp:TableCell>
</asp:TableRow>
<asp:TableRow runat="server">
<asp:TableCell>管理员密码:</asp:TableCell>
<asp:TableCell><asp:TextBox ID="txt_pwd" runat="server" TextMode="Password"></asp:TextBox></asp:TableCell>
</asp:TableRow>
<asp:TableRow ID="TableRow1" runat="server">
<asp:TableCell>验证码:</asp:TableCell>
<asp:TableCell><asp:TextBox ID="txt_code" runat="server" ></asp:TextBox></asp:TableCell>
<asp:TableCell style="border:1px solid silver;">
<asp:Label ID="lab_Code" runat="server" Text="8888"></asp:Label></asp:TableCell>
</asp:TableRow>
</asp:Table>
<asp:Button ID="btn_login" runat="server" Text="登录"
οnclick="btn_login_Click1" />
<asp:Button ID="btn_cancel" runat="server" Text="取消"
οnclick="btn_cancel_Click1" />
</div>
</form>
</body>
</html>
.aspx.cs代码如下:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class Login : System.Web.UI.Page
{
CommonClass cc = new CommonClass();
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack) {
this.lab_Code.Text = cc.RandomNum(4);
}
}
protected void btn_login_Click1(object sender, EventArgs e)
{
if (txt_name.Text.Trim() == "" || txt_pwd.Text.Trim() == "")
{
Response.Write(cc.MessageBox("登录名和密码不能为空!", "Login.aspx"));
}
else
{
if (txt_code.Text.Trim() == lab_Code.Text.Trim())
{
int IntUserIn = cc.checkLogin(txt_name.Text.Trim(), txt_pwd.Text.Trim());
if (IntUserIn > 0)
{
Response.Write("<script language=javascript> window.open('AdminIndex.aspx');window.close();</script>");
}
else
{
Response.Write(cc.MessageBox("登录名或密码错误!", "Login.aspx"));
}
}
else
{
Response.Write(cc.MessageBox("验证码错误!", "Login.aspx"));
}
}
}
protected void btn_cancel_Click1(object sender, EventArgs e)
{
Response.Write("<script>window.close();location='javascript:history.go(-1)';</script>");
}
}
测试效果如下:
