* Login   * Register


Last visit was:
It is currently Sun Feb 25, 2018 10:38 am
View unanswered posts
View active topics





Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Code đăng nhập ASP.NET
PostPosted: Sun May 31, 2009 1:30 pm 
Offline

Joined: Thu Feb 05, 2009 11:43 am
Posts: 11
---------
Code đăng nhập ASP.NET
Đây là code viết theo 3 Layer, bạn tham khảo nhé. Khỏi sợ SQL Injection vì dùng Store Procedure.
protected void btnLogin_Click(object sender, EventArgs e)
{
User user=new User ();
user.UserName=txtUserName.Text.Trim ();
user.Password=txtPassword.Text.Trim ();
if (UserService.CheckUser (user))
{
Session["Administrator"]=user.UserName.ToString();
Response.Redirect ("~/Admin/Edit.aspx");
}
else
{
lblWrong.Visible=true;
}
}

Entities:

using System;

namespace Entities
{
public class User
{
public User()
{
}

private string username;
private string password;

public string UserName
{
get
{
return username;
}
set
{
username=value;
}
}

public string Password
{
get
{
return password;
}
set
{
password=value;
}
}
}
}

Data Layer:
using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using Entities;

/// <summary>
/// Summary description for Login
/// </summary>
namespace Data
{
public class UserDAO: BaseDAO
{
public UserDAO()
{
//
// TODO: Add constructor logic here
//
}

public bool CheckUser(User user)
{
user=ReplaceUser(user.UserName, user.Password);
user.Password=Encode (user.Password);

using (SqlConnection connection=GetConnection ())
{
SqlCommand command=new SqlCommand ("spCheckLogin", connection);
command.CommandType=CommandType.StoredProcedure;
command.Parameters.Add (new SqlParameter("@UserName",user.UserName));
command.Parameters.Add (new SqlParameter("@Pass", user.Password));

connection.Open ();

using (SqlDataReader reader=command.ExecuteReader (CommandBehavior.CloseConnection))
{
if (reader.HasRows)
{
return true;
}
else
{
return false;
}
}
}
}

public void ChangePassword(User user, string newpass, string confirmpass)
{
newpass=newpass.Replace ("'", "''");
confirmpass=confirmpass.Replace ("'", "''");
if (CheckUser (user)& (newpass==confirmpass))
{
using (SqlConnection connection=GetConnection ())
{
SqlCommand command=new SqlCommand ("spChangePassword",connection);
command.CommandType=CommandType.StoredProcedure;
command.Parameters.Add (new SqlParameter("@UserName", user.UserName));
command.Parameters.Add (new SqlParameter ("@Pass", Encode(user.Password)));
command.Parameters.Add (new SqlParameter("@NewPass",Encode(newpass)));

connection.Open ();

if(command.ExecuteNonQuery() <=0)
throw new DataAccessException (String.Format (Resources.Strings.ChangePassword, "", null));
}
}
}

private User ReplaceUser(string name, string pass)
{
User user=new User();
user.UserName=name.Replace ("'", "''");
user.Password=pass.Replace ("'","''");

return user;
}

private string Encode(string str)
{
byte[] encbuff = System.Text.Encoding.UTF8.GetBytes (str);
return Convert.ToBase64String (encbuff);
}

private string Decode(string str)
{
byte[] decbuff = Convert.FromBase64String (str);
return System.Text.Encoding.UTF8.GetString (decbuff);
}
}
}

Bussiness:

using System;
using System.Data;

using Entities;
using Data;

namespace Business
{
public class UserService
{
public UserService()
{
}

public static bool CheckUser(User user)
{
UserDAO userDAO=new UserDAO ();
return userDAO.CheckUser (user);
}

public static void ChangePassword(User user, string newpass, string confirmpass)
{
UserDAO userDAO=new UserDAO ();
userDAO.ChangePassword (user, newpass, confirmpass);
}
}
}

using System;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

/// <summary>
/// Summary description for BaseDAO
/// </summary>
public class BaseDAO
{
public BaseDAO()
{
//
// TODO: Add constructor logic here
//
}

public SqlConnection GetConnection()
{
return new SqlConnection(ConfigurationManager.ConnectionStrings["NewsConnection"].ConnectionString);
}
}

Store Procedure:
CREATE PROCEDURE [dbo].[spCheckLogin]
@UserName varchar(50),
@Pass varchar(50)
AS
SELECT UserName,Pass FROM Users
WHERE UserName=@UserName and Pass=@Pass

GO
Good Luck To You.


Report this post
Top
 Profile E-mail  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 


Who is online

Users browsing this forum: No registered users and 0 guests


You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron

Create Forum · php-BB© · Internationalization Project · Report abuse · Terms Of Use/Privacy Policy
© Forums-Free.com 2009