protected void bt_login_Click(object sender, EventArgs e) { USER myuser = new USER(); myuser.USERNAME = this.tb_username.Text; string pwd = this.tb_password.Text; string sqlGetUserID = "SELECT USERID FROM [USER] WHERE USERNAME='******'"; int userid = Convert.ToInt16(DbHelperSQL.GetSingle(sqlGetUserID)); myuser.GetModel(userid); if (userid != 0) { if (myuser.PASSWORD.Trim() == pwd.Trim()) { Response.Write(MessageBox.Show("登入成功")); ROLE myrole = new ROLE(); myrole.ROLEID = myuser.ROLEID; myrole.GetModel(myrole.ROLEID); Session["roleid"] = Convert.ToInt16(myrole.ROLEID); Response.Redirect("index.aspx"); } else { Response.Write(MessageBox.Show("登入失败")); } } }
protected void Page_Load(object sender, EventArgs e) { USER myuser = new USER(); myuser.USERNAME = Request.QueryString["user"]; string pwd = Request.QueryString["password"]; string sqlGetUserID = "SELECT USERID FROM [USER] WHERE USERNAME='******'"; int userid = Convert.ToInt16(DbHelperSQL.GetSingle(sqlGetUserID)); myuser.GetModel(userid); if (userid == 0) { Response.Write("{\"success\":0, \"userName\":\"" + Request.QueryString["user"] + "\",\"authority\":\"\"}"); } else { if (pwd != null) { if (myuser.PASSWORD.Trim() == pwd.Trim()) { if (myuser.ROLEID == 25) { Response.Write("{\"success\":1, \"userName\":\"" + Request.QueryString["user"] + "\", \"authority\":\"student\"}"); } else { Response.Write("{\"success\":1, \"userName\":\"" + Request.QueryString["user"] + "\", \"authority\":\"teacher\"}"); } } else { Response.Write("{\"success\":0, \"userName\":\"" + Request.QueryString["user"] + "\",\"authority\":\"\"}"); } } } }