//管理员密码修改 public int AdminPasswdChange(sql_admin admin, string newpasswd) { SqlParameter[] parms = { data.MakeInParam("@AdminName", SqlDbType.VarChar, 50, admin.admin_name), data.MakeInParam("@OldPassWord", SqlDbType.VarChar, 50, admin.admin_password), data.MakeInParam("@NewPassWord", SqlDbType.VarChar, 50, newpasswd), }; return(data.RunProc("update admin set adminPasswd=@NewPassWord where adminName=@AdminName and adminPasswd=@OldPassWord", parms)); }
//线下认证会员后由管理员更改用户的认证状态 status public int AuthenticateUserStatus(sql_admin admin, string username) { SqlParameter[] parms = { data.MakeInParam("@UserName", SqlDbType.VarChar, 50, username), // data.MakeInParam("@OldPassWord",SqlDbType.VarChar,50,admin.admin_password), //data.MakeInParam("@NewPassWord",SqlDbType.VarChar,50,newpasswd), }; return(data.RunProc("update users set status=1 where username=@UserName", parms)); }
//管理员登陆 public DataSet AdminLoginByAccount(sql_admin admin) { SqlParameter[] parms = { data.MakeInParam("@AdminName", SqlDbType.VarChar, 50, admin.admin_name), data.MakeInParam("@PassWord", SqlDbType.VarChar, 50, admin.admin_password), }; //返回结果集的方式,使用data.Tables[0].Rows.Count取得行数判断是否登录成功 return(data.RunProcReturn("select * from admin where adminName=@AdminName and adminPasswd=@PassWord", parms, "admin")); }
protected void Button1_Click(object sender, EventArgs e) { string validatecode = validate_code.Text; //Request.Cookies["CheckCode"]为空时会导致异常故需先检测 //验证码模块有点bug,先留着 //if (Request.Cookies["CheckCode"]!=null && Request.Cookies["CheckCode"].Value == validatecode) if (true) { string pass = FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text, "MD5"); sql_admin myadmin = new sql_admin(); myadmin.AdminName = username.Text; myadmin.AdminPassword = pass; //创建数据库连接 /*SqlContion con = new SqlConnection("server=.;database=MarriageAndLove;uid=sa;pwd=conan;"); * //打开数据库连接 * con.Open(); * //使用MD5加密将用户输入的密码加密 * * //创建SQL语句,该语句用来查询用户输入的用户名和密码是否正确 * string sqlSel = "select count(*) from admin where adminName=@name and adminPasswd=@pass"; * //创建SqlCommand对象 * SqlCommand com = new SqlCommand(sqlSel, con); * //使用Parameters的add方法添加参数类型 * com.Parameters.Add(new SqlParameter("name", SqlDbType.VarChar, 20)); * //设置Parameters的参数值 * com.Parameters["name"].Value = username.Text; * com.Parameters.Add(new SqlParameter("pass", SqlDbType.VarChar, 32)); * com.Parameters["pass"].Value = pass; */ //判断ExecuteScalar方法返回的参数是否大于0大于表示登录成功并给出提示 //if (Convert.ToInt32(com.ExecuteScalar()) > 0) if (myadmin.AdminLoginByAccount(myadmin).Tables[0].Rows.Count > 0) { //设置session Session["username"] = username.Text; WebMessageBox.Show("登录成功", "admin_manage.aspx"); // RegisterStartupScript("", "<script>alert('登录成功!')</script>"); //清空文本框 // txtCode.Text = txtUserName.Text = ""; //服务器端重定向 // Server.Transfer(); } else { WebMessageBox.Show("用户名或密码错误", "login.aspx"); } } else { WebMessageBox.Show("验证码输入错误", "login.aspx"); } }
protected void Button1_Click(object sender, EventArgs e) { //使用MD5加密将用户输入的密码加密 string pass = FormsAuthentication.HashPasswordForStoringInConfigFile(old_password.Text, "MD5"); sql_admin myadmin = new sql_admin(); myadmin.AdminName = username.Text; myadmin.AdminPassword = pass; //创建数据库连接 /*SqlConnection con = new SqlConnection("server=.;database=MarriageAndLove;uid=sa;pwd=conan;"); * //打开数据库连接 * con.Open(); * * //创建SQL语句,该语句用来查询用户输入的用户名和密码是否正确 * string sqlSel = "select count(*) from admin where adminName=@name and adminPasswd=@pass"; * //创建SqlCommand对象 * SqlCommand com = new SqlCommand(sqlSel, con); * //使用Parameters的add方法添加参数类型 * com.Parameters.Add(new SqlParameter("name", SqlDbType.VarChar, 20)); * //设置Parameters的参数值 * com.Parameters["name"].Value = username.Text; * com.Parameters.Add(new SqlParameter("pass", SqlDbType.VarChar, 32)); * com.Parameters["pass"].Value = pass; * if (Convert.ToInt32(com.ExecuteScalar()) > 0)*/ if (myadmin.AdminLoginByAccount(myadmin).Tables[0].Rows.Count > 0) { string newpass = FormsAuthentication.HashPasswordForStoringInConfigFile(new_password.Text, "MD5"); //myadmin.AdminNewPassword = newpass; /*string sqlChangePasswd = "update admin set adminPasswd=@pass where adminName=@name"; * SqlCommand comChangePasswd = new SqlCommand(sqlChangePasswd,con); * comChangePasswd.Parameters.Add(new SqlParameter("pass", SqlDbType.VarChar, 32)); * comChangePasswd.Parameters["pass"].Value = newpass; * comChangePasswd.Parameters.Add(new SqlParameter("name", SqlDbType.VarChar, 32)); * comChangePasswd.Parameters["name"].Value = username.Text; */ //if (comChangePasswd.ExecuteNonQuery() != null) if (myadmin.AdminPasswdChange(myadmin, newpass) == 0) { WebMessageBox.Show("修改成功", "check_userinfo.aspx"); } else { WebMessageBox.Show("修改失败", "passwd_change.aspx"); } } else { WebMessageBox.Show("旧密码错误", "passwd_change.aspx"); } }