如何在2种不同条件下登录?

本文介绍了如何在2种不同条件下登录?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

任何人都可以HLP吗? 如何使用2种不同的登录条件登录? 1.输入正确的电子邮件时，错误的密码，应显示无效的用户名和密码". 2.当我们输入错误的电子邮件&错误的密码显示请注册以登录" ... 代码:

Hi, Can anyone hlp? How to do login with 2 different cnditions? 1.when we enter proper email & wrong password it should show "Invalid Username & password". 2.when we enter just wrong email & wrong password it shold show "Please register to login"... code:

protected void ImageButton1_Click5(object sender, ImageClickEventArgs e) { if (cn.State == ConnectionState.Closed) { cn.Open(); } //int chkusers; string loginemailid, password; string fuid = null; loginemailid = txtusername.Text.Trim(); password = txtpw.Text.Trim(); Session["username"] = loginemailid; Session["password"] = password; //cn.Open(); SqlCommand cmd = new SqlCommand("select loginemailid,password from tbl_register where loginemailid='" + txtusername.Text + "' and password='" + txtpw.Text + "'", cn); SqlDataReader dr = cmd.ExecuteReader(); if (dr.HasRows) { while (dr.Read()) { loginemailid = dr["loginemailid"].ToString(); password = dr["password"].ToString(); string userid = mydac.findid(fuid, loginemailid, password); Response.Redirect("Home.aspx?userid=" + userid); } dr.Close(); } else { lblmsg.Text = "Invalid Username and Password"; } }

推荐答案

这种方法有很多问题. 1)您不应报告其他错误-如果这样做，它会告诉顽皮的人他们具有有效的用户ID，但密码错误. 2)我什至可以不尝试绕过您的密码检查！如果可以的话，任何人都可以！使用参数化查询，否则您的数据库将受到SQL注入攻击的威胁，该攻击可能会损坏或破坏它. 3)切勿以明文形式存储密码-这是主要的安全隐患.这里有一些有关如何执行此操作的信息:密码存储:如何进行 [ ^ ] There are so many things wrong with that approach. 1) You shouldn''t report different errors - if you do, it tells the naughty peoiple thjat they have a valid user id, but a bad password. 2) I could bypass your password checking without even trying! And if I can, anyone can! Use parametrized queries, or your database is at risk from an SQL Injection attack which could damage or destroy it. 3) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

你好， 试试这个 Hi sat, try this static int loginfail = 0; if (dr.HasRows) { //do something } else { lblmsg.Text = "Invalid Username and Password"; loginfail++; } if(loginfail==3) { lblmsg.Text = "Please register to Login; }

我想到了一些事情:

• 根据您的代码，您将密码存储为纯文本格式，这非常糟糕并且存在很高的安全风险.您应该(最好)使用加盐的哈希值(最好)使用加密的值.我只建议后者，前提是要求用户可以检索密码，并且我甚至建议不要这样做.
• 请考虑使用提供程序进行身份验证和授权:已经完成了您正在做的工作. SqlMemberShip和角色提供程序将立即完成您想要做的事情(观看此视频 [ ^ ]).如果需要，您可以编写自己的提供程序或子类化现有提供程序(观看此视频 [ ^ ])
A few things spring to mind:
• According to your code, you are storing passwords in plain text, this is extremely bad and poses a high security risk. You should (best) use a salted hash or (less good) use encrypted values. I would only suggest the latter if it is mandated somewhere that users should be able to retrieve their passwords, and I would even advise against this as a requirement
• Please consider using the providers for authentication and authorisation: the already do the work you are doing. The SqlMemberShip and role providers will do pretty much what you want out of the box(See this video[^]). If you need to, you can write your own providers or subclass existing ones (See this video[^])