0
我正在开发使用ASP.NET 4.0,C#和SQL Server 2008的网站。在我的登录页面中,同一用户在注册时应多次登录。在他的'我-I'注册后,用户将等待管理员批准。在“仅限管理员审批”后,用户可以重定向到“Step-II”注册页面。所以我写下如下代码。但是根据我的代码,如果没有管理员批准,当用户第二次登录时,页面会重定向到“第二步”注册。如何预防它?需要帮忙。登录页面逻辑错误
protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
{
SqlConnection SqlCon = new SqlConnection(GetConnectionString());
try
{
var da1 = new SqlDataAdapter
("select * from User_Info2 where Vendor_ID ='" + txtHomeUsername.Text.Trim() + "'
AND User_Password='" + txtHomePassword.Text.Trim() + "'", SqlCon);
var dt1 = new DataTable();
da1.Fill(dt1);
if (dt1.Rows.Count == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert",
"alert('Enter valid Vendor ID and Password');", true);
}
else
{
var da2 = new SqlDataAdapter
("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"'
AND Approval_Status='NO' OR Approval_Status='PEN'", SqlCon);
var dt2 = new DataTable();
da2.Fill(dt2);
if (dt2.Rows.Count > 0)
{
string url = "../ApprovalStatus2.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text);
ClientScript.RegisterStartupScript(this.GetType(),
"callfunction","alert('Vendor ID is waiting for Approval');
window.location.href = '" + url + "';", true);
}
var da3 = new SqlDataAdapter
("select Vendor_ID from RegPage1 where Vendor_ID='" + txtHomeUsername.Text.Trim() + "'",SqlCon);
var dt3 = new DataTable();
da3.Fill(dt3);
if (dt3.Rows.Count > 0)
{
string url = "../UserLogin.aspx";
ClientScript.RegisterStartupScript(this.GetType(),"callfunction","alert
('Vendor ID already completed the registration');window.location.href ='" + url + "';", true);
}
else
{
Response.Redirect("~/RegPage1.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text));
}
}
}
finally
{
SqlCon.Close();
}
FYI您的脚本很容易出现SQL注入 – Curt
代码是完全脆弱... –