2013-04-20 110 views
0

我有了這個代碼中有一個母版:ASP.NET會話保持「0」

<script runat="server"> 



    Protected Sub Page_Load(sender As Object, e As EventArgs) 

     If Session("userid") = Nothing Then 
      txtLoginUser.Visible = True 
      txtLoginPass.Visible = True 

     Else 


      Dim conn As New SqlConnection("Data Source=BRIAN-PC\SQLEXPRESS;Initial Catalog=master_db;Integrated Security=True") 
      Dim useridComm As String = "SELECT name, surname FROM users WHERE [email protected]" 
      Dim sqlUserID As New SqlCommand 

      conn.Open() 

      Dim userid As String = Session("UserID") 

      sqlUserID = New SqlCommand(useridComm, conn) 
      sqlUserID.Parameters.AddWithValue("@userid", Convert.ToInt32(userid)) 
      Dim datareader As SqlDataReader = sqlUserID.ExecuteReader() 

      datareader.Read() 
      If datareader.HasRows Then 



       userid = Session("UserID") 

       lblLoggedIn.Text = "[Welcome, " + datareader("name").ToString() & " " & datareader("surname").ToString() + " ]" 
       txtLoginUser.Visible = False 
       txtLoginPass.Visible = False 
       lblUsername.Visible = False 
       lblRegister.Visible = False 
       btnLogin.Visible = False 
       lblUsername0.Visible = False 


      End If 
      datareader.Close() 
      conn.Close() 

     End If 
    End Sub 

    Protected Sub Button1_Click(sender As Object, e As EventArgs) 

     Dim loginSQL As New SqlCommand 
     Dim loginComm As String 

     Dim CommonFunctions As New CommonFunctions() 
     Dim dec_pass As String = CommonFunctions.EncryptPassword(txtLoginPass.Text.Trim) 

     Dim conn As New SqlConnection("Data Source=BRIAN-PC\SQLEXPRESS;Initial Catalog=master_db;Integrated Security=True") 


     loginComm = "SELECT user_id FROM users WHERE [email protected] and [email protected]" 

     conn.Open() 


     loginSQL = New SqlCommand(loginComm, conn) 
     loginSQL.Parameters.AddWithValue("@username", txtLoginUser.Text.ToString) 
     loginSQL.Parameters.AddWithValue("@password", dec_pass) 
     Dim dr As SqlDataReader = loginSQL.ExecuteReader() 
     dr.Read() 


     If dr.HasRows Then 
      Session("UserID") = dr("user_id") 

     ElseIf dr.HasRows = False Then 

      lblRegister.ForeColor = Drawing.Color.Red 
      lblRegister.Text = "Incorrect Username/Password." 
     End If 


     dr.Close() 
     conn.Close() 

     Response.Redirect("Default.aspx") 

    End Sub 
</script> 

在Button1的單擊腳本應該使用datareader得到USER_ID並創建一個Session("UserID")並將它傳遞給Default.aspxDefault.aspx然後獲得Session("UserID")並搜索具有相同值的user_id,並使用user_roles表檢查角色,如果role_id爲4,則顯示tblAdmin,否則不顯示。

這是Default.aspx的代碼:

Imports System.Data.SqlClient 

Partial Class _Default 
    Inherits System.Web.UI.Page 



    Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load 


     Dim UserID As Integer = Convert.ToInt32(Session("UserID")) 

     Dim conn As New SqlConnection("Data Source=BRIAN-PC\SQLEXPRESS;Initial Catalog=master_db;Integrated Security=True") 
     Dim userTypeCommand As String = "SELECT role_id FROM users_role WHERE [email protected]" 
     Dim userTypeSQL As New SqlCommand 

     conn.Open() 

     Try 

      userTypeSQL = New SqlCommand(userTypeCommand, conn) 
      userTypeSQL.Parameters.AddWithValue("@UserID", UserID) 

      Dim datareader As SqlDataReader = userTypeSQL.ExecuteReader 

      If datareader("role_id").ToString = "4" Then 

       tblAdmin.Enabled = True 
       tblAdmin.Visible = True 

      ElseIf datareader("role_id").ToString IsNot "4" Then 

       tblAdmin.Visible = False 

      End If 



     Catch ex As Exception 



     End Try 


     conn.Close() 


    End Sub 

    Protected Sub btnCreateArticle_Click(sender As Object, e As EventArgs) Handles btnCreateArticle.Click 


     Response.Redirect("addArticle.aspx") 

    End Sub 

    Protected Sub btnAdmin_Click(sender As Object, e As EventArgs) Handles btnAdmin.Click 
     Response.Redirect("Admin.aspx") 
    End Sub 
End Class 

當調試,後我按下「登錄」按鈕的USER_ID(會話(「用戶ID」)保持爲0,用戶的當USER_ID我用來記錄與爲「12」在表中。

我到底做錯了什麼?

我使用ASP.NET/VB.NET和SQL Server 2012

+0

試過嗎? Session(「UserID」)= Convert.ToInt32(dr(「user_id」)) – aliassce 2013-04-20 18:59:58

+0

@aliassce是的,無濟於事。 – Brian 2013-04-20 19:02:18

回答

0

固定它。假如缺少datareader.Read()