網站登錄頁面無效

Question

好吧。我對於我的生活無法弄清楚爲什麼登錄頁面代碼不起作用。也許我錯過了什麼。如果你需要完整的源代碼，我很樂意給它。我試圖讓用戶名與列表比較，找到它的密碼，然後與文本框中的密碼進行比較。那麼如果密碼匹配。重定向到帳戶頁面。

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.UI; 
using System.Web.UI.WebControls; 
using System.Data.SqlClient; 
using System.Configuration; 
namespace Vanguardian_Tournaments 
{ 
    public partial class Login : System.Web.UI.Page 
    { 
     protected void Page_Load(object sender, EventArgs e) 
     { 

     } 

     protected void LoginBTN_Click(object sender, EventArgs e) 
     { 
      SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString); 
      conn.Open(); 
      string ckUser = "Select Count(*) from UserData where CFAName = '" + LoginTB.Text + "'"; 
      SqlCommand cfaComm = new SqlCommand(ckUser, conn); 
      int temp = Convert.ToInt32(cfaComm.ExecuteScalar().ToString()); 
      conn.Close(); 
      if (temp == 1) 
      { 

       conn.Open(); 
       string ckPass = "Select Password from UserData where CFAName = '" + LoginTB.Text + "'"; 
       SqlCommand PassComm = new SqlCommand(ckPass, conn); 
       string password = PassComm.ExecuteScalar().ToString().Replace(" ", ""); 
       conn.Close(); 
       if (password == LoginPassTB.Text) 
       { 
        Session["Login"] = LoginTB.Text; 
        Response.Redirect("Account.aspx"); 
       } 
       else 
       { 
        LoginLbl.Text = "CFA Name or Password is incorrect"; 
       } 
      } 
      else 
      { 
       LoginLbl.Text = "CFA Name does not exist"; 
      } 

     } 
    } 
} 

Answer 1

您是否在if語句上放置了斷點並檢查temp的值？這可能是你的代碼永遠不會進入if塊。你是否也使用asp.net提供的登錄控件？如果是的話，你不能以這種方式進行，你需要遵循以下步驟：

http://msdn.microsoft.com/en-us/library/vstudio/ms178329%28v=vs.100%29.aspx

Answer 2

請訪問此鏈接。它會給你一些想法，黑客如何從你的登錄信息中獲取信息以進行查詢 https://community.devexpress.com/blogs/donw/archive/2014/10/06/best-practices-building-secure-web-applications-with-devexpress-part-1.aspx