0
我正在開發使用ASP.NET 4.0,C#和SQL Server 2008的網站。在我的登錄頁面中,同一用戶在註冊時應多次登錄。在他的'我-I'註冊後,用戶將等待管理員批准。在「僅限管理員審批」後,用戶可以重定向到「Step-II」註冊頁面。所以我寫下如下代碼。但是根據我的代碼,如果沒有管理員批准,當用戶第二次登錄時,頁面會重定向到「第二步」註冊。如何預防它?需要幫忙。登錄頁面邏輯錯誤
protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
{
SqlConnection SqlCon = new SqlConnection(GetConnectionString());
try
{
var da1 = new SqlDataAdapter
("select * from User_Info2 where Vendor_ID ='" + txtHomeUsername.Text.Trim() + "'
AND User_Password='" + txtHomePassword.Text.Trim() + "'", SqlCon);
var dt1 = new DataTable();
da1.Fill(dt1);
if (dt1.Rows.Count == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert",
"alert('Enter valid Vendor ID and Password');", true);
}
else
{
var da2 = new SqlDataAdapter
("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"'
AND Approval_Status='NO' OR Approval_Status='PEN'", SqlCon);
var dt2 = new DataTable();
da2.Fill(dt2);
if (dt2.Rows.Count > 0)
{
string url = "../ApprovalStatus2.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text);
ClientScript.RegisterStartupScript(this.GetType(),
"callfunction","alert('Vendor ID is waiting for Approval');
window.location.href = '" + url + "';", true);
}
var da3 = new SqlDataAdapter
("select Vendor_ID from RegPage1 where Vendor_ID='" + txtHomeUsername.Text.Trim() + "'",SqlCon);
var dt3 = new DataTable();
da3.Fill(dt3);
if (dt3.Rows.Count > 0)
{
string url = "../UserLogin.aspx";
ClientScript.RegisterStartupScript(this.GetType(),"callfunction","alert
('Vendor ID already completed the registration');window.location.href ='" + url + "';", true);
}
else
{
Response.Redirect("~/RegPage1.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text));
}
}
}
finally
{
SqlCon.Close();
}
FYI您的腳本很容易出現SQL注入 – Curt
代碼是完全脆弱... –