NOSRATGOLAB
سه شنبه 14 شهریور 1391, 20:16 عصر
سلام. ببخشید قطعه کد زیر را برای قسمت استاد خودم به یه پروزه اضافه کردم ولی هر چی یوزر پس استاد میزنم میگه اشتباست خواهش میکنم بگید مشکل کجاست نمیدونم کد قسمت استادو درست نوشتم یا نه
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Web.Security;
namespace Test
{
public partial class login : System.Web.UI.Page
{
Functions ff = new Functions();
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["action"] != null)
{
Session.Remove("admin");
Session.Remove("student_id");
Session.Remove("teacher_id");
Response.Redirect("default.aspx");
}
}
}
protected void btnsubmit_Click(object sender, EventArgs e)
{
if (txtuser.Text == "")
{
err0.Text = "نام کاربری خالی است";
return;
}
if (txtpass.Text == "")
{
err1.Text = "کلمه عبور خالی است";
return;
}
string type = Request.QueryString["type"].ToString();
string user = txtuser.Text;
string pass=FormsAuthentication.HashPasswordForStoringInC onfigFile(txtpass.Text, "md5");
SqlConnection co = new SqlConnection(System.Configuration.ConfigurationMa nager.ConnectionStrings["TestDBConnectionString"].ConnectionString);
co.Open();
SqlCommand command = new SqlCommand("select * from student where username=N'"+user+"' and password='"+pass+"'", co);
if (type == "admin")
{
command.CommandText = "select * from admin where admin_pass='" + pass + "'";
}
command.CommandType = CommandType.Text;
var resault = command.ExecuteReader();
if (resault.HasRows)
{
if (type == "admin")
{
Session.Add("admin", "true");
Response.Redirect("admin.aspx");
}
else if (type == "student")
{
string st_id = "";
while (resault.Read())
{
st_id = resault[0].ToString();
}
Session.Add("student_id", st_id);
Response.Redirect("default.aspx");
}
else if (type == "teacher")
{
SqlCommand command1 = new SqlCommand("select * from teacher where username=N'" + user + "' and password='" + pass + "'", co);
command1.CommandType = CommandType.Text;
var resault1 = command1.ExecuteReader();
string te_id = "";
while (resault1.Read())
{
te_id = resault1[0].ToString();
}
Session.Add("teacher_id", te_id);
Response.Redirect("teachers.aspx?id=" + te_id);
}
}
else
{
err1.Text = "کلمه عبور اشتباه است";
}
resault.Close();
}
}
}
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Web.Security;
namespace Test
{
public partial class login : System.Web.UI.Page
{
Functions ff = new Functions();
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Request.QueryString["action"] != null)
{
Session.Remove("admin");
Session.Remove("student_id");
Session.Remove("teacher_id");
Response.Redirect("default.aspx");
}
}
}
protected void btnsubmit_Click(object sender, EventArgs e)
{
if (txtuser.Text == "")
{
err0.Text = "نام کاربری خالی است";
return;
}
if (txtpass.Text == "")
{
err1.Text = "کلمه عبور خالی است";
return;
}
string type = Request.QueryString["type"].ToString();
string user = txtuser.Text;
string pass=FormsAuthentication.HashPasswordForStoringInC onfigFile(txtpass.Text, "md5");
SqlConnection co = new SqlConnection(System.Configuration.ConfigurationMa nager.ConnectionStrings["TestDBConnectionString"].ConnectionString);
co.Open();
SqlCommand command = new SqlCommand("select * from student where username=N'"+user+"' and password='"+pass+"'", co);
if (type == "admin")
{
command.CommandText = "select * from admin where admin_pass='" + pass + "'";
}
command.CommandType = CommandType.Text;
var resault = command.ExecuteReader();
if (resault.HasRows)
{
if (type == "admin")
{
Session.Add("admin", "true");
Response.Redirect("admin.aspx");
}
else if (type == "student")
{
string st_id = "";
while (resault.Read())
{
st_id = resault[0].ToString();
}
Session.Add("student_id", st_id);
Response.Redirect("default.aspx");
}
else if (type == "teacher")
{
SqlCommand command1 = new SqlCommand("select * from teacher where username=N'" + user + "' and password='" + pass + "'", co);
command1.CommandType = CommandType.Text;
var resault1 = command1.ExecuteReader();
string te_id = "";
while (resault1.Read())
{
te_id = resault1[0].ToString();
}
Session.Add("teacher_id", te_id);
Response.Redirect("teachers.aspx?id=" + te_id);
}
}
else
{
err1.Text = "کلمه عبور اشتباه است";
}
resault.Close();
}
}
}