protected void input_sub_Click(object sender, EventArgs e)
{
string name = db.HtmlToTxt(input_name.Text.Trim());
string pwd = db.HtmlToTxt(input_pwd.Text.Trim());
string ip = System.Web.HttpContext.Current.Request.UserHostAddress;
string md5pwd = MD5(pwd).Substring(5);
db.open();
string strall = "select sw_UserName,sw_state from sw_manage where sw_UserName='" + name + "' and sw_UserPassWord='" + md5pwd + "'";
SqlDataReader sdr = db.sqlcommand(strall).ExecuteReader();
if (sdr.Read())
{
int state = (int)sdr[1];
if (state != 1)
{
Response.Write("<script>alert('账户未被激活,请与管理员联系!');</script>");
}
else
{
string aut = sdr[0].ToString();
HttpCookie cookie = new HttpCookie("userName", aut);
Response.Cookies.Add(cookie);
sdr.Close();
string str = "update sw_manage set sw_logintime=GETDATE(),sw_loginIp='" + ip + "' where sw_UserName='" + name + "' and sw_UserPassWord='" + md5pwd + "'";
db.checksql(str);
db.close();
Response.Redirect("main.aspx#");
}
}
else
{
Response.Write("<script>alert('用户名或密码错误!');</script>");
txtPwdwm.Text = "";
sdr.Close();
db.close();
}
}
sql语句查询是有记录的,