<%@ Page Language="C#" AutoEventWireup="true" CodeFile="Default.aspx.cs" Inherits="_Default" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
用户名:
<asp:TextBox ID="tb_username" runat="server"></asp:TextBox>
<br />
<br />
密 码:
<asp:TextBox ID="tb_password" runat="server" TextMode="Password"></asp:TextBox>
<br />
<br />
<asp:Label ID="error" runat="server" Text="" style="color:red"></asp:Label>
<br />
<br />
<asp:Button ID="Button1" runat="server" onclick="Button1_Click" Text="登 陆" />
</form>
</body>
</html>
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
/* 练习: 用户表增加一个级别字段,只有登妹用户才能下载images下的图片文件(session中标识是否登陆)
* 如查用户没有登陆则首先重定向到登录界面让用户登录
* 用户登妹成功则跳转到下载列表页面,下载链接固定写好即可,如果登录用户是普通用户则在图片左上角加上"免费用户试用"的字样
*
*
*/
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string _username = tb_username.Text;
string _password = tb_password.Text;
if (_username != "" && _password != "")
{
//string[] info = this.Db_GetUsersByusername(_username);
//SqlDataReader userinfo = this.Db_GetUsersByusername(_username);
//string myusername = userinfo.GetString(userinfo.GetOrdinal("username"));
//Console.Write(myusername);
/*string myusername = userinfo.GetString(userinfo.GetOrdinal("username"));
string mypasswrd = userinfo.GetString(userinfo.GetOrdinal("password"));
Response.Write("提交成功!");
Console.Write("用户名:"+myusername+", 密码为:"+mypasswrd);*/
DataTable table = this.Db_GetUsersByusername(_username);
if (table.Rows.Count == 1)
{
/*Response.Write("一共有多少行数据: " + table.Rows.Count);
DataRow row = table.Rows[0];
string name = Convert.ToString(row["username"]);
Response.Write("用户名:" + name);*/
//error.Text = "用户名存在";
//error.Visible = false;
//判断密码是否正确
DataRow row = table.Rows[0];
string name = Convert.ToString(row["username"]);
string password = Convert.ToString(row["password"]);
Int64 uid = Convert.ToInt64(row["id"]);
//int errornumber = 0;
//if (row["errornumber"] != DBNull.Value)
//errornumber =
//DateTime errortime = 0;
// Convert.IsDBNull(row["errortime"])
//int? errornumber = ;
//DateTime? errortime = Convert.ToDateTime(row["errortime"]);
//Response.End();
if (Convert.IsDBNull(row["errortime"]) != true && Convert.IsDBNull(row["errornumber"]) != true)
{
int errornumber = Convert.ToInt32(row["errornumber"]);
DateTime errortime = Convert.ToDateTime(row["errortime"]);
//计算当前时间和上次错误时间之间差的分钟数
double span = (DateTime.Now - errortime).TotalMinutes;
if (errornumber > 5 & span <= 30)
{
error.Text = "错误次数过多,30分钟后再重试!";
error.Visible = true;
return;
}
}
if (password == _password)
{
Session["islong"] = true;
Session["uid"] = uid;
Response.Redirect("DownloadList.htm");
}else {
//增加防暴力,重复错误5次,就锁定帐户半个小时(错误次数,上次错误时间)
bool result = this.Db_UpdateErrorById(_username);
if (result == true)
{
error.Text = "操作成功 密码错误!";
}
else {
error.Text = "操作失败 密码错误!";
}
error.Visible = true;
}
}else {
error.Text = "用户名不存在";
error.Visible = true;
}
}
}
public bool Db_UpdateErrorById(string username)
{
DataSet dataset = new DataSet();
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=E:\MyProjects\C#net传智播客\第十一节asp.net中级\10图片权限控制\App_Data\Database.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
string daytime = DateTime.Now.ToString();
cmd.CommandText = "update T_Users SET errornumber = errornumber + 1, errortime='" + daytime + "' WHERE username='"+username+"'";
//cmd.Parameters.Add(new SqlParameter("_username", username));
//我日啊,用Sqlparameter今天晚上就是执行不过去
//cmd.Parameters.Add(new SqlParameter("iusername", username));
int val = cmd.ExecuteNonQuery();
if (val == 1)
return true;
else
return false;
}
}
}
//取得用户名是否存在函数, 返回一个数组
//public string[] Db_GetUsersByusername(string username)
public DataTable Db_GetUsersByusername(string username)
{
//string[] info = new string[2]; //定义一个长度为2的字符串数组,来保存用户名和密码
//SqlDataReader reader;
DataSet dataset = new DataSet();
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=E:\MyProjects\C#net传智播客\第十一节asp.net中级\10图片权限控制\App_Data\Database.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * FROM T_Users where username=@username";
cmd.Parameters.Add(new SqlParameter("username",username));
//DataSet dataset = new DataSet();
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
adapter.Fill(dataset);
return dataset.Tables[0];
//using (SqlDataReader reader = cmd.ExecuteReader())
//{
//if (reader.Read())
//{
//string _username = reader.GetString(reader.GetOrdinal("username"));
//string _passwrd = reader.GetString(reader.GetOrdinal("password"));
//info[0] = _username;
//info[1] = _passwrd;
//return reader;
//}
//}
}
}
//return dataset;
//return reader;
//return info;
}
}
<%@ WebHandler Language="C#" Class="DownloadPic" %>
using System;
using System.Web;
using System.Web.SessionState;
using System.Data.SqlClient;
using System.Data;
using System.Drawing;
using System.Drawing.Imaging;
using System.Web.SessionState;
public class DownloadPic : IHttpHandler, IRequiresSessionState {
public void ProcessRequest (HttpContext context) {
//context.Response.ContentType = "text/plain";
//context.Response.Write("Hello World");
//bool islong = bool(context.Session["islong"]);
if (context.Session["islong"] == null)
{
context.Response.Redirect("Default.aspx"); //如果没有登陆,直接跳回页面
}
else {
string picname = context.Request["picname"];
int userId = Convert.ToInt32(context.Session["uid"]);
DataTable table = this.Db_GetUsersByusername(userId);
//context.Response.End();
context.Response.ContentType = "image/JPEG";
string encodeFileName = HttpUtility.UrlEncode(picname);
//context.Response.AddHeader("Content-Disposition", string.Format("attachment; filename=\"{0}\"", encodeFileName));
if (table.Rows.Count == 1)
{
DataRow row = table.Rows[0];
int level = (int)row["level"];
string username = (string)row["username"];
if (level == 1) //正式会员
{
context.Response.WriteFile(picname);
}
else { //普通会员
using (Bitmap bitmap = new Bitmap(context.Server.MapPath(picname)))
{
using (Graphics g = Graphics.FromImage(bitmap))
{
g.DrawString("免费用户试用-" + username, new Font("宋体", 20), System.Drawing.Brushes.Green, new System.Drawing.PointF(0, 0));
}
bitmap.Save(context.Response.OutputStream, System.Drawing.Imaging.ImageFormat.Jpeg);
}
}
}
}
}
//取得用户名是否存在函数, 返回一个数组
public DataTable Db_GetUsersByusername(Int64 userid)
{
DataSet dataset = new DataSet();
using (SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=E:\MyProjects\C#net传智播客\第十一节asp.net中级\10图片权限控制\App_Data\Database.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * FROM T_Users where id=@userid";
cmd.Parameters.Add(new SqlParameter("userid", userid));
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
adapter.Fill(dataset);
return dataset.Tables[0];
}
}
}
public bool IsReusable {
get {
return false;
}
}
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
<script type="text/javascript">
var leftSeconds = 4;
setInterval(function(){
if(leftSeconds <= 0)
{
window.location.href="Default.aspx";
}
document.getElementById("leftDiv").innerText = leftSeconds;
leftSeconds --;
},1000);
</script>
</head>
<body>
请先登录,页面将在3秒以后转向登录页面!如果您想立即进入登录页面,请<a href="Default.aspx">点击这里</a><br />
还有<div id="leftDiv"></div>秒
</body>
</html>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<a href="DownloadPic.ashx?picname=1.jpg">1</a><br />
<a href="DownloadPic.ashx?picname=2.jpg">2</a><br />
<a href="DownloadPic.ashx?picname=3.jpg">3</a><br />
</body>
</html>