main入口里有如下代码: static void Main()
{
//Application.EnableVisualStyles();
//Application.SetCompatibleTextRenderingDefault(false);
//Application.Run(new Form1());
login LoginForm = new login();
if (LoginForm.ShowDialog() == DialogResult.OK)
{
Application.Run(new Form1());//打开主窗口
}
if (LoginForm.ShowDialog() == DialogResult.Cancel)
{
Application.Exit();
}
}
登陆窗口的部分代码如下: private void enterBtn_Click(object sender, EventArgs e)
{
using (SqlConnection cn = new SqlConnection(mysettings.Localsql))
{
cn.Open();
string sql = "select * from tuser where username = '" + usernameBox.Text.Trim() + "' and password = '" + getof(passwordBox.Text.Trim()) + "'";
SqlCommand cmd = new SqlCommand(sql, cn);
try
{
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
//MessageBox.Show("登陆成功", "友情提示");
this.DialogResult = DialogResult.OK;
}
else
{
MessageBox.Show("昵称与密码不符,请重新输入", "友情提示");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "友情提示");
}
}
}
/// <summary>返回md5值</summary>
/// <param name="mystring">要转换的md5值的字符串</param>
public string getof(string mystring)
{
MD5 md5 = new MD5CryptoServiceProvider();
byte[] fromdata = System.Text.Encoding.Unicode.GetBytes(mystring);
byte[] targetdata = md5.ComputeHash(fromdata);
string byte2string = null; for (int i = 0; i < targetdata.Length; i++)
{
byte2string += targetdata[i].ToString("x");
} return byte2string;
}现在的问题是,要点击登陆窗体里的“退出”按钮两次才会退出整个程序。还有一个问题,我数据库里的帐号密码是在asp.net2.0页面经过md5加密生成的密码,代码如下:FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text.ToString().Trim(), "MD5")同样是使用c# 2.0的MD5加密,怎么web生成的密码和winform生成的密码不一样呢?这个问题要怎么解决呢?
{
//Application.EnableVisualStyles();
//Application.SetCompatibleTextRenderingDefault(false);
//Application.Run(new Form1());
login LoginForm = new login();
if (LoginForm.ShowDialog() == DialogResult.OK)
{
Application.Run(new Form1());//打开主窗口
}
if (LoginForm.ShowDialog() == DialogResult.Cancel)
{
Application.Exit();
}
}
登陆窗口的部分代码如下: private void enterBtn_Click(object sender, EventArgs e)
{
using (SqlConnection cn = new SqlConnection(mysettings.Localsql))
{
cn.Open();
string sql = "select * from tuser where username = '" + usernameBox.Text.Trim() + "' and password = '" + getof(passwordBox.Text.Trim()) + "'";
SqlCommand cmd = new SqlCommand(sql, cn);
try
{
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
//MessageBox.Show("登陆成功", "友情提示");
this.DialogResult = DialogResult.OK;
}
else
{
MessageBox.Show("昵称与密码不符,请重新输入", "友情提示");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "友情提示");
}
}
}
/// <summary>返回md5值</summary>
/// <param name="mystring">要转换的md5值的字符串</param>
public string getof(string mystring)
{
MD5 md5 = new MD5CryptoServiceProvider();
byte[] fromdata = System.Text.Encoding.Unicode.GetBytes(mystring);
byte[] targetdata = md5.ComputeHash(fromdata);
string byte2string = null; for (int i = 0; i < targetdata.Length; i++)
{
byte2string += targetdata[i].ToString("x");
} return byte2string;
}现在的问题是,要点击登陆窗体里的“退出”按钮两次才会退出整个程序。还有一个问题,我数据库里的帐号密码是在asp.net2.0页面经过md5加密生成的密码,代码如下:FormsAuthentication.HashPasswordForStoringInConfigFile(password.Text.ToString().Trim(), "MD5")同样是使用c# 2.0的MD5加密,怎么web生成的密码和winform生成的密码不一样呢?这个问题要怎么解决呢?
if (LoginForm.ShowDialog() == DialogResult.OK)
{
Application.Run(new Form1());//打开主窗口
}
else
//if (LoginForm.ShowDialog() == DialogResult.Cancel) // 这里又一次ShowDialog()当然就问两次了。
{
Application.Exit();
}你这种代码要是放在WEB上,就会被SQL注入。
string sql = "select * from tuser where username = '" + usernameBox.Text.Trim() + "' and password = '" + getof(passwordBox.Text.Trim()) + "'";HashPasswordForStoringInConfigFile()是怎么写的?
public static string HashPasswordForStoringInConfigFile(string password, string passwordFormat)
{
HashAlgorithm algorithm;
if (password == null)
{
throw new ArgumentNullException("password");
}
if (passwordFormat == null)
{
throw new ArgumentNullException("passwordFormat");
}
if (StringUtil.EqualsIgnoreCase(passwordFormat, "sha1"))
{
algorithm = SHA1.Create();
}
else
{
if (!StringUtil.EqualsIgnoreCase(passwordFormat, "md5"))
{
throw new ArgumentException(SR.GetString("InvalidArgumentValue", new object[] { "passwordFormat" }));
}
algorithm = MD5.Create();
}
return MachineKeySection.ByteArrayToHexString(algorithm.ComputeHash(Encoding.UTF8.GetBytes(password)), 0);
}与你的MD5散列不同之处在于:algorithm.ComputeHash(Encoding.UTF8.GetBytes(password)),你用Unicode来GetBytes,而HashPasswordForStoringInConfigFile用UTF8来GetBytes。最后,你的getof函数中:
byte2string += targetdata[i].ToString("x");
应该改为:
byte2string += targetdata[i].ToString("x2");下次如果要知道微软是怎么实现.NET Class Library的,可以使用.NET Reflector这个工具,具体怎么用,到网上翻一下吧。这个工具是.NET开发人员必不可少的一个工具了。传说在发布VS2008的同时.NET Framework的好些类都开源了,但我没有去找过源代码。你也可以试试。
public string getof(string mystring)
{
MD5 md5 = new MD5CryptoServiceProvider();
byte[] fromdata = System.Text.Encoding.Unicode.GetBytes(mystring);
byte[] targetdata = md5.ComputeHash(fromdata);
string byte2string = null; for (int i = 0; i < targetdata.Length; i++)
{
byte2string += targetdata[i].ToString("x");
} return byte2string;
}也放到web里,但得出来还是不一样的密码,直到照2楼的把x改成x2就OK了。