点跳转时..在config里的用户名能成功..但登录数据库里的user_rule=1的用户名跳转没反应.. protected void Btn_enter_Click(object sender, EventArgs e)
{
String strconn = System.Configuration.ConfigurationManager.AppSettings["asd"];
SqlConnection cn = new SqlConnection(strconn);
cn.Open();
string strsql="select * from user_login where user_name='"+Tbx_username+"'and user_password='"+Tbx_userpwd+"'";
SqlCommand cm = new SqlCommand(strsql, cn);
SqlDataReader dr = cm.ExecuteReader();
if (System.Web.Security.FormsAuthentication.Authenticate(this.Tbx_username.Text, this.Tbx_userpwd.Text))
{ //用户名和密码若在 配置文件web.config中,则进入管理员模块。
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(this.Tbx_username.Text, false);
Response.Redirect("manager/man_login.aspx");
} else if (dr.Read())
{
Session["Suser_name"] = dr["user_name"];
Session["Suser_password"] = dr["user_password"];
Session["Suser_rule"] = dr["user_rule"];
if ((int)Session["Suser_rule"] == 1)
{
Response.Redirect("Default.aspx");
} }
dr.Close();
cn.Close();
}
{
String strconn = System.Configuration.ConfigurationManager.AppSettings["asd"];
SqlConnection cn = new SqlConnection(strconn);
cn.Open();
string strsql="select * from user_login where user_name='"+Tbx_username+"'and user_password='"+Tbx_userpwd+"'";
SqlCommand cm = new SqlCommand(strsql, cn);
SqlDataReader dr = cm.ExecuteReader();
if (System.Web.Security.FormsAuthentication.Authenticate(this.Tbx_username.Text, this.Tbx_userpwd.Text))
{ //用户名和密码若在 配置文件web.config中,则进入管理员模块。
System.Web.Security.FormsAuthentication.RedirectFromLoginPage(this.Tbx_username.Text, false);
Response.Redirect("manager/man_login.aspx");
} else if (dr.Read())
{
Session["Suser_name"] = dr["user_name"];
Session["Suser_password"] = dr["user_password"];
Session["Suser_rule"] = dr["user_rule"];
if ((int)Session["Suser_rule"] == 1)
{
Response.Redirect("Default.aspx");
} }
dr.Close();
cn.Close();
}
{
Response.Redirect("Default.aspx");
}
这个判断通过了么??
通过了应该能跳转啊..
还是你Default.aspx页面的路径不对哈?
else if (dr.Read())
{
Session["Suser_name"] = dr["user_name"];
Session["Suser_password"] = dr["user_password"];
Session["Suser_rule"] = dr["user_rule"];
if ((int)Session["Suser_rule"] == 1)
{
Response.Redirect("Default.aspx");
} }
断点调试,看看这句
另外去看下 sql注入
你的代码很危险
{
Response.Redirect("Default.aspx");
}
2然后看路径是否正确
if (FormsAuthentication.Authenticate(txtUserName.Text,txtPassword.Text))
FormsAuthentication.RedirectFromLoginPage(txtUserName.Text, true);
else Response.Write("");