0

您对以下函数类有什么改进建议吗?

好的,我如何进行注册会员登录

    HttpCookie LoginInfo = new HttpCookie("LoginInfo");
    LoginInfo.Values["UserName"] = srUserName;
    LoginInfo.Values["Password"] = srPassword;
    LoginInfo.Values["selectedLanguage"] = srSelectedLanguage;
    Response.Cookies.Add(LoginInfo);

在这里我如何检查访问者是否登录

public static void controlOfLoginStatus()
{
    string srQuery = "";
    string srUserName = "";
    string srPassword = "";
    string srLang = "";

    if (HttpContext.Current.Session["UserId"] == null)
    {
        if (HttpContext.Current.Request.Cookies["LoginInfo"] != null)
        {
            try
            {
                srUserName = HttpContext.Current.Request.Cookies["LoginInfo"]["UserName"].ToString();
                srPassword = HttpContext.Current.Request.Cookies["LoginInfo"]["Password"].ToString();
                srLang = HttpContext.Current.Request.Cookies["LoginInfo"]["selectedLanguage"].ToString();
            }
            catch
            {

            }
        }
        string srUserIdTemp = csPublicFunctions.ReturnUserIdUsernamePassword(srUserName, srPassword);
        if (srUserIdTemp == "0")
        {
            HttpContext.Current.Session.Clear();
            HttpContext.Current.Session.Abandon();
            HttpContext.Current.Response.Redirect("Login");
        }
        else
        {
            csPublicFunctions.insertIntoOnlineUsers(srUserIdTemp, HttpContext.Current.Session.SessionID);
            HttpContext.Current.Session["UserId"] = srUserIdTemp;
            if (HttpContext.Current.Session["lang"] == null)
                HttpContext.Current.Session["lang"] = srLang;
        }
    }

    srQuery = "SELECT UserId " +
     " FROM BannedUsers" +
     " WHERE UserId = " + HttpContext.Current.Session["UserId"].ToString();
    using (DataTable dtTemp = DbConnection.db_Select_DataTable(srQuery))
    {
        if (dtTemp.Rows.Count > 0)
        {
            HttpContext.Current.Response.Redirect("exit.aspx");
        }
    }
}

在这里我如何注销

public static void exitLogout()
{
    string srQuery = "delete from OnlineUsers where UserId=" + HttpContext.Current.Session["UserId"].ToString();
    DbConnection.db_Update_Delete_Query(srQuery);

    try
    {
        HttpContext.Current.Session["UserId"] = "0";
        HttpContext.Current.Session.Clear();
        HttpContext.Current.Session.Abandon();
    }
    catch
    {

    }

    try
    {
        HttpCookie LoginInfo = new HttpCookie("LoginInfo");
        LoginInfo.Values["UserName"] = "21412zxcvzxc343245243vvc";
        LoginInfo.Values["Password"] = "21412zxcvzxc343245243vvc";
        LoginInfo.Values["selectedLanguage"] = "en";
        HttpContext.Current.Response.Cookies.Add(LoginInfo);
    }
    catch
    {            
    }
}

csPublicFunctions.ReturnUserIdUsernamePassword使用参数化查询,因此没有 SQL 注入的风险

4

1 回答 1

2

我强烈建议您使用 asp.net FormsAuthentication 和内置的成员资格提供程序。代码将变得更加清晰和标准化。

在你的情况下,我会使用 SqlMembershipProvider。检查此链接

http://bensteinhauser.wordpress.com/2012/07/16/using-the-sqlmembershipprovider/

以下是登录代码示例

var authTicket = new FormsAuthenticationTicket(1, //version
    login.UserName, // user name
    DateTime.Now, //creation
    DateTime.Now.AddMinutes(30), //Expiration
    true, //Persistent
    userId);

    var encTicket = FormsAuthentication.Encrypt(authTicket);
    Response.Cookies.Add(new HttpCookie(FormsAuthentication.FormsCookieName, encTicket));

注销很简单

FormsAuthentication.SignOut();

并且用于检查用户是否仅登录

User.Identity.IsAuthenticated
于 2012-12-30T01:42:03.423 回答