1

我的 sql 数据库中有一个名为“usertype”的表。我的网站有一个注册表单,用户将在其中选择她/他是哪种类型的用户。所以,我想要的是,当登录者的用户类型是用户添加、编辑和删除按钮时,将在网站的教师列表页面中禁用。

单击链接以查看我的用户类型表的外观:

http://i44.tinypic.com/2j34cau.jpg

这是我的 Register.aspx.cs 代码

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;

public partial class Register : System.Web.UI.Page
{

    SqlConnection con = new SqlConnection(Helper.GetConnection());
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            GetUserType();
        }
    }

    void GetUserType()
    {
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "SELECT ID, userType FROM type";
        SqlDataReader dr = cmd.ExecuteReader();
        ddlType.DataSource = dr;
        ddlType.DataTextField = "userType";
        ddlType.DataValueField = "ID";
        ddlType.DataBind();
        con.Close();
    }

    bool IsExisting(string email)
    {
        bool existing = true; //initial Value
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "SELECT userEmail FROM users WHERE userEmail = @userEmail";
        cmd.Parameters.Add("userEmail", SqlDbType.VarChar).Value = email;

        SqlDataReader dr = cmd.ExecuteReader();

        if (dr.HasRows) // record (email Address) is existing
            existing = true;
        else //record is not existing
            existing = false;

        con.Close();
        return existing;
    }

    protected void btnRegister_Click(object sender, EventArgs e)
    {
        if (!IsExisting(txtEmail.Text)) //if email not existing
        {
            con.Open();
            SqlCommand cmd = new SqlCommand();
            cmd.Connection = con;
            cmd.CommandText = "INSERT INTO users VALUES (@TypeID, @userFN, @userLN, @userEmail, @userPassword, @userAddress, @userContact, @userCourse, @userSection, @userSchool)";
            cmd.Parameters.Add("@TypeID", SqlDbType.Int).Value = ddlType.SelectedValue;
            cmd.Parameters.Add("@userFN", SqlDbType.VarChar).Value = txtFN.Text;
            cmd.Parameters.Add("@userLN", SqlDbType.VarChar).Value = txtLN.Text;
            cmd.Parameters.Add("@userEmail", SqlDbType.VarChar).Value = txtEmail.Text;
            cmd.Parameters.Add("@userPassword", SqlDbType.VarChar).Value = Helper.CreateSHAHash(txtPassword.Text);
            cmd.Parameters.Add("@userAddress", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userContact", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userCourse", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userSection", SqlDbType.VarChar).Value = "";
            cmd.Parameters.Add("@userSchool", SqlDbType.VarChar).Value = "";

            cmd.ExecuteNonQuery();
            con.Close();

            string message = "Hello, " + txtFN.Text + " " + txtLN.Text + "! <br />"
                + "<br />You have successfully registered in our website. <br />" + "<br /> Click <a href = 'http://localhost:7773/PROJECT%20%5BWB-DEV1%5D/Login.aspx'>" + "here</a> to login <br /> <br />" + "Regards, <br /> " + "The Administrator";
            Helper.SendEmail(txtEmail.Text, "Registered Successfully", message);

            Response.Redirect("Login.aspx");
        }

        else //error existing
        {
            error.Visible = true;
        }
    }
}

这是 Faculty.aspx.cs

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using System.Data;
using System.Data.SqlClient;

public partial class Faculty : System.Web.UI.Page
{
    SqlConnection con = new SqlConnection(Helper.GetConnection());

    protected void Page_Load(object sender, EventArgs e)
    {
        GetProfessor();
    }
    void GetProfessor()
    {
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "SELECT ProfNo, SchoolID, LastName, FirstName, MI, " +
            "Address, ContactNo, EmailAddress FROM Professor";
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataSet ds = new DataSet();
        da.Fill(ds, "Professor");

        gvProfessor.DataSource = ds;
        gvProfessor.DataBind();
        con.Close();
    }
    protected void gvProfessor_SelectedIndexChanged(object sender, EventArgs e)
    {
        btnEdit.Visible = true;
        btnDelete.Visible = true;
        btnAdd.Visible = true;
    }
    protected void btnDelete_Click(object sender, EventArgs e)
    {
        con.Open();
        SqlCommand cmd = new SqlCommand();
        cmd.Connection = con;
        cmd.CommandText = "DELETE FROM Professor WHERE ProfNo=@ProfNo";
        cmd.Parameters.Add("@ProfNo", SqlDbType.Int).Value =
            gvProfessor.SelectedRow.Cells[0].Text;
        cmd.ExecuteNonQuery();
        con.Close();
        GetProfessor();
    }
    protected void btnEdit_Click(object sender, EventArgs e)
    {
        Session["ID"] = gvProfessor.SelectedRow.Cells[0].Text;
        Response.Redirect("EditFaculty.aspx");
    }
    protected void btnAdd_Click(object sender, EventArgs e)
    {
        Response.Redirect("AddFaculty.aspx");
    }

}

btnAdd、btnEdit、btnDelete 在其为用户时应禁用,在其为管理员时应启用。

我是新手,希望你能帮助我。谢谢!

4

2 回答 2

2

由于您没有提供任何代码,我只能给您伪代码:

protected void Page_Load(object sender, EventArgs e)
{
    if(!IsPostBack)
    {
        // If the user type doesn't equal user, they're enabled
        btnAdd.Enabled = user.Type != "User";
        btnEdit.Enabled = user.Type != "User";
        btnDelete.Enabled = user.Type != "User";
    }
}
于 2013-08-20T17:29:07.277 回答
0

如果您的用户类型作为 ID 存储在数据库中,则处理此问题的最佳方法是创建一个其值与数据库中的 ID 匹配的枚举。枚举看起来像这样。

public enum UserType
{
    Unknown = 0,
    Admin = 1,
    User = 2
}

然后,您的代码将与此类似。

protected void Page_Load(object sender, EventArgs e)
{
    SetButtonsEnabledDisabled(IsAdmin(userType));
}

private bool IsAdmin(int userTypeId)
{
    return userTypeId == (int)UserType.Admin;
}

private void SetButtonsEnabledDisabled(bool isEnabled)
{
    ButtonAdd.Enabled = isEnabled;
    ButtonEdit.Enabled = isEnabled;
    ButtonDelete.Enabled = isEnabled;
}

将您的 ID 存储在一个枚举中是个好主意,如果没有其他原因,只是为了提高代码的可读性。在 Faculty.aspx.cs 中,您需要检查当前登录的用户。无论您是通过查询字符串传递一些值,还是进行额外的数据库调用,我都不会为您构建它。但是一旦你有了这个上下文,你就可以应用它来启用或禁用你的按钮。

另一件需要注意的事情是将数据层代码放在代码后面总是一个坏主意。看看这个 SO answer 的原因。https://stackoverflow.com/a/5318242/1717855

于 2013-08-20T18:35:22.630 回答