0

我被告知要为管理员建立一个网站来为用户创建调查。注册后,管理员/用户将获得一个唯一的UserID。(我已将 用户 ID的“身份规范”设置为“是”,因此它会自动递增。)

登录到管理员帐户后......他们将被引导到CreateSurvey页面,其中有标签和文本框,可将以下('SurveyID'、'SurveyName'、'CreatedBy'和'DateCreated')输入数据库点击提交按钮后。

我需要将管理员的UserID设置为“CreatedBy”,这样管理员就不必输入他们的UserID了。

如何捕获当前登录的管理员用户 ID 以将其设置为“CreatedBy”?

登录页面:

protected void btnSubmit_Click(object sender, EventArgs e)
{
    Session["name"] = txtBoxName.Text;
    Session["password"] = txtBoxPassword.Text;

    string name = txtBoxName.Text;
    string password = txtBoxPassword.Text;
    string admin = "";

    Boolean check = checkuser(name, password, ref admin);

    if (check == true)
    {
        if (admin.ToLower() == "admin")
        {
            string url = string.Format("~/Admin/Admin.aspx?name={0}", txtBoxName.Text);
            Response.Redirect(url);
        }
        else
        {
            string url = string.Format("~/User/SurveyWorks.aspx?name={0}", txtBoxName.Text);
            Response.Redirect(url);
        }
    }
    else
    {
        ShowAlert("Please try again!");
    }
}

public Boolean checkuser(string name, string password, ref string checkAdmin)
{
    Boolean check = false;
    SqlConnection connection = new SqlConnection();
    connection.ConnectionString =
    @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\SurveyFdBk_DB.mdf;Integrated Security=True;User Instance=True";


    var comd = connection.CreateCommand();
    try
    {
        connection.Open();
        comd.CommandText = "SELECT UserID, Name, Role FROM Users WHERE Name = '" + name + "' and Password = '" + password + "'";
        SqlDataReader dr = comd.ExecuteReader();

        if (dr.Read())
        {
            checkAdmin = dr["Role"].ToString();
            Session["UserID"] = dr["UserID"].ToString();
            Session["Name"] = dr["Name"].ToString();
            check = true;
        }

        else
        {
            check = false;
        }
    }
    finally
    {
        connection.Close();
    }

    return check;
}

注册页面:

protected void btnSubmitRegistration_Click(object sender, EventArgs e)
{
    SqlConnection connection = null;
    SqlCommand command = null;

    try
    {
        string connectionString = ConfigurationManager.ConnectionStrings["SurveyFdDBConnString"].ConnectionString;
        connection = new SqlConnection(connectionString);
        connection.Open();
        string type = lblMsg.Text;

        string sql = "Insert into Users (Name, Company, Password, Role, DateCreated) Values " + "(@Name, @Company, @Password, @Role, @DateCreated)";
        command = new SqlCommand(sql, connection);
        command.Parameters.AddWithValue("@Name", txtBoxName.Text);
        command.Parameters.AddWithValue("@Company", txtBoxCompany.Text);
        command.Parameters.AddWithValue("@Role", txtBoxRole.Text);
        command.Parameters.AddWithValue("@Password", txtBoxPassword.Text);
        command.Parameters.AddWithValue("@DateCreated", DateTime.Now);

        if (!string.IsNullOrEmpty(txtBoxName.Text))
        {
            SqlConnection conn = new SqlConnection();
            conn.ConnectionString =
            @"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\SurveyFdBk_DB.mdf;Integrated Security=True;User Instance=True";

            conn.Open();
            SqlCommand cmd = new SqlCommand("select Name from Users where Name= @Name", conn);
            cmd.Parameters.AddWithValue("@Name", txtBoxName.Text);
            SqlDataReader dr = cmd.ExecuteReader();

            int rowCount = command.ExecuteNonQuery();

            if (dr.HasRows)
            {
                ShowAlert("Username Taken");
            }

            else if (rowCount != 0)
            {
                Response.Write("Registration Success.<br/>");
            }

            conn.Close();
        }
    }


    catch (Exception ex)
    {
        Response.Write("Error: " + ex.Message);
    }


    finally
    {
        if (connection != null)
            connection.Close();

        txtBoxName.Text = string.Empty;
        txtBoxCompany.Text = string.Empty;
    }
}

创建调查页面:

protected void btnCreateSurvey_Click(object sender, EventArgs e)
{
    SqlConnection connection = null;
    SqlCommand command = null;

    try
    {
        string connectionString = ConfigurationManager.ConnectionStrings["SurveyFdDBConnString"].ConnectionString;
        connection = new SqlConnection(connectionString);
        connection.Open();

        string sql = "Insert into Survey (SurveyID, SurveyName, CreatedBy, DateCreated, Anonymous) Values " + "(@SurveyID, @SurveyName, @CreatedBy, @DateCreated, @Anonymous)";
        command = new SqlCommand(sql, connection);
        command.Parameters.AddWithValue("@SurveyID", txtBoxSurveyID.Text);
        command.Parameters.AddWithValue("@SurveyName", txtBoxSurveyName.Text);
        command.Parameters.AddWithValue("@CreatedBy", txtBoxCreatedBy.Text);
        command.Parameters.AddWithValue("@DateCreated", DateTime.Now);
        command.Parameters.AddWithValue("@Anonymous", txtBoxAnonymous.Text);

        int rowCount = command.ExecuteNonQuery();

        if (rowCount != 0)
        {
            Response.Write("Survey created successfully.<br/>");
            Response.Redirect("~/Admin/SetSurveyQuestions.aspx");
        }
    }

    catch (Exception ex)
    {
        Response.Write("Error: " + ex.Message);
    }

    finally
    {
        connection.Close();
        txtBoxSurveyID.Text = string.Empty;
        txtBoxSurveyName.Text = string.Empty;
        txtBoxAnonymous.Text = string.Empty;
    }
}
4

2 回答 2

0

您首先如何验证管理员身份?

如果您使用 Windows 或 Forms 身份验证,您应该能够使用:

User.Identity.Name

获取当前用户名。

于 2013-11-05T03:37:01.340 回答
0

您可以使用 session 来存储 UserID。

// To save UserID in session
Session.Add("userID", "123");
// or
Session["userID"] = "123";

// Get UserID from session
string userID = (string)(Session["userID"]);

// Remove from session
Session.Remove("userID");
于 2013-11-05T03:23:05.613 回答