源代码如下:
using System;
using System.Collections;
using System.ComponentModel;
using System.Configuration;
using System.Data;
using System.Data.OracleClient;
using System.Drawing;
using System.Web;
using System.Web.Security;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Web.UI.HtmlControls;
using System.Text;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string sConfirmCode;
this.Title = "欢迎光临XXXXXXX中心";
if (!IsPostBack)
{
if (Session["UserID"] == null)
{
LabelWelcome.Text = "欢迎光临,请先登陆";
}
//增加了创建验证码得代码 2007-3-1 congcong
sConfirmCode = GetConfirmCode(5);
Session["ConfirmCode"] = sConfirmCode;
Image1.ImageUrl = "ImageConfirmCode.aspx";
// 增加代码结束 2007-3-1 congcong
}
}
protected void ButtonLogin_Click(object sender, EventArgs e)
{
string sUserID, sPassword, sUserName, sUserLvl, sCompany;
//增加了对于验证码得判断 2007-3-1 congcong
string sConfirmCode,sSessionConfirmCode;
sConfirmCode = TextBoxConfirmCode.Text;
sSessionConfirmCode = Session["ConfirmCode"].ToString();
if (sConfirmCode != sSessionConfirmCode)
{
Response.Redirect("错误报告.aspx?ErrorCode=验证码输入错误!请返回,重新输入");
}
// 增加代码结束 2007-3-1 congcong
sUserID = TextBoxUserID.Text;
sPassword = TextBoxUserPassword.Text;
LabelWelcome.Text = sUserID;
string sConnectionString, sSelectCommand;
sConnectionString = ConfigurationManager.ConnectionStrings["OraConnectionString"].ConnectionString;
OracleConnection MyConnection = new System.Data.OracleClient.OracleConnection(sConnectionString);
sSelectCommand = "scott.P_CHECK_USER_PASSWORD";
OracleCommand MyCommand = new OracleCommand();
MyCommand.Connection = MyConnection;
MyCommand.CommandText = sSelectCommand;
MyCommand.CommandType = CommandType.StoredProcedure;
MyCommand.Parameters.Add("vUserID", OracleType.VarChar).Value = sUserID;
MyCommand.Parameters.Add("vUserPassword", OracleType.VarChar).Value = sPassword;
MyCommand.Parameters.Add("vUserlvl", OracleType.VarChar, 1).Direction = ParameterDirection.Output;
MyCommand.Parameters.Add("CountUser", OracleType.Number).Direction = ParameterDirection.Output;
MyCommand.Parameters.Add("vUserName", OracleType.VarChar, 20).Direction = ParameterDirection.Output;
MyCommand.Parameters.Add("vCompany", OracleType.VarChar, 20).Direction = ParameterDirection.Output;
MyCommand.Connection.Open();
MyCommand.ExecuteNonQuery();
if (Convert.ToInt32(MyCommand.Parameters["CountUser"].Value) == 0)
{
Response.Redirect("错误报告.aspx?ErrorCode=5");
return;
}
else if (MyCommand.Parameters["CountUser"].Value == null)
{
Response.Redirect("错误报告.aspx?ErrorCode=6");