first commit

login.aspx

@@ -0,0 +1,90 @@
+<%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs" Inherits="login" %>
+<%@ Import Namespace="System.Data" %>
+<%@ Import Namespace="System.Data.SqlClient" %>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" >
+<head runat="server">
+    <title>10228 宿舍论坛</title>
+    <link href="images/StyleSheet.css" rel="stylesheet" type="text/css" />
+    <style>
+		*{font-size:13px;}
+		body{text-align:center;padding:10px;}
+		table{border-collapse:collapse;width:300px;background:#fff;margin-top:100px;border:1px solid #000;}
+		th{background:#ffffff;border:1px solid #000;height:25px;}
+		td{border:1px solid #999;padding:3px;}
+		input{width:200px;}
+	</style>
+</head>
+<body>
+    <%
+        if (Request.QueryString["action"] == null)
+        {
+            Response.Write(function.redirect("Default.aspx", ""));
+            Session["login"] = "no";
+        }
+        else
+        {
+
+            if (Request.QueryString["action"].ToString() == "")
+                Response.Write(function.redirect("Default.aspx", ""));
+            if (Request.QueryString["action"].ToString() == "logout")
+            {
+                Session.RemoveAll();
+                Response.Write(function.redirect("login.aspx", "退出登录"));
+            }
+            if (Request.QueryString["action"].ToString() == "login")
+            {
+                if (Request.Form["account"].ToString() == "" || Request.Form["pass"].ToString() == "")
+                    Response.Write(function.redirect("login.aspx", "帐号、密码均不为空"));
+                else
+                {
+                    string sql = "select * from [user] where userid='" + Request.Form["account"].ToString() + "' and password='" + Request.Form["pass"].ToString() + "'";
+                    SqlConnection conn = new SqlConnection("server=localhost\\SQLEXPRESS;database=bbs;Integrated security=true");
+                    SqlCommand comm = new SqlCommand(sql, conn);
+                    conn.Open();
+                    SqlDataReader reader = comm.ExecuteReader();
+                    if (reader.HasRows)
+                    {
+                        reader.Read();
+                        Session["userid"] = reader["userid"].ToString();
+                        Session["username"] = reader["username"].ToString();
+                        Session["lastlogin"] = reader["lastlogin"].ToString().Substring(0, 10);
+                        Session["login"] = "true";
+                        Response.Write(function.redirect("Default.aspx", "登录成功"));
+                    }
+                    else
+                    {
+                        Session["login"] = "no";
+                        Response.Write(function.redirect("login.aspx", "帐号、密码不正确"));
+                    }
+                    reader.Close();
+                    conn.Close();
+                }
+            }
+        }
+            
+     %>
+    <form action="login.aspx?action=login" method="post">
+		<table align="center">
+			<tr>
+				<th colspan="2">登陆</th>
+			</tr>
+			<tr>
+				<td width="50" align="right">帐号:</td>
+				<td><input type="text" name="account" Maxlength="30" value="wxy"/><font color="red">*</font></td>
+			</tr>
+			<tr>
+				<td align="right">密码:</td>
+				<td><input type="password" name="pass" Maxlength="30"/><font color="red">*</font></td>
+			</tr>
+			<tr>
+				<td colspan="2"  align="center">
+					<input type="submit" value="提交" style="width:30%"/>
+					<input type="reset" value="重写" style="width:30%"/>
+				</td>
+			</tr>
+		</table>
+	</form>
+</body>
+</html>