<%@ Page Language="C#" AutoEventWireup="true" CodeFile="login.aspx.cs" Inherits="login" %> <%@ Import Namespace="System.Data" %> <%@ Import Namespace="System.Data.SqlClient" %> <% if (Request.QueryString["action"] == null) { Response.Write(function.redirect("Default.aspx", "")); Session["login"] = "no"; } else { if (Request.QueryString["action"].ToString() == "") Response.Write(function.redirect("Default.aspx", "")); if (Request.QueryString["action"].ToString() == "logout") { Session.RemoveAll(); Response.Write(function.redirect("login.aspx", "退出登录")); } if (Request.QueryString["action"].ToString() == "login") { if (Request.Form["account"].ToString() == "" || Request.Form["pass"].ToString() == "") Response.Write(function.redirect("login.aspx", "帐号、密码均不为空")); else { string sql = "select * from [user] where userid='" + Request.Form["account"].ToString() + "' and password='" + Request.Form["pass"].ToString() + "'"; SqlConnection conn = new SqlConnection("server=localhost\\SQLEXPRESS;database=bbs;Integrated security=true"); SqlCommand comm = new SqlCommand(sql, conn); conn.Open(); SqlDataReader reader = comm.ExecuteReader(); if (reader.HasRows) { reader.Read(); Session["userid"] = reader["userid"].ToString(); Session["username"] = reader["username"].ToString(); Session["lastlogin"] = reader["lastlogin"].ToString().Substring(0, 10); Session["login"] = "true"; Response.Write(function.redirect("Default.aspx", "登录成功")); } else { Session["login"] = "no"; Response.Write(function.redirect("login.aspx", "帐号、密码不正确")); } reader.Close(); conn.Close(); } } } %>

登陆
帐号:	*
密码:	*