步步为营-76-用户登录(Session+Cookie)
说明:cookie是保存在浏览器的.Session是存储在服务器的
1 同样UI页面还是web前端提供
1.1 首先,经过验证码校验:将系统产生的验证码放入到Session中,然后取Session值
注意几点 1:放入Session时需要实现 IRequiresSessionState接口(因为是ashx,一般处理程序)
2:使用前先判断是否为空
3:用完验证码Session值注销(否则会有漏洞)
using System; using System.Collections.Generic; using System.Drawing; using System.Linq; using System.Web; using System.Drawing.Imaging; using System.Web.SessionState; namespace _06_图片处理 { /// <summary> /// ValidateCode 的摘要说明 /// </summary> public class ValidateCode : IHttpHandler,IRequiresSessionState { public void ProcessRequest(HttpContext context) { //01 验证码是图片,所以修改Type context.Response.ContentType = "image/jpeg"; //02 创建画布 Bitmap bm = new Bitmap(70,30); //03 创建绘图工具 Graphics g = Graphics.FromImage(bm); //03-01 设置背景色 g.Clear(Color.Green); //04 准备绘制 string strArry = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; string vCode = string.Empty; Random r = new Random (); for (int i = 0; i < 4; i++) { vCode += strArry[r.Next(strArry.Length)]; } //05 开始绘制 g.DrawString(vCode,new Font (new FontFamily("宋体"),20),new SolidBrush(Color.Red),0,0); //06 保存 bm.Save(context.Response.OutputStream,ImageFormat.Jpeg); //07 将验证码的值写入Session中,方便以后校验 context.Session["ValidateCode"] = vCode; } public bool IsReusable { get { return false; } } } }
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="_04_用户登录_cookie_Session_.Login" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=GBK"> <title>网站管理后台登录 </title> <script src="Script/jquery-1.7.1.min.js"></script> <script> $(function () { $("#changeCode").click(function () { $('#Image1').attr("src", $('#Image1').attr("src") + '1'); }); }) </script> <link href="./网站管理后台登录_files/style.css" rel="stylesheet" type="text/css"> <style type="text/css"> <!-- body { margin-top: 150px; } --> </style> </head> <body> <form name="form1" method="post" action="" id="form1"> <div> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTk5MTEyNDkyMmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFCGJ0bkxvZ2luDPRvv9LGLqiVqStAd5fp6Kr+5/0="> </div> <div> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBQLemczKAwLd+/CSBQK1qbSRCwLChPzDDQKC3IeGDDY6Y328gLlSy6Sd5458JxEqkhYO"> </div> <div> <table width="549" height="287" border="0" align="center" cellpadding="0" cellspacing="0" background="./网站管理后台登录_files/login_bg.jpg"> <tbody> <tr> <td width="23"> <img src="./网站管理后台登录_files/login_leftbg.jpg" width="23" height="287"></td> <td width="503" valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td width="49%" valign="bottom"> <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0"> <tbody> <tr> <td height="100" valign="top" class="login_text"> <div align="left"> 网站后台管理系统 </div> </td> </tr> <tr> <td> <div align="right"> <img src="./网站管理后台登录_files/login_img.jpg" width="104" height="113"></div> </td> </tr> </tbody> </table> </td> <td width="2%"> <img src="./网站管理后台登录_files/login_line.jpg" width="6" height="287"></td> <td width="49%"> <div align="right"> <table width="223" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td> <img src="./网站管理后台登录_files/login_tit.jpg" width="223" height="30"></td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="10" cellpadding="0"> <tbody> <tr> <td width="28%"> <div align="left">用户名:</div> </td> <td width="72%"> <div align="left"> <span class="style1"> <input name="txtClientID" type="text" id="txtClientID" class="form2" style="height: 15px; width: 140px;"> </span> </div> </td> </tr> <tr> <td> <div align="left">密 码:</div> </td> <td> <div align="left"> <span class="style1"> <input name="txtPassword" type="password" id="txtPassword" class="form2" style="height: 15px; width: 140px;"></span> </div> </td> </tr> <tr> <td> <div align="left">验证码:</div> </td> <td> <div align="left"> <img id="Image1" src="./网站管理后台登录_files/ValidateCode.ashx?1" style="border-width: 0px;"> <a href="#" id="changeCode">换一张</a> </div> </td> </tr> <tr> <td> <div align="left">验证码:</div> </td> <td> <div align="left"> <span class="style1"> <input name="txtCode" type="text" size="8" id="txtCode" class="form2" style="height: 15px;"></span> </div> </td> </tr> </tbody> </table> </td> </tr> <tr> <td align="center"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td> <div align="center"><a href="http://www.800kb.com/ClientManager/#"></a></div> </td> <td> <div align="center"> <input type="image" name="btnLogin" id="btnLogin" src="./网站管理后台登录_files/login_menu2.jpg" style="border-width: 0px;"><a href="Login.aspx.cs"></a> </div> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </div> </td> </tr> </tbody> </table> </td> <td width="23"> <img src="./网站管理后台登录_files/login_rigbg.jpg" width="23" height="287"></td> </tr> </tbody> </table> </div> </form> </body> </html>
using NewsBLL; using NewsModel; using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; namespace _04_用户登录_cookie_Session_ { public partial class Login : System.Web.UI.Page { UserInfoBll bll = new UserInfoBll(); UserInfo userInfo = new UserInfo(); protected void Page_Load(object sender, EventArgs e) { //01 判断get请求还是post请求 if (Request["txtCode"] != null) { //02 检查验证码是否正确 if (CheckValidateCode()) { //03 检查用户名 密码是否正确 //03-01 获取用户名和密码 string userName = Request["txtClientID"]; string userPwd = Request["txtPassword"]; //03-02 根据用户名获取用户信息 int userId; if (int.TryParse(userName, out userId)) { userInfo = bll.GetUserInfoByUserId(userId); if (userInfo != null) { if (userInfo.UserPwd == userPwd) { Response.Write("登录成功"); } else { Response.Write("密码错误"); } } else { Response.Write("用户不存在"); } } else { Response.Write("用户名为数字"); } } else { Response.Write("验证码不正确"); } } } #region 01 检查验证码 private bool CheckValidateCode() { //01-01 获取验证码的值,将系统产生的验证码放入到Session中,然后取Session值 //注意两点 1:放入Session时需要实现 IRequiresSessionState接口(因为是ashx,一般处理程序) //注意两点 2:用完验证码Session值注销(否则会有漏洞) if (Session["ValidateCode"] == null) { return false; } string validateCode = Session["ValidateCode"].ToString(); //01-02 获取文本框中输入的值 string vCode = Request["txtCode"]; //01-03 判断是否相等 if (vCode.Equals(validateCode, StringComparison.InvariantCultureIgnoreCase)) { //使用后注销session值 Session["ValidateCode"] = null; return true; } else { return false; } } #endregion } }
1.2 如果登录成功,创建session,跳转到ShowUserInfo界面
Session["UserInfo"] = userInfo;
Response.Redirect("ShowUserInfo.aspx");
1.3 为了防止用户直接通过地址访问,所以进入ShowUserInfo等界面时需要判断Session值
using NewsModel; using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; namespace _04_用户登录_cookie_Session_ { public partial class ShowUserInfo : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { //判断Session["userInfo"]是否为空 if (Session["userInfo"] == null) { Response.Redirect("Login.aspx"); } else { Response.Write("欢迎" + ((UserInfo)Session["userInfo"]).UserName+"登录本系统"); } } } }
1.4 但是如果以后每个页面都需要做同样的验证,会出现大量重复代码,而且一旦需求变更,不利于系统维护,
封装一个类,继承Page类=>添加Page_Init(object sender,EventArgs e)方法 进行Session校验.
注意:Page_Init 这里用到了页面生命周期大致分为:页请求=>启动=>初始化=>加载=>执行=>呈现=>卸载 等周期
我们在aspx.cs 中写的代码是在加载阶段Page_Load();而Page_Init是在初始化阶段.
using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Web.UI; namespace NewsCommon { public class CheckSession:Page { public void Page_Init(object sender,EventArgs e) { //判断Session["userInfo"]是否为空 if (Session["userInfo"] == null) { Response.Redirect("Login.aspx"); } } } }
1.5 同时,ShowUserInfo页面继承CheckSession
using NewsCommon; using NewsModel; using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; namespace _04_用户登录_cookie_Session_ { public partial class ShowUserInfo : CheckSession { protected void Page_Load(object sender, EventArgs e) { //判断Session["userInfo"]是否为空==通过NewsCommon中的CheckSession校验 Response.Write("欢迎" + ((UserInfo)Session["userInfo"]).UserName+"登录本系统"); } } }
1.6 另外添加"记住我"和退出功能==多值cookie 41行和95行
1 using NewsBLL; 2 using NewsModel; 3 using System; 4 using System.Collections.Generic; 5 using System.Linq; 6 using System.Web; 7 using System.Web.UI; 8 using System.Web.UI.WebControls; 9 10 namespace _04_用户登录_cookie_Session_ 11 { 12 public partial class Login : System.Web.UI.Page 13 { 14 UserInfoBll bll = new UserInfoBll(); 15 public UserInfo userInfo = new UserInfo(); 16 protected void Page_Load(object sender, EventArgs e) 17 { 18 //01 判断get请求还是post请求 19 if (Request["txtCode"] != null) 20 { 21 //02 检查验证码是否正确 22 if (CheckValidateCode()) 23 { 24 //03 检查用户名 密码是否正确 25 //03-01 获取用户名和密码 26 string userName = Request["txtClientID"]; 27 string userPwd = Request["txtPassword"]; 28 //03-02 根据用户名获取用户信息 29 int userId; 30 if (int.TryParse(userName, out userId)) 31 { 32 userInfo = bll.GetUserInfoByUserId(userId); 33 if (userInfo != null) 34 { 35 if (userInfo.UserPwd == userPwd) 36 { 37 //01 登录成功,创建session 38 Session["UserInfo"] = userInfo; 39 //02 判断是否选中"记住我1周"的cookie判断 40 //写入cookie====多值cookie 41 if (Request["Remember"] == "on") 42 { 43 Response.Cookies["userInfo"]["UserId"] = userInfo.UserId.ToString(); 44 Response.Cookies["userInfo"]["UserName"] = userInfo.UserName; 45 Response.Cookies["userInfo"]["UserPwd"] = userInfo.UserPwd; 46 Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(7); 47 48 } 49 //删除cookie 50 if (Request["Forget"] == "on") 51 { 52 Session["UserInfo"] = null; 53 Response.Cookies["userInfo"].Expires = DateTime.Now.AddDays(-7); 54 Response.Write("退出成功,Session值已清除,cookie值已清除"); 55 //程序不再往下走 56 Response.End(); 57 58 } 59 //03跳转页面 60 Response.Redirect("ShowUserInfo.aspx"); 61 } 62 else 63 { 64 Response.Write("密码错误"); 65 } 66 } 67 else 68 { 69 Response.Write("用户不存在"); 70 } 71 72 } 73 else 74 { 75 Response.Write("用户名为数字"); 76 } 77 78 79 } 80 else 81 { 82 Response.Write("验证码不正确"); 83 } 84 } 85 else 86 { 87 //get 请求 88 //01 判断Session值是否存在 89 if ( Session["UserInfo"]!= null) 90 { 91 //如果 Session["UserInfo"]存在,直接进行跳转 92 Response.Redirect("ShowUserInfo.aspx"); 93 } 94 //02 判断Cookie值是否存在 95 if ((Request.Cookies["userInfo"]) != null) 96 { 97 userInfo.UserId = Convert.ToInt32(Request.Cookies["userInfo"]["UserId"]); 98 userInfo.UserName = Request.Cookies["userInfo"]["UserName"]; 99 userInfo.UserPwd = Request.Cookies["userInfo"]["UserPwd"]; 100 } 101 } 102 } 103 104 #region 01 检查验证码 105 private bool CheckValidateCode() 106 { 107 //01-01 获取验证码的值,将系统产生的验证码放入到Session中,然后取Session值 108 //注意两点 1:放入Session时需要实现 IRequiresSessionState接口(因为是ashx,一般处理程序) 109 //注意两点 2:用完验证码Session值注销(否则会有漏洞) 110 if (Session["ValidateCode"] == null) 111 { 112 return false; 113 } 114 string validateCode = Session["ValidateCode"].ToString(); 115 //01-02 获取文本框中输入的值 116 string vCode = Request["txtCode"]; 117 118 //01-03 判断是否相等 119 if (vCode.Equals(validateCode, StringComparison.InvariantCultureIgnoreCase)) 120 { 121 //使用后注销session值 122 Session["ValidateCode"] = null; 123 return true; 124 } 125 else 126 { 127 return false; 128 } 129 130 } 131 #endregion 132 133 134 } 135 }
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs" Inherits="_04_用户登录_cookie_Session_.Login" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=GBK"> <title>网站管理后台登录 </title> <script src="Script/jquery-1.7.1.min.js"></script> <script> $(function () { $("#changeCode").click(function () { $('#Image1').attr("src", $('#Image1').attr("src") + '1'); }); }) </script> <link href="./网站管理后台登录_files/style.css" rel="stylesheet" type="text/css"> <style type="text/css"> <!-- body { margin-top: 150px; } --> </style> </head> <body> <form name="form1" method="post" action="" id="form1"> <div> <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTk5MTEyNDkyMmQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFCGJ0bkxvZ2luDPRvv9LGLqiVqStAd5fp6Kr+5/0="> </div> <div> <input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBQLemczKAwLd+/CSBQK1qbSRCwLChPzDDQKC3IeGDDY6Y328gLlSy6Sd5458JxEqkhYO"> </div> <div> <table width="549" height="287" border="0" align="center" cellpadding="0" cellspacing="0" background="./网站管理后台登录_files/login_bg.jpg"> <tbody> <tr> <td width="23"> <img src="./网站管理后台登录_files/login_leftbg.jpg" width="23" height="287"></td> <td width="503" valign="top"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td width="49%" valign="bottom"> <table width="90%" border="0" align="center" cellpadding="0" cellspacing="0"> <tbody> <tr> <td height="100" valign="top" class="login_text"> <div align="left"> 网站后台管理系统 </div> </td> </tr> <tr> <td> <div align="right"> <img src="./网站管理后台登录_files/login_img.jpg" width="104" height="113"> </div> </td> </tr> </tbody> </table> </td> <td width="2%"> <img src="./网站管理后台登录_files/login_line.jpg" width="6" height="287"></td> <td width="49%"> <div align="right"> <table width="223" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td> <img src="./网站管理后台登录_files/login_tit.jpg" width="223" height="30"></td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="10" cellpadding="0"> <tbody> <tr> <td width="28%"> <div align="left">用户名:</div> </td> <td width="72%"> <div align="left"> <span class="style1"> <input name="txtClientID" type="text" id="txtClientID" value="<%=userInfo.UserId %>" class="form2" style="height: 15px; width: 140px;"> </span> </div> </td> </tr> <tr> <td> <div align="left">密 码:</div> </td> <td> <div align="left"> <span class="style1"> <input name="txtPassword" type="password" id="txtPassword" value="<%=userInfo.UserPwd %>" class="form2" style="height: 15px; width: 140px;"></span> </div> </td> </tr> <tr> <td> <div align="left">验证码:</div> </td> <td> <div align="left"> <img id="Image1" src="./网站管理后台登录_files/ValidateCode.ashx?1" style="border-width: 0px;"> <a href="#" id="changeCode">换一张</a> </div> </td> </tr> <tr> <td> <div align="left">验证码:</div> </td> <td> <div align="left"> <span class="style1"> <input name="txtCode" type="text" size="8" id="txtCode" class="form2" style="height: 15px;"></span> </div> </td> </tr> <tr> <td> <div align="left"> <input type="checkbox" id="Forget" name="Forget" />退出 </div> </td> <td> <div align="left"> <input type="checkbox" id="Remember" name="Remember" />记住我1周</div> </td> </tr> </tbody> </table> </td> </tr> <tr> <td align="center"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tbody> <tr> <td> <div align="center"><a href="http://www.800kb.com/ClientManager/#"></a></div> </td> <td> <div align="center"> <input type="image" name="btnLogin" id="btnLogin" src="./网站管理后台登录_files/login_menu2.jpg" style="border-width: 0px;"><a href="Login.aspx.cs"></a> </div> </td> </tr> </tbody> </table> </td> </tr> </tbody> </table> </div> </td> </tr> </tbody> </table> </td> <td width="23"> <img src="./网站管理后台登录_files/login_rigbg.jpg" width="23" height="287"></td> </tr> </tbody> </table> </div> </form> </body> </html>
