时间戳

首页 > 解决方案 > VB.net 登录 访问级别 MS 访问

vb.net - VB.net 登录 访问级别 MS 访问

问题描述

所以基本上我希望它有一个用户和管理员访问级别,所以当我在我的表单中单击登录时,它会检查用户名和密码是否设置在管理员上,然后转到管理员表单,然后如果它的用户将转到用户表单.. .我在这里有我的代码,它工作得很好,只是我无法弄清楚系统将如何检查通行证和用户名是用户还是管理员,然后再转到另一个表单这里是代码顺便说一句提前谢谢!

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btLogin.Click
    If tbUser.Text = Nothing Or tbPass.Text = Nothing Then
        MsgBox("Please Enter Valid Username and Password", MsgBoxStyle.Exclamation)
    Else
        If connection.State = ConnectionState.Closed Then
            connection.Open()
        End If
        Dim cmd As New OleDbCommand("select count(*) from dbLogin where dbUser=? and dbPass=?", connection)
        cmd.Parameters.AddWithValue("@1", OleDbType.VarChar).Value = tbUser.Text
        cmd.Parameters.AddWithValue("@2", OleDbType.VarChar).Value = tbPass.Text
        Dim count = Convert.ToInt32(cmd.ExecuteScalar())

        If (count > 0) Then
            MsgBox("Login Succeed", MsgBoxStyle.Information)
            Menuvb.Show()
            Me.Hide()
        Else
            MsgBox("Account not Registered", MsgBoxStyle.Critical)
        End If
    End If
End Sub

标签: vb.net

解决方案

您应该查看数据库的返回,而不是简单地检查用户是否存在。假设您有一个用户角色字段,例如dbRole. 您可以使用以下代码:

Dim connectionString As String = "provider=Microsoft.ACE.OLEDB.12.0;data source=" & dbPath
Dim connection As New OleDbConnection(connectionString)
connection.Open()
Dim cmd As New OleDbCommand("", connection)
Dim adapter As New OleDbDataAdapter(cmd)

Dim SQL As String = "SELECT * FROM dbLogin WHERE dbUser = @USER"
adapter.SelectCommand.CommandText = SQL
adapter.SelectCommand.Parameters.Add("@USER", OleDbType.VarChar).Value = userName
Dim dtTbl As New DataTable()
adapter.Fill(dtTbl)
connection.Close()

If (dtTbl.Rows.Count() = 0) Then
    ' user not found, don't tell your user or they might be able to brute force all valid user names. just say login failed as if the password were wrong.
Else If (dtTbl.Rows.Count() > 1) Then
    ' db error. user should only appear once
Else
    ' 1 user found.
    Dim row As DataRow = dtTbl.Rows(0)
    Dim dbPwd As String = If(IsDBNull(row("dbPass")), String.Empty, row("dbPass").ToString())
    Dim dbRole As String = If(IsDBNull(row("dbRole")), String.Empty, row("dbRole").ToString())
    '
    ' Do what you need to do here. (if dbRole = "admin", password check, etc)
End If

Dictionary(Of String, Tuple(Of Object, OleDbType))拥有一个接受 SQL 查询和 a并为您返回数据表的函数可能是个好主意。

''' <summary>
''' Fills a DataTable from an SQL Query
''' </summary>
''' <param name="SQL">SQL Query, Parameters start with @</param>
''' <param name="parameters">Parameters. Key = parameterName, without @. value = (parameter value, OleDbType)</param>
''' <returns>Filled DataTable</returns>
Public Function QueryDatasource(SQL As String, parameters As Dictionary(Of String, Tuple(Of Object, OleDbType))) As DataTable

    Dim ret As DataTable = New DataTable()
    Dim cmd As OleDbCommand ' IDbCommand
    Dim adapter As OleDbDataAdapter ' IDbDataAdapter

    connection.Open() ' connection is an OleDbConnection in class scope here.

    cmd = New OleDbCommand("", connection)

    adapter = New OleDbDataAdapter(cmd)
    adapter.SelectCommand.CommandText = SQL

    If (parameters IsNot Nothing) Then
        For Each parameterName As String In parameters.Keys
            If (SQL.Contains("@" + parameterName)) Then
                adapter.SelectCommand.Parameters.Add("@" + parameterName, parameters(parameterName).Item2).Value = parameters(parameterName).Item1
            End If
        Next
    End If

    adapter.Fill(ret)

    connection.Close()
    Return ret
End Function

附带说明:永远不要密码以明文形式存储在数据库中。使用摘要函数,例如BCrypt。BCrypt-Next 是一个可用于 DotNet 的 nuget,并且易于使用。

推荐阅读