vb.net - VB.net 登录 访问级别 MS 访问
问题描述
所以基本上我希望它有一个用户和管理员访问级别,所以当我在我的表单中单击登录时,它会检查用户名和密码是否设置在管理员上,然后转到管理员表单,然后如果它的用户将转到用户表单.. .我在这里有我的代码,它工作得很好,只是我无法弄清楚系统将如何检查通行证和用户名是用户还是管理员,然后再转到另一个表单这里是代码顺便说一句提前谢谢!
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btLogin.Click
If tbUser.Text = Nothing Or tbPass.Text = Nothing Then
MsgBox("Please Enter Valid Username and Password", MsgBoxStyle.Exclamation)
Else
If connection.State = ConnectionState.Closed Then
connection.Open()
End If
Dim cmd As New OleDbCommand("select count(*) from dbLogin where dbUser=? and dbPass=?", connection)
cmd.Parameters.AddWithValue("@1", OleDbType.VarChar).Value = tbUser.Text
cmd.Parameters.AddWithValue("@2", OleDbType.VarChar).Value = tbPass.Text
Dim count = Convert.ToInt32(cmd.ExecuteScalar())
If (count > 0) Then
MsgBox("Login Succeed", MsgBoxStyle.Information)
Menuvb.Show()
Me.Hide()
Else
MsgBox("Account not Registered", MsgBoxStyle.Critical)
End If
End If
End Sub
解决方案
您应该查看数据库的返回,而不是简单地检查用户是否存在。假设您有一个用户角色字段,例如dbRole
. 您可以使用以下代码:
Dim connectionString As String = "provider=Microsoft.ACE.OLEDB.12.0;data source=" & dbPath
Dim connection As New OleDbConnection(connectionString)
connection.Open()
Dim cmd As New OleDbCommand("", connection)
Dim adapter As New OleDbDataAdapter(cmd)
Dim SQL As String = "SELECT * FROM dbLogin WHERE dbUser = @USER"
adapter.SelectCommand.CommandText = SQL
adapter.SelectCommand.Parameters.Add("@USER", OleDbType.VarChar).Value = userName
Dim dtTbl As New DataTable()
adapter.Fill(dtTbl)
connection.Close()
If (dtTbl.Rows.Count() = 0) Then
' user not found, don't tell your user or they might be able to brute force all valid user names. just say login failed as if the password were wrong.
Else If (dtTbl.Rows.Count() > 1) Then
' db error. user should only appear once
Else
' 1 user found.
Dim row As DataRow = dtTbl.Rows(0)
Dim dbPwd As String = If(IsDBNull(row("dbPass")), String.Empty, row("dbPass").ToString())
Dim dbRole As String = If(IsDBNull(row("dbRole")), String.Empty, row("dbRole").ToString())
'
' Do what you need to do here. (if dbRole = "admin", password check, etc)
End If
Dictionary(Of String, Tuple(Of Object, OleDbType))
拥有一个接受 SQL 查询和 a并为您返回数据表的函数可能是个好主意。
''' <summary>
''' Fills a DataTable from an SQL Query
''' </summary>
''' <param name="SQL">SQL Query, Parameters start with @</param>
''' <param name="parameters">Parameters. Key = parameterName, without @. value = (parameter value, OleDbType)</param>
''' <returns>Filled DataTable</returns>
Public Function QueryDatasource(SQL As String, parameters As Dictionary(Of String, Tuple(Of Object, OleDbType))) As DataTable
Dim ret As DataTable = New DataTable()
Dim cmd As OleDbCommand ' IDbCommand
Dim adapter As OleDbDataAdapter ' IDbDataAdapter
connection.Open() ' connection is an OleDbConnection in class scope here.
cmd = New OleDbCommand("", connection)
adapter = New OleDbDataAdapter(cmd)
adapter.SelectCommand.CommandText = SQL
If (parameters IsNot Nothing) Then
For Each parameterName As String In parameters.Keys
If (SQL.Contains("@" + parameterName)) Then
adapter.SelectCommand.Parameters.Add("@" + parameterName, parameters(parameterName).Item2).Value = parameters(parameterName).Item1
End If
Next
End If
adapter.Fill(ret)
connection.Close()
Return ret
End Function
附带说明:永远不要将密码以明文形式存储在数据库中。使用摘要函数,例如BCrypt。BCrypt-Next 是一个可用于 DotNet 的 nuget,并且易于使用。
推荐阅读
- java - 如何判断一段java代码是否是heap-allocation-free的?
- twilio - 无论实际结果如何,Twilio 始终返回“进行中”
- python - 如何在 python 测试中模拟 subprocess.check_call 异常
- flex-lexer - 设置 %option prefix= 时如何让 automake 识别 flex 生成的非默认文件名
- regex - 如何在标题右侧正则表达式匹配(删除)任意一系列以逗号分隔的两字母语言代码?
- python-3.x - 字典列表:合并、排序和挑选前 (n) 个条目
- sql - 如果不存在,则将 Table1 中的数据插入到 Table2 中,否则更新 table2 中的数据以匹配 Table1。在任何一种情况下,从 Table1 中删除
- asp.net-core - 错误 MSB3644:找不到框架“.NETFramework,Version=v5.0”的参考程序集
- parsing - 找出调用哪个命令的有效方法?
- sql - MS-Access - 根据条件合并两个表之间的数据