using System;
using System.Web;
using System.Data;
using System.Web.SessionState;
public class login : IHttpHandler,System.Web.SessionState.IRequiresSessionState
{
public void ProcessRequest (HttpContext context) {
//1.接收用户的输入
string name = context.Request.Form["username"];
string pwd = context.Request.Form["userpwd"];
//判断验证码是否相同
//防止注入式攻击
//2.去数据库中验证是否可以登录
string sql = "select id,name,pwd,limit from admins where name='" + name + "'and pwd='" + pwd + "'";
DataSet ds = DBHelper.getDataSet(sql);
//3.判断成功与否
int cnt = ds.Tables[0].Rows.Count;
if (cnt != 1)
{
context.Response.Write("<script>alert('登录失败!')</script>");
context.Response.Redirect("~/login.html");
}
else
{//成功
//留下登录信息,留在request/session/application:session
context.Session["userId"] = ds.Tables[0].Rows[0]["id"].ToString();
context.Session["userName"] = name;
context.Session["userLimit"] = ds.Tables[0].Rows[0]["limit"].ToString();
//跳转到后台管理主页面
context.Response.Redirect("main.aspx");
}
}
public bool IsReusable {
get {
return false;
}
}
}