麻烦高手帮我解决下这个问题 关于MD5的问题
本帖最后由 imiles 于 2013-03-30 12:19:00 编辑 我是个新手,MD5功能已经实现,但是登陆的时候,无法进行密码转换,我把代码展示出来,请各位高手帮我看看!
这个是login.aspx.cs的页面
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data;
using System.Data.SqlClient;
using System.Web.Security;
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack == false)
if (Response.Cookies["PrevUser"] != null)
TextBoxUser.Text = Response.Cookies["PrevUser"].Value;
}
protected void ButtonLogin_Click(object sender, EventArgs e)
{
if(CheckBoxRember.Checked==true)
{
Response.Cookies["PrevUser"].Value=TextBoxUser.Text;
Response.Cookies["PrevUser"].Expires = DateTime.Now.AddDays(7);
}
string checkCode = Session["CheckCode"].ToString();
if (TextBoxCheckCode.Text != checkCode)
{
Response.Write("<script>alert('验证码输入错误!')</script>");
return;
}
SqlConnection con = new SqlConnection("server=(local);database=DaRen;uid=sa;pwd=123;");
con.Open();
string userName, userPass;
userName = TextBoxUser.Text.Replace("'", "''");
userPass = TextBoxPassword.Text.Replace("'", "''");
String sqlStr = "select count(*) from [user] where userName='" + userName
+ "'and userPass='" + userPass + "'";
SqlCommand com = new SqlCommand(sqlStr, con);
com.Parameters.AddWithValue("@name", TextBoxUser.Text);
com.Parameters.AddWithValue("@pass", FormsAuthentication.HashPasswordForStoringInConfigFile(TextBoxPassword.Text, "MD5"));
int result=(int)com.ExecuteScalar();
if (result>0)
{Response.Redirect("Default.aspx");
}
else
{Response.Write("<script>alert('用户名或密码错误!')</script>");
}
con.Close();
}
protected void LinkButtonRegister_Click(object sender, EventArgs e)
{
Response.Redirect("Register.aspx");
}
}
这个是register.aspx.cs的页面
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data;
using System.Data.SqlClient;
using System.Web.Security;
public partial class Register : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void ButtonRegister_Click(object sender, EventArgs e)
{
if (SearchUserName(TextBoxUserName.Text)==false)
{
string userName = TextBoxUserName.Text;
string userPass =FormsAuthentication.HashPasswordForStoringInConfigFile(TextBoxUserPass.Text,"MD5");
string userPassAgain = TextBoxUserPassAgain.Text;
string nickName = TextBoxNickName.Text;
string sex = RadioButtonListSex.SelectedValue;
string phone = TextBoxPhone.Text; string email = TextBoxEmail.Text; string city = TextBoxCity.Text;
string question = TextBoxQuestion.Text;
string answer = TextBoxAnswer.Text;
SqlConnection con = new SqlConnection("server=(local);database=DaRen;uid=sa;pwd=123;");
con.Open();
string sqlins = "insert into [user](userName,userPass,nickName,sex,phone,email,city,question,answer)values(" +
"@userName,@userPass,@nickName,@sex,@phone,@email,@city,@question,@answer)";
SqlCommand com = new SqlCommand(sqlins, con);
com.Parameters.AddWithValue("@userName", userName); com.Parameters.AddWithValue("@userPass", userPass);
com.Parameters.AddWithValue("@nickName", nickName); com.Parameters.AddWithValue("@sex", sex);
com.Parameters.AddWithValue("@phone", phone); com.Parameters.AddWithValue("@email", email);
com.Parameters.AddWithValue("@city", city); com.Parameters.AddWithValue("@question", question);
com.Parameters.AddWithValue("@answer", answer);
if (com.ExecuteNonQuery() > 0)
{
Response.Write("<script>alert('会员注册成功!');location='Login.aspx'</script>");
TextBoxUserName.Text = TextBoxUserPass.Text = TextBoxUserPassAgain.Text = TextBoxNickName.Text = TextBoxPhone.Text = "";
TextBoxEmail.Text = TextBoxCity.Text = TextBoxQuestion.Text = TextBoxAnswer.Text = "";
}
else
Response.Write("<script>alert('会员注册失败!')</script>");
}
else
Response.Write("<script>alert('该会员名已注册,请更换!')</script>");
}
protected void ButtonReturn_Click(object sender, EventArgs e)
{
Response.Redirect("Login.aspx");
}
protected bool SearchUserName(string userName)
{
SqlConnection con = new SqlConnection("server=(local);database=DaRen;uid=sa;pwd=123;");
con.Open();
string sqlsel = "select count(*) from[user] where userName=@userName";
SqlCommand com = new SqlCommand(sqlsel, con);
com.Parameters.AddWithValue("@userName", userName);
int result = (int)com.ExecuteScalar();
con.Close();
if (result > 0)
return true;
else
return false;
}
protected void TextBoxUserName_TextChanged(object sender, EventArgs e)
{
if (SearchUserName(TextBoxUserName.Text)==true)
LabelUserNameExist.Text="该会员已被注册,请更换!";
else
LabelUserNameExist.Text="该会员可以注册!";
}
}
[解决办法]
例如你注册的时候密码是123
数据库里存123转换后的MD5密码
登陆的时候 例如你输入的是1234,那就获取1234对应的MD5跟数据库做对比
需要做什么转换
------解决方案--------------------
没有看你的代码。太多,而且这种东西也不用看你的代码。这需要先掌握基本的逻辑设计思路。
当最终用户从页面上输入123的时候,你的asp.net需要计算其md5值(例如“软件名称+用户名+用户邮件地址+123+开发者名称+321”得到一个字符串,并且要求这个字符串不大于300个字节,再计算md5)。
你的asp.net需要根据123计算其md5值,然后跟服务器里边上一次(注册时)计算出来的md5值比较,如果一样,就说明123是对的。如果不一样,就说明123是错的。
既然以前能够得到md5值并且保存到数据库,那么这个程序就不需要什么别的“转换”,调用之前的那个计算md5方法就行了。