请帮我看一下
我制作了一个登录界面,想实现以下验证功能, 登录者必须填入正确的用户名和密码,还有下拉菜单中要选择和用户名对应的部门名称时,才允许登录,任何一个错误都不允许登录。
用户名:______
密码:________
下拉菜单:(给了几个部门选择,比如,采购部、结算部,人力部等等,各个部门的值输入如:0000,0002,0003等等)
我在数据库中都已经把用户名和密码和部门数据都做好了。只要其他人输入就可以了。
我的数据库表假如如下:
数据库表:id password buid
a001 123456 0000
a002 654321 0002
如何去做这个三方判断呢?本人实在很菜,用DWR8的用户验证功能只能够实现 user,password两个选项的验证,麻烦大家在我下面的代码修改一下应该如何去实现我要的效果,麻烦拉。完成结分。谢谢啦。
<%@LANGUAGE="VBSCRIPT"%>
<!--#include file="Connections/hhd.asp" -->
<%
Dim Recordset1
Dim Recordset1_numRows
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_hhd_STRING
Recordset1.Source = "SELECT * FROM dbo.userid"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 1
Recordset1.Open()
Recordset1_numRows = 0
%>
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <>"" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername=CStr(Request.Form("id"))
If MM_valUsername <> "" Then
MM_fldUserAuthorization=""
MM_redirectLoginSuccess="new.asp"
MM_redirectLoginFailed="wro.html"
MM_flag="ADODB.Recordset"
set MM_rsUser = Server.CreateObject(MM_flag)
MM_rsUser.ActiveConnection = MM_hhd_STRING
MM_rsUser.Source = "SELECT bmid, password"
If MM_fldUserAuthorization <> "" Then MM_rsUser.Source = MM_rsUser.Source & "," & MM_fldUserAuthorization
MM_rsUser.Source = MM_rsUser.Source & " FROM dbo.userid WHERE bmid='" & Replace(MM_valUsername,"'","''") &"' AND password='" & Replace(Request.Form("passworda"),"'","''") & "'"
MM_rsUser.CursorType = 0
MM_rsUser.CursorLocation = 2
MM_rsUser.LockType = 3
MM_rsUser.Open
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And false Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
[解决办法]
LZ不是刚刚发了一帖么。。关于验证部门的。
<%id=request.form("id")buid=request.form("buid")'这里接收你登陆页面传过来的员工部门的值set rs2=Server.CreateObject("ADODB.Recordset") sql2 = "select buid from dbo.userid where bmid='" & Replace(MM_valUsername,"'","''")"rs2.open sql2,hhd,1,1buid2=rs2("buid2") '获取你的表中的该员工的部门值if buid<>buid2 then '拿你页面传过来的部门值和该员工应该属于的部门值比较response.write("你不属于该部门")endif%>