我正在vb.net上的网站上实施注册流程。我已经将INSERT用户详细信息的sql编写到我的数据库中,包括随机字符串作为验证码。然后通过验证链接向用户发送电子邮件。该链接有一个查询,即验证码。从该链接,用户被定向到具有on_load事件的页面,该事件检查来自查询字符串的代码在数据库中是否相同。每次我测试它时,用户都会被引导回Default页面,这意味着查询字符串验证码与数据库中的不同。请有人告诉我我的代码有什么问题。我怀疑有一些明显的错误但我对sql很新,所以不确定为什么它不起作用。
将注册输入详细信息添加到数据库并通过电子邮件发送验证链接的代码(在使用随机字符串更新数据库之后:
Imports System.Net
Imports System.Net.Mail
Imports System.Data.SqlClient
Imports System.Collections.Generic
Partial Class Account_Register
Inherits System.Web.UI.Page
Protected Sub RegisterWizard_FinishButtonClick(ByVal sender As Object, ByVal e As System.Web.UI.WebControls.WizardNavigationEventArgs) Handles RegisterWizard.FinishButtonClick
'ADD NEW USER ACCOUNT DETAILS TO USER DATABASE --------------------------------------------------
Dim oPath As String = Server.MapPath("~/app_data/databaseX.mdb")
Dim oReader As System.Data.OleDb.OleDbDataReader = Nothing
Dim oConnection As System.Data.OleDb.OleDbConnection = Nothing
If Not agreeTerms.Checked Then
agreeTerms.ForeColor = Drawing.Color.Red
Return
ElseIf Page.IsValid Then
Dim Letters As New List(Of Integer)
'add ASCII codes for numbers
For i As Integer = 48 To 56
Letters.Add(i)
Next
'lowercase letters
For i As Integer = 97 To 122
Letters.Add(i)
Next
'uppercase letters
For i As Integer = 65 To 90
Letters.Add(i)
Next
'select 8 random integers from number of items in Letters
'then convert those random integers to characters and
'add each to a string and display in Textbox
Dim Rnd As New Random
Dim SB As New System.Text.StringBuilder
Dim Temp As Integer
For count As Integer = 1 To 8
Temp = Rnd.Next(0, Letters.Count)
SB.Append(Chr(Letters(Temp)))
Next
Dim oUserId As Integer = 0
Dim oName As String = txtName.Text
Dim oUserName As String = txtUsername.Text
Dim oPassword As String = txtpsswrd.Text
Dim oActiveAcc As String = "Yes"
Dim oVerCode As String = SB.ToString
Dim oVerUser As String = "No"
Dim ologged As String = "No"
Dim oOrg As String = txtorganiz.Text
Dim oTel As String = txttelephone.Text
Dim oEmail As String = txtEmail.Text
Dim oTown As String = Txttown.Text
Dim oRegStart As String = Date.Today
Dim oSubscribedUser As String = "No"
oConnection = New System.Data.OleDb.OleDbConnection(String.Format("Provider=Microsoft.Jet.OLEDB.4.0; Data Source={0}; Jet OLEDB:Database Password=xxxxxxxxx", oPath))
oConnection.Open()
Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")
Dim cmd As New SqlCommand
Dim oCommandSession As New System.Data.OleDb.OleDbCommand("INSERT INTO Users ([Name], Username, [Password], ActiveAccount, VerificationCode, VerifiedUser, LoggedIn, Organisation, Telephone, email, Town, RegistryStart, SubscribedUser)" & _
"VALUES (oName, oUserName, oPassword, oActiveAcc, oVerCode, oVerUser, ologged, oOrg, oTel, oEmail, oTown, oRegStart, oSubscribedUser)", oConnection)
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oName", oName))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oUserName", oUserName))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oPassword", oPassword))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oActiveAcc", oActiveAcc))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oVerCode", oVerCode))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oVerUSer", oVerUser))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@ologged", ologged))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oOrg", oOrg))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oTel", oTel))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oEmail", oEmail))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oTown", oTown))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oRegStart", oRegStart))
oCommandSession.Parameters.Add(New System.Data.OleDb.OleDbParameter("@oSubscribedUser", oSubscribedUser))
oCommandSession.ExecuteNonQuery()
If Not oConnection Is Nothing Then
If oConnection.State = Data.ConnectionState.Open Then
oConnection.Close()
End If
End If
'SEND REGISTERATION CONFIRMATION EMAIL TO USER ------------------------------------
Dim oReciever As String = txtEmail.Text
Dim mm As New MailMessage("xxxxx@shippingresources.net", oReciever)
mm.Subject = "Registeration complete : Shipping Resources.net"
mm.Body = "<table align='center' width='70%' cellpadding='10' style='text-align: center; border: 3px solid #3366cc; background: #4576ea; color: #333'>" & _
"<tr><td colspan='2' style='background: #3366cc'><img src='http://www.shippingresources.net/Imgs/TitleBanner.png' width='100%' /></td></tr>" & _
"<tr><td colspan='2' style='text-align: left; text-indent: 50px'>Hello " & txtName.Text & ",</td></tr>" & _
"<tr><td colspan='2' style='font-size: 28px; padding: 10px auto 10px auto'><b>You're nearly there. You now just need to click the below link to verify your account</b></td></tr>" & _
"<tr><td colspan='2'><a href='http://www.shippingresources.net/Account/VerifyAccount.aspx?id=oVerCode'>Verify account.</a></td></tr>" & _
"<tr><td colspan='2' style='height: 80px'></td></tr>" & _
"<tr><td colspan='2' style='background: #3366cc'>© Shippingresources.net 2013 <img src='http://www.shippingresources.net/Imgs/logosmall.png' style='position: relative; top: 8px' /></td></tr>" & _
"</table>"
mm.IsBodyHtml = True
Dim smtp As New SmtpClient()
smtp.Host = "mail.shippingresources.net"
smtp.EnableSsl = False
Dim NetworkCred As New System.Net.NetworkCredential()
NetworkCred.UserName = "xxxxxxxxx@shippingresources.net"
NetworkCred.Password = "xxxxxxxxxx"
smtp.UseDefaultCredentials = True
smtp.Credentials = NetworkCred
smtp.Send(mm)
Response.Redirect("~/Default.aspx")
End If
End Sub
End Class
页面VerifyAccount.aspx后面的代码检查te随机代码(oVerCode)是否与数据库中的相同,并将数据库列“VerifiedUser”更新为“是”:
Imports System.Data.SqlClient
Imports System.Collections.Generic
Partial Class VerAccount
Inherits System.Web.UI.Page
Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
Dim VerifyAccount As String = Request.QueryString("id")
Dim oPath As String = Server.MapPath("app_data/databaseX.mdb")
Dim oValid As Boolean = False
Dim oReader As System.Data.OleDb.OleDbDataReader = Nothing
Dim oConnection As System.Data.OleDb.OleDbConnection = Nothing
Try
oConnection = New System.Data.OleDb.OleDbConnection(String.Format("Provider=Microsoft.Jet.OLEDB.4.0; Data Source={0}; Jet OLEDB:Database Password=xxxxxxxx", oPath))
oConnection.Open()
Dim ipAddress As String = Request.ServerVariables("REMOTE_ADDR")
Dim cmd As New SqlCommand
Dim oParams As New List(Of System.Data.OleDb.OleDbParameter)
oParams.Add(New System.Data.OleDb.OleDbParameter("@VerificationCode", VerifyAccount))
Dim oCommand As New System.Data.OleDb.OleDbCommand( _
"SELECT VerificationCode FROM Users " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommand.Parameters.AddWithValue("?", VerifyAccount)
oReader = oCommand.ExecuteReader()
If oReader.Read() Then
oValid = True
Dim oVerCode = oReader.GetString(oReader.GetOrdinal("VerificationCode"))
End If
Catch ex As Exception
Finally
If Not oReader Is Nothing Then
If Not oReader.IsClosed Then
oReader.Close()
End If
oReader = Nothing
End If
End Try
If oValid Then
Dim oUserVerified As String = "Yes"
Dim oCommandSession As New System.Data.OleDb.OleDbCommand( _
"UPDATE Users SET VerifiedUser = ? " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommandSession.Parameters.AddWithValue("?", oUserVerified)
oCommandSession.Parameters.AddWithValue("?", VerifyAccount)
oCommandSession.ExecuteNonQuery()
Response.Redirect("~/Account/RegistrationComplete.aspx")
Else
Response.Redirect("~/Account/VerificationFailed.aspx")
End If
If Not oConnection Is Nothing Then
If oConnection.State = Data.ConnectionState.Open Then
oConnection.Close()
End If
End If
End Sub
End Class
非常感谢任何帮助:)
答案 0 :(得分:0)
使用参数查询的满分。您只需要稍微清理一下代码。
首先,在Jet / ACE OLEDB中,参数纯粹是位置。我们可以给它们命名,但名称会被忽略:重要的是参数是按照它们在CommandText中出现的确切顺序定义的。通常我们只使用?
作为参数占位符。
所以,在你的第一个案例中,试试
Dim oCommand As New System.Data.OleDb.OleDbCommand( _
"SELECT VerificationCode FROM Users " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommand.Parameters.AddWithValue("?", VerifyAccount)
oReader = oCommand.ExecuteReader()
[旁注:如果oReader.Read()
返回True
,那么您不需要从OleDbDataReader中检索值,因为您已经拥有它。 (您只是将它用作WHERE子句的参数。)]
然后,稍后使用类似
的内容Dim oUserVerified As String = "Yes"
Dim oCommandSession As New System.Data.OleDb.OleDbCommand( _
"UPDATE Users SET VerifiedUser = ? " & _
"WHERE VerificationCode = ?", _
oConnection)
oCommandSession.Parameters.AddWithValue("?", oUserVerified)
oCommandSession.Parameters.AddWithValue("?", VerifyAccount)
oCommandSession.ExecuteNonQuery()
答案 1 :(得分:0)
两者都感谢。有两个问题,首先我很尴尬地说我的道路
数据库错了。另外,你们两人都建议电子邮件链接应该是:
VerifyAccount.aspx?id=" & oVerCode & "'
而不是文字字符串。
非常感谢