上一篇总结了三层的思想,但是光有思想是不能深刻掌握其中的道理的,所以我就拿登录小试牛刀了一下
登录的逻辑
登录的逻辑没有什么难点,只需要判断一个问题:输入的用户名是否在数据库中存在,相对应的密码是否正确。大家登录会有输错用户名或者密码的情况,但是给出来的提示都是“你输入的用户名或密码有误”或者是诸如“账号密码不匹配”,为什么不是输错了什么就给出明确的提示,有一天我猛然意识到,如果只提示密码有误,如果有人想要盗取别人的账号,就一个劲的输入各种密码就可以了,这样就不能保证我们的信息安全。
登录包图
时序图
界面
登录界面
数据库(就是很简单的,设了几个必要的字段,其实有前两个就够了)
代码
实体层(Entity)
Public Class UserInfo Private _id As String '定义两个私有变量(类里的变量),用于存储和方便来类里边使用它们,方便记忆命名加"_" Private _pwd As String Public Property UserID As String '定义可读写的属性 Get '获得数据 Return _id End Get Set(value As String) '写数据 _id = value End Set End Property Public Property PassWord As String Get Return _pwd End Get Set(value As String) _pwd = value End Set End Property Private _status As String Public Property Status As String Get Return _status End Get Set(value As String) _status = value End Set End Property End Class
UI层:
Public Class LoginFrm Private Sub cmdOK_Click(sender As Object,e As EventArgs) Handles cmdOK.Click '实例化Entity实体的对象 Dim loginUser As New Entity.UserInfo ' Dim loginUser As Entity.UserInfo = New Entity.UserInfo(第二种实例化方法) '实例化BLL层对象 Dim Bcheck As New BLL.LoginAdmin '将文本框中的字符串赋给实体对象loginUser 使实体对象能够带上参数 '便于让实体传递到B层,使得B层获得登录用户的姓名和密码!!!!!! loginUser.UserID = txtUserName.Text() loginUser.PassWord = txtPwd.Text() '调用B层的方法,传参给B层,B层做出判断后,返回一个布尔值,根据B层的返回值做出相应的响应,反馈给用户 If Bcheck.PassWordRight(loginUser) Then MsgBox("登录成功!") Me.Hide() frmMain.Show() Else MsgBox("登录失败!") End If End Sub Private Sub cmdCancel_Click(sender As Object,e As EventArgs) Handles cmdCancel.Click Me.Close() End Sub
BLL:
Imports Entity Imports DAL.UserDAO Public Class LoginAdmin '定义D层的对象,和实体层对象 Dim BDUser As New DAL.UserDAO Dim BEUser As New Entity.UserInfo '定义一个函数名为PassWordRight的函数,参数为(user),函数值类型是布尔值 Function PassWordRight(ByVal user As Entity.UserInfo) As Boolean BEUser.UserID = user.UserID BEUser = BDUser.ExistUser(BEUser) If BEUser.PassWord.Trim() = user.PassWord Then '根据U层的和D层的用户名做出判断,如果密码正确返回TRUE Return True Else Return False End If End Function End Class
Public Class UserDAO Dim sqlConnectStr As String = "server=SMALLRED;database=hotel;uid=sa;pwd=1;" '查询数据库 用户是否存在 Function ExistUser(ByVal user As Entity.UserInfo) As Entity.UserInfo '建立和数据库的连接 Dim sql As String = "select * from User_Info where UserID= '" & user.UserID & "'" '初始化具有查询文本和sqlConnection的sqlCommand类的新实例 Dim cnn1 As sqlConnection = New sqlConnection(sqlConnectStr) cnn1.ConnectionString = sqlConnectStr Dim cmd As sqlCommand = New sqlCommand(sql,cnn1) '定义sqlcommand 对象 cmd.CommandText = sql cmd.Connection = cnn1 Dim read As sqlDataReader '定义Reader来读数据 Dim userDataTable As New DataTable '定义一个DATATABLE对象 Dim userD As New Entity.UserInfo Try '打开连接 cnn1.Open() '返回一个数据集对象 read = cmd.ExecuteReader userDataTable.Load(read) userD.UserID = userDataTable.Rows(0)("UserID") '将数据库的信息传递给实体层 userD.PassWord = userDataTable.Rows(0)("PassWord") Return userD '返回值是实体层的对象,说明通过实体层船体信息 Catch ex As Exception userD.PassWord = "" Return userD Finally If Not IsNothing(cnn1) Then cnn1.Close() End If End Try End Function End Class
总结: