?
Solved

logging in

Posted on 2003-03-30
15
Medium Priority
?
350 Views
Last Modified: 2010-04-01
I am trying to create a login page. i am do the validating on the same page. when i click login the page just resets itself. i think the problem is the request.getParameter("logon"). THis is my code.

<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
  Connection connection;
  Statement statement;
  ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
      //if customer hasn't tried to logon yet
     if (request.getParameter("logon") == null) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
 <%
     }
      else { // user is attempting to log in
        try {
          Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
        }
        catch(java.lang.ClassNotFoundException cnfe) {
          %>
          <script>
            alert("Error loading database driver.");
            history.back();
          </script>
          <%
        }

        try {
          connection = DriverManager.getConnection("jdbc:odbc:rocky");
          statement = connection.createStatement();
        }
        catch(SQLException sqle) {
          %>
          <script>
            alert("Error connecting to the database.");
            location.href = "welcome.jsp";
          </script>
          <%
        }

        try {
          resultSet = statement.executeQuery("SELECT Password FROM Customers WHERE cust_no ="+log.getNum());
          if (resultSet.next()) {
            if (resultSet.getString(1).equals(log.getPassword())) {
              // prevent login bypass by creating a session
                 session.setAttribute("LoggedIn", "yes");
                 String no = resultSet.getString("cust_no");
              %>
              <jsp:forward page="menu.jsp?custno=<% no %>" />
              <%
            }
            else {
              %>
              <script>
                alert("Login failed.");
                history.back();
              </script>
              <%
            }
          }
        }
        catch (SQLException sqle) {
          %>
          <script>
            alert("An error occured while checking login information.");
            history.back();
          </script>
          <%
        }
      }
    %>
</body>
</html>
0
Comment
Question by:jerad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
  • +2
15 Comments
 
LVL 11

Expert Comment

by:fargo
ID: 8234169
Hii jerad,

try this

if ( (request.getParameter("logon").equals(""))
 
inspite of if (request.getParameter("logon") == null)

Hope this helps
happy working

0
 
LVL 4

Expert Comment

by:thanassis
ID: 8234356
Try put name in double quotas

<INPUT TYPE=submit NAME='logon' ...

change to:

<INPUT TYPE=submit NAME="logon" ...
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8235666
1. since the form submit to welcome.jsp, is the welcome.jsp the login page?
2. it also may be the menu.jsp redirect back to login page for some reason. replace
<jsp:forward page="menu.jsp?custno=<% no %>" />
with some text message to debug your login page.

otherwise, you page looks GOOD to me.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 19

Expert Comment

by:cheekycj
ID: 8238694
since you are setting loggedIn in session and I am assuming that menu.jsp is checking for it.. why not do a redirect:
response.sendRedirect("menu.jsp?custno=" + no);

same for the login fail.. try a redirect.

the javascript will not work for users who have javascript disabled :-)

I also noticed that you are retrieving custno but never selecting it.. so try adding that to the select statement.  You are probably getting a sql exception.

Try this:

<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
 Connection connection;
 Statement statement;
 ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
     //if customer hasn't tried to logon yet
    if (request.getParameter("logon") == null && request.getParameter("logon").equals("")) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
    }
     else { // user is attempting to log in
       try {
         Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
       }
       catch(java.lang.ClassNotFoundException cnfe) {
         response.sendRedirect("welcome.jsp?err=1");
       }

       try {
         connection = DriverManager.getConnection("jdbc:odbc:rocky");
         statement = connection.createStatement();
       }
       catch(SQLException sqle) {
         response.sendRedirect("welcome.jsp?err=2");
       }

       try {
         resultSet = statement.executeQuery("SELECT Password, cust_no FROM Customers WHERE cust_no ="+log.getNum());
         if (resultSet.next()) {
           if (resultSet.getString("Password").equals(log.getPassword())) {
             // prevent login bypass by creating a session
                session.setAttribute("LoggedIn", "yes");
                String no = resultSet.getString("cust_no");
                response.sendRedirect("menu.jsp?custno=" + no);
           }
           else {
             response.sendRedirect("welcome.jsp");
           }
         }
       }
       catch (SQLException sqle) {
        response.sendRedirect("welcome.jsp?err=3");
       }
     }
   %>
</body>
</html>

HTH,
CJ
0
 

Author Comment

by:jerad
ID: 8244883
its still screwed tried all of the above. changing it to .equals("") causes a jasper exception. all of my sql stuff etc works i tested thay by putting default values in and changing it to !=null. i think it must be something to do with must computer setup. i'll try it on another computer as soon as i can and ill keep you all posted. thanx for you help so far.
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 1000 total points
ID: 8245739
sorry there was a bug in my code.. try this:


<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
Connection connection;
Statement statement;
ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
    //if customer hasn't tried to logon yet
   if (request.getParameter("logon") == null || request.getParameter("logon").equals("")) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
   }
    else { // user is attempting to log in
      try {
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
      }
      catch(java.lang.ClassNotFoundException cnfe) {
        response.sendRedirect("welcome.jsp?err=1");
      }

      try {
        connection = DriverManager.getConnection("jdbc:odbc:rocky");
        statement = connection.createStatement();
      }
      catch(SQLException sqle) {
        response.sendRedirect("welcome.jsp?err=2");
      }

      try {
        resultSet = statement.executeQuery("SELECT Password, cust_no FROM Customers WHERE cust_no ="+log.getNum());
        if (resultSet.next()) {
          if (resultSet.getString("Password").equals(log.getPassword())) {
            // prevent login bypass by creating a session
               session.setAttribute("LoggedIn", "yes");
               String no = resultSet.getString("cust_no");
               response.sendRedirect("menu.jsp?custno=" + no);
          }
          else {
            response.sendRedirect("welcome.jsp");
          }
        }
      }
      catch (SQLException sqle) {
       response.sendRedirect("welcome.jsp?err=3");
      }
    }
  %>
</body>
</html>

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8245743
the previous code would have thrown a null pointer exception each time.  I was relying on Java's short circuit handling of conditionals but was using and && instead of ||

CJ
0
 

Author Comment

by:jerad
ID: 8252259
still getting a null pointer exception even with your above code. hmmm. frustrating. thanks for ya help. i'll keep trying
0
 

Author Comment

by:jerad
ID: 8252268
still getting a null pointer exception even with your above code. hmmm. frustrating. thanks for ya help. i'll keep trying
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8253801
Not sure where the NPE could be happening.. have you tried to locate where in the JSP it is happening?  Please post the stack trace so we can try to help.

Try this.. (but I suspect is is somewhere else):

<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
Connection connection;
Statement statement;
ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
   //if customer hasn't tried to logon yet
  if (request.getParameter("logon") == null || "".equals(request.getParameter("logon"))) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
  }
   else { // user is attempting to log in
     try {
       Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
     }
     catch(java.lang.ClassNotFoundException cnfe) {
       response.sendRedirect("welcome.jsp?err=1");
     }

     try {
       connection = DriverManager.getConnection("jdbc:odbc:rocky");
       statement = connection.createStatement();
     }
     catch(SQLException sqle) {
       response.sendRedirect("welcome.jsp?err=2");
     }

     try {
       resultSet = statement.executeQuery("SELECT Password, cust_no FROM Customers WHERE cust_no ="+log.getNum());
       if (resultSet.next()) {
         if (resultSet.getString("Password").equals(log.getPassword())) {
           // prevent login bypass by creating a session
              session.setAttribute("LoggedIn", "yes");
              String no = resultSet.getString("cust_no");
              response.sendRedirect("menu.jsp?custno=" + no);
         }
         else {
           response.sendRedirect("welcome.jsp");
         }
       }
     }
     catch (SQLException sqle) {
      response.sendRedirect("welcome.jsp?err=3");
     }
   }
 %>
</body>
</html>

Also I noticed that you get the user info based on cust no.. is cust no always set?
>> log.getNum()
could be causing problems

Also I see you retrieving password but not Logon.  How are you verifying that the user id (custno/logon) is set and is accurate?

try this:
<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
Connection connection;
PreparedStatement statement;
ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
   //if customer hasn't tried to logon yet
  if (request.getParameter("logon") == null || "".equals(request.getParameter("logon"))) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
  }
   else { // user is attempting to log in
     try {
       Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
     }
     catch(java.lang.ClassNotFoundException cnfe) {
       response.sendRedirect("welcome.jsp?err=1");
     }

     try {
       connection = DriverManager.getConnection("jdbc:odbc:rocky");
       String sql = "SELECT cust_no FROM Customers WHERE cust_no = ? and Password = ?";
       statement = connection.prepareStatement(sql);
       statement.setInt(1, Integer.parseInt(request.getParameter("logon")));
       statement.setString(2, request.getParameter("Password"));

     }
     catch(SQLException sqle) {
       response.sendRedirect("welcome.jsp?err=2");
     }

     try {
       resultSet = statement.executeQuery();
       if (resultSet.next()) {
         if (resultSet.getString("Password").equals(log.getPassword())) {
           // prevent login bypass by creating a session
              session.setAttribute("LoggedIn", "yes");
              String no = resultSet.getString("cust_no");
              response.sendRedirect("menu.jsp?custno=" + no);
         }
         else {
           response.sendRedirect("welcome.jsp");
         }
       }
     }
     catch (SQLException sqle) {
      response.sendRedirect("welcome.jsp?err=3");
     }
   }
 %>
</body>
</html>
0
 

Author Comment

by:jerad
ID: 8258552
the NPE is in the  if (request.getParameter("logon") == null || "".equals(request.getParameter("logon"))).
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 8258577
it doesn't make sense to me. this statement shouldn't cause NPE unless the request object is null.
it would try this

String logon = request.getParameter( "logon" );
if( logon == null || logon.length() == 0 ) {
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8258790
that statement should definitely not throw a NPE, that is why I coded it that way.

CJ
0
 

Author Comment

by:jerad
ID: 8267228
problem fixed. dunno how? must have been some config in my comptuer because i reloaded it and it worked. now i got sql errors as you said i would. i guess i hafta ask in another question to be fair
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8283801
Thanx for the "A", glad I could help.

If you need help with the SQL errors.. just post here... I will try to help.

CJ
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introducing Priority Question, our latest feature.
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question