Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

logging in

I am trying to create a login page. i am do the validating on the same page. when i click login the page just resets itself. i think the problem is the request.getParameter("logon"). THis is my code.

<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
  Connection connection;
  Statement statement;
  ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
      //if customer hasn't tried to logon yet
     if (request.getParameter("logon") == null) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
 <%
     }
      else { // user is attempting to log in
        try {
          Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
        }
        catch(java.lang.ClassNotFoundException cnfe) {
          %>
          <script>
            alert("Error loading database driver.");
            history.back();
          </script>
          <%
        }

        try {
          connection = DriverManager.getConnection("jdbc:odbc:rocky");
          statement = connection.createStatement();
        }
        catch(SQLException sqle) {
          %>
          <script>
            alert("Error connecting to the database.");
            location.href = "welcome.jsp";
          </script>
          <%
        }

        try {
          resultSet = statement.executeQuery("SELECT Password FROM Customers WHERE cust_no ="+log.getNum());
          if (resultSet.next()) {
            if (resultSet.getString(1).equals(log.getPassword())) {
              // prevent login bypass by creating a session
                 session.setAttribute("LoggedIn", "yes");
                 String no = resultSet.getString("cust_no");
              %>
              <jsp:forward page="menu.jsp?custno=<% no %>" />
              <%
            }
            else {
              %>
              <script>
                alert("Login failed.");
                history.back();
              </script>
              <%
            }
          }
        }
        catch (SQLException sqle) {
          %>
          <script>
            alert("An error occured while checking login information.");
            history.back();
          </script>
          <%
        }
      }
    %>
</body>
</html>
0
jerad
Asked:
jerad
  • 6
  • 5
  • 2
  • +2
1 Solution
 
fargoCommented:
Hii jerad,

try this

if ( (request.getParameter("logon").equals(""))
 
inspite of if (request.getParameter("logon") == null)

Hope this helps
happy working

0
 
thanassisCommented:
Try put name in double quotas

<INPUT TYPE=submit NAME='logon' ...

change to:

<INPUT TYPE=submit NAME="logon" ...
0
 
kennethxuCommented:
1. since the form submit to welcome.jsp, is the welcome.jsp the login page?
2. it also may be the menu.jsp redirect back to login page for some reason. replace
<jsp:forward page="menu.jsp?custno=<% no %>" />
with some text message to debug your login page.

otherwise, you page looks GOOD to me.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
cheekycjCommented:
since you are setting loggedIn in session and I am assuming that menu.jsp is checking for it.. why not do a redirect:
response.sendRedirect("menu.jsp?custno=" + no);

same for the login fail.. try a redirect.

the javascript will not work for users who have javascript disabled :-)

I also noticed that you are retrieving custno but never selecting it.. so try adding that to the select statement.  You are probably getting a sql exception.

Try this:

<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
 Connection connection;
 Statement statement;
 ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
     //if customer hasn't tried to logon yet
    if (request.getParameter("logon") == null && request.getParameter("logon").equals("")) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
    }
     else { // user is attempting to log in
       try {
         Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
       }
       catch(java.lang.ClassNotFoundException cnfe) {
         response.sendRedirect("welcome.jsp?err=1");
       }

       try {
         connection = DriverManager.getConnection("jdbc:odbc:rocky");
         statement = connection.createStatement();
       }
       catch(SQLException sqle) {
         response.sendRedirect("welcome.jsp?err=2");
       }

       try {
         resultSet = statement.executeQuery("SELECT Password, cust_no FROM Customers WHERE cust_no ="+log.getNum());
         if (resultSet.next()) {
           if (resultSet.getString("Password").equals(log.getPassword())) {
             // prevent login bypass by creating a session
                session.setAttribute("LoggedIn", "yes");
                String no = resultSet.getString("cust_no");
                response.sendRedirect("menu.jsp?custno=" + no);
           }
           else {
             response.sendRedirect("welcome.jsp");
           }
         }
       }
       catch (SQLException sqle) {
        response.sendRedirect("welcome.jsp?err=3");
       }
     }
   %>
</body>
</html>

HTH,
CJ
0
 
jeradAuthor Commented:
its still screwed tried all of the above. changing it to .equals("") causes a jasper exception. all of my sql stuff etc works i tested thay by putting default values in and changing it to !=null. i think it must be something to do with must computer setup. i'll try it on another computer as soon as i can and ill keep you all posted. thanx for you help so far.
0
 
cheekycjCommented:
sorry there was a bug in my code.. try this:


<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
Connection connection;
Statement statement;
ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
    //if customer hasn't tried to logon yet
   if (request.getParameter("logon") == null || request.getParameter("logon").equals("")) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
   }
    else { // user is attempting to log in
      try {
        Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
      }
      catch(java.lang.ClassNotFoundException cnfe) {
        response.sendRedirect("welcome.jsp?err=1");
      }

      try {
        connection = DriverManager.getConnection("jdbc:odbc:rocky");
        statement = connection.createStatement();
      }
      catch(SQLException sqle) {
        response.sendRedirect("welcome.jsp?err=2");
      }

      try {
        resultSet = statement.executeQuery("SELECT Password, cust_no FROM Customers WHERE cust_no ="+log.getNum());
        if (resultSet.next()) {
          if (resultSet.getString("Password").equals(log.getPassword())) {
            // prevent login bypass by creating a session
               session.setAttribute("LoggedIn", "yes");
               String no = resultSet.getString("cust_no");
               response.sendRedirect("menu.jsp?custno=" + no);
          }
          else {
            response.sendRedirect("welcome.jsp");
          }
        }
      }
      catch (SQLException sqle) {
       response.sendRedirect("welcome.jsp?err=3");
      }
    }
  %>
</body>
</html>

CJ
0
 
cheekycjCommented:
the previous code would have thrown a null pointer exception each time.  I was relying on Java's short circuit handling of conditionals but was using and && instead of ||

CJ
0
 
jeradAuthor Commented:
still getting a null pointer exception even with your above code. hmmm. frustrating. thanks for ya help. i'll keep trying
0
 
jeradAuthor Commented:
still getting a null pointer exception even with your above code. hmmm. frustrating. thanks for ya help. i'll keep trying
0
 
cheekycjCommented:
Not sure where the NPE could be happening.. have you tried to locate where in the JSP it is happening?  Please post the stack trace so we can try to help.

Try this.. (but I suspect is is somewhere else):

<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
Connection connection;
Statement statement;
ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
   //if customer hasn't tried to logon yet
  if (request.getParameter("logon") == null || "".equals(request.getParameter("logon"))) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
  }
   else { // user is attempting to log in
     try {
       Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
     }
     catch(java.lang.ClassNotFoundException cnfe) {
       response.sendRedirect("welcome.jsp?err=1");
     }

     try {
       connection = DriverManager.getConnection("jdbc:odbc:rocky");
       statement = connection.createStatement();
     }
     catch(SQLException sqle) {
       response.sendRedirect("welcome.jsp?err=2");
     }

     try {
       resultSet = statement.executeQuery("SELECT Password, cust_no FROM Customers WHERE cust_no ="+log.getNum());
       if (resultSet.next()) {
         if (resultSet.getString("Password").equals(log.getPassword())) {
           // prevent login bypass by creating a session
              session.setAttribute("LoggedIn", "yes");
              String no = resultSet.getString("cust_no");
              response.sendRedirect("menu.jsp?custno=" + no);
         }
         else {
           response.sendRedirect("welcome.jsp");
         }
       }
     }
     catch (SQLException sqle) {
      response.sendRedirect("welcome.jsp?err=3");
     }
   }
 %>
</body>
</html>

Also I noticed that you get the user info based on cust no.. is cust no always set?
>> log.getNum()
could be causing problems

Also I see you retrieving password but not Logon.  How are you verifying that the user id (custno/logon) is set and is accurate?

try this:
<%@ page import = "java.sql.*, java.text.*, java.util.*, login.Logon"%>

<jsp:useBean id = "log" scope = "page" class = "login.Logon"/>
<jsp:setProperty name = "log" property = "*"/>
<%!
Connection connection;
PreparedStatement statement;
ResultSet resultSet;
%>
<HTML>
<HEAD>
</HEAD>
<BODY>
<%
   //if customer hasn't tried to logon yet
  if (request.getParameter("logon") == null || "".equals(request.getParameter("logon"))) {
%>
<CENTER>
<FORM Action="welcome.jsp" METHOD="POST">
<H3 style="COLOR: black">Please Log On</H3>
<TABLE BORDER="1">
<TR><TD  style="FONT-WEIGHT: bolder; TEXT-ALIGN: right" >
Number:</TD><td ><input size="10" name="num"></td></TR>
<TR><TD style="FONT-WEIGHT: bolder; TEXT-ALIGN: right">
Password:</TD><td><input type="password" size="10" NAME="pass"></td></TR>
</TABLE>
<br><br>
<INPUT TYPE=submit NAME='logon' VALUE="Log On">&nbsp;
<INPUT TYPE=reset><br>
</FORM>
</CENTER>
<%
  }
   else { // user is attempting to log in
     try {
       Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
     }
     catch(java.lang.ClassNotFoundException cnfe) {
       response.sendRedirect("welcome.jsp?err=1");
     }

     try {
       connection = DriverManager.getConnection("jdbc:odbc:rocky");
       String sql = "SELECT cust_no FROM Customers WHERE cust_no = ? and Password = ?";
       statement = connection.prepareStatement(sql);
       statement.setInt(1, Integer.parseInt(request.getParameter("logon")));
       statement.setString(2, request.getParameter("Password"));

     }
     catch(SQLException sqle) {
       response.sendRedirect("welcome.jsp?err=2");
     }

     try {
       resultSet = statement.executeQuery();
       if (resultSet.next()) {
         if (resultSet.getString("Password").equals(log.getPassword())) {
           // prevent login bypass by creating a session
              session.setAttribute("LoggedIn", "yes");
              String no = resultSet.getString("cust_no");
              response.sendRedirect("menu.jsp?custno=" + no);
         }
         else {
           response.sendRedirect("welcome.jsp");
         }
       }
     }
     catch (SQLException sqle) {
      response.sendRedirect("welcome.jsp?err=3");
     }
   }
 %>
</body>
</html>
0
 
jeradAuthor Commented:
the NPE is in the  if (request.getParameter("logon") == null || "".equals(request.getParameter("logon"))).
0
 
kennethxuCommented:
it doesn't make sense to me. this statement shouldn't cause NPE unless the request object is null.
it would try this

String logon = request.getParameter( "logon" );
if( logon == null || logon.length() == 0 ) {
0
 
cheekycjCommented:
that statement should definitely not throw a NPE, that is why I coded it that way.

CJ
0
 
jeradAuthor Commented:
problem fixed. dunno how? must have been some config in my comptuer because i reloaded it and it worked. now i got sql errors as you said i would. i guess i hafta ask in another question to be fair
0
 
cheekycjCommented:
Thanx for the "A", glad I could help.

If you need help with the SQL errors.. just post here... I will try to help.

CJ
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 6
  • 5
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now