?
Solved

handling froms

Posted on 2003-04-01
11
Medium Priority
?
168 Views
Last Modified: 2010-04-01
I have a jsp page that looks something like this:

<jsp:useBean id="db" scope="session" class="database.myclass"/>

<html>

<body>

<form action = "index.jsp" method="get">

     <p align="center"><b><font face="Arial">User Name: </font></b>
     <input type ="text" name="loginName" size="19"></p>
     <p align="center"><b><font face="Arial">Password:</font></b>
     <input type ="text" name="password" size="19"> </p>
      <p align="center">

     <input type="submit" value="Login"> </p>
</form>


<%
if( (request.getParameter("loginName") != null) && (request.getParameter("password") != null) )
{
        if (true == db.login((request.getParameter("loginName")),(request.getParameter("password"))))
     {
       
%>

<p align="center">good

<%
         }
     else
     {
%>
  <font color="#FF0000"> Either User Does Not Exist or Password is Incorrect</font>
<%
     }
}
%>


</body>
</html>

It checks a user's password with a database to see if it is valid, and if it is invalid it prints a message saying so, but on the instance where the password is valid it prints 'good', but what i want it to do is load up an other webpage and pass the user name to it. How do i do this?
0
Comment
Question by:danBosh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 4

Expert Comment

by:thanassis
ID: 8245359
put in your class "database.myclass" the following:

public class MyClass
{
  String name = "";
  String passwd = "";

...

/* your methods */

...

  public String getName()
  {
    return name;
  }

  public void setName(String newName)
  {
    name = newName;
  }

  public String getPasswd()
  {
    return passwd ;
  }

  public void setPasswd(String newPasswd )
  {
    passwd = newPasswd ;
  }

}

and in jsp page put

if (db.login((request.getParameter("loginName")),(request.getParameter("password"))))
{

myclass.setName(request.getParameter("loginName"))
myclass.setPasswd(request.getParameter("password"))
       
response.sendRedirect("otherPage.jsp");
 }
0
 

Author Comment

by:danBosh
ID: 8245600
I think you have missunderstood my question, myclass does not need editing, none of your method are really relavent to what i am trying to do. I just want to know how to make jsp  load up another pade automatically once the user has input the correct password, and preferably passing on the user name as part of the url.

thanks
0
 
LVL 4

Expert Comment

by:thanassis
ID: 8245649
>>I just want to know how to make jsp  load up another pade automatically once the user has input the correct password

response.sendRedirect("otherPage.jsp");

>>and preferably passing on the user name as part of the url.

you can put username and password to your sesion bean
(before redirect).
A technic to do this was the above example
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:danBosh
ID: 8245929
is there not something like this:

response.sendRedirect("otherPage.jsp?loginName=johnSmith");



0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8245961
or attach username and password to the request and forward to the other page.

though I think thanassis approach is better.

are you checking login credentials on every page?

CJ
0
 
LVL 4

Expert Comment

by:thanassis
ID: 8245994
yes you can also use this!

response.sendRedirect("otherPage.jsp?loginName=johnSmith&password=asdqwe");

but now everybody in the universe will see your password at the URL
0
 

Author Comment

by:danBosh
ID: 8246006
no just on the login page
0
 

Author Comment

by:danBosh
ID: 8246036
cheers im not reallt concerned with security issues.

although i wouldn't do this:
response.sendRedirect("otherPage.jsp?loginName=johnSmith&password=asdqwe");

as i said in my orginal question i only forward to the otherpage once the password has been validated, so i wounldn't need to send the password here
0
 
LVL 4

Accepted Solution

by:
thanassis earned 200 total points
ID: 8246087
it is better to pass a generic variable "login=true"

like
response.sendRedirect("otherPage.jsp?login=true");

so on page other.jsp have a check.

BUT! is someone write the url www...otherPage.jsp?login=true

he will see the contents of your page, even if he will not give the correct username and passwords.

So better save your variables to the session bean
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 8246180
unless you use HTTPS then the login credentials (even if they are passed via the URL) are encrypted.

If you are going to just do a forward to the second JSP try this.

request.setAttribute("loginName", request.getParameter("loginName"));
request.setAttribute("password", request.getParameter("password"));
 getServletContext().getRequestDispatcher( "otherpage.jsp" ).forward( request, response );


or something like this:


<jsp:forward page="/servlet/otherpage.jsp">
     <jsp:param name="loginName" value="<%=request.getParameter("loginName")%>" />
     <jsp:param name="password" value="<%=request.getParameter("password")%>" />
</jsp:forward>

CJ
0
 
LVL 6

Expert Comment

by:jarasa
ID: 8246705
Hi there.
Maybe this is kind of hard to understand but it works perfectly and is pretty safe:

access.jsp
<%@ page contentType="text/html; charset=iso-8859-1" language="java" import="java.sql.*" errorPage="" %>
<%

// FileName="oracle_jdbc_conn.htm"
// Type="JDBC" ""
// DesigntimeType="JDBC"
// HTTP="false"
// Catalog=""
// Schema=""
String MM_Coste_DRIVER = "oracle.jdbc.driver.OracleDriver";
String MM_Coste_USERNAME = "user";
String MM_Coste_PASSWORD = "password";
String MM_Coste_STRING = "jdbc:oracle:thin:@server:database";

// *** Validate request to log in to this site.

String MM_LoginAction = request.getRequestURI();

if (request.getQueryString() != null && request.getQueryString().length() > 0) MM_LoginAction += "?" + request.getQueryString();

String MM_valUsername=request.getParameter("user_logged");
String MM_valPassword=request.getParameter("password_logged");

if (MM_valUsername != null) {

  String MM_fldUserAuthorization="PROFILE";
  String MM_redirectLoginSuccess="menu.jsp";
  String MM_redirectLoginFailed="error.jsp";
  String MM_redirectLogin=MM_redirectLoginFailed;
 
  Driver MM_driverUser = (Driver)Class.forName(MM_Coste_DRIVER).newInstance();
  Connection MM_connUser = DriverManager.getConnection(MM_Coste_STRING,MM_Coste_USERNAME,MM_Coste_PASSWORD);
 
  String MM_pSQL = "SELECT USER_ID, PROFILE";
 
  if (!MM_fldUserAuthorization.equals("")) MM_pSQL += "," + MM_fldUserAuthorization;
       MM_pSQL += " FROM DATA_BASE.USERS WHERE USER_ID=\'" + MM_valUsername.replace('\'', ' ') + "\' AND PASSWORD=\'" + MM_valPassword.replace('\'', ' ') + "\'";
 
  PreparedStatement MM_statementUser = MM_connUser.prepareStatement(MM_pSQL);
  ResultSet MM_rsUser = MM_statementUser.executeQuery();
 
  boolean MM_rsUser_isNotEmpty = MM_rsUser.next();
 
  if (MM_rsUser_isNotEmpty) {
 
    // username and password match - this is a valid user, and we put it on session
    session.putValue("MM_Username", MM_valUsername);
    session.putValue("MM_Perfil", MM_rsUser.getString("PERFIL").trim());
   
    if (!MM_fldUserAuthorization.equals("")) {
   
      session.putValue("MM_UserAuthorization", MM_rsUser.getString(MM_fldUserAuthorization).trim());
     
    } else {
   
      session.putValue("MM_UserAuthorization", "");
     
    }
   
    if ((request.getParameter("accessdenied") != null) && false) {
   
      MM_redirectLoginSuccess = request.getParameter("accessdenied");
     
    }
   
    MM_redirectLogin=MM_redirectLoginSuccess;
   
  }
 
  MM_rsUser.close();
  MM_connUser.close();
  response.sendRedirect(response.encodeRedirectURL(MM_redirectLogin));
  return;
 
}
%>

Have fun

Javier
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month8 days, 13 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question