Solved

Login script

Posted on 2003-11-09
8
477 Views
Last Modified: 2010-04-01
I have a login script which i am not sure is correct or not:
the problem i am facing is with the username is correct, the user should be allowed t o enter jas.jsp but if it is wrong, an error message with sorry wrong log-in with user being redirected to the same page login page.
can anyone help me , this is my code:
<%@ page import="java.sql.*"%>

 
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>

<html>
<body  BGColor="#FFFFF0" >
<%
String connectionURL = "jdbc:mysql://localhost:3306/mydatabase?user=;password=";

try
{

 


   
   Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection   connection = DriverManager.getConnection(connectionURL, "", "");
   Statement statement=connection.createStatement();


String myquery="select username,password from account where username='"+acc.getUsername()+"'";
ResultSet rs=statement.executeQuery(myquery);

   String username=acc.getUsername();
    String passwd=acc.getPasswd();


boolean anyRecords=rs.next();
//while(rs.next()){

//if(anyRecords){



//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    

         
//}

 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;



}
catch( SQLException ex )
{
   ex.printStackTrace() ;
}
catch( ClassNotFoundException ex )
{
   ex.printStackTrace() ;
}


%>
<form action="account.jsp" name="form1" >
<input type="hidden" name="posted" value="yes">
<Font Size="4 Color="Black" Face="Garamond" Align="Center">
Username :
<input type="text" name="username" size=20 />
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>
</p>





&Password :
<input type="password" name="passwd" size=20/>
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>

</p>

</Font>

</p>

<input type="submit" value="New">
</form>

</body>
</html>
note:my pc crash so i am using a cybercafe, so there might be a delay in responding , sorry
0
Comment
Question by:Jasbir21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Accepted Solution

by:
JNic earned 50 total points
ID: 9709670
This is the part of your code in question:

boolean anyRecords=rs.next();
//while(rs.next()){
//if(anyRecords){
//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    
//}
 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;

I would do like this:

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9709828
Have you considered using the login management facilities that are built into the servlet container?

Have a look at the code that you can get from this page:

http://archive.moreservlets.com/Chapter7.html

If you want to see the details about how to implement this fully, you'll need to buy the book ;-)
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9709902
if you don't want to buy the book, here is a free online resource to get you started with standard j2ee security.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
and if you use tomcat:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Jasbir21
ID: 9712409
hi,
  I am unable to try it on now, coz i haven't got my pc ,pls give me a day.

Thanks
0
 

Author Comment

by:Jasbir21
ID: 9743705
hi,
 i have tried :
boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
the problem is if the login is not sucessful, error,sorry unsucessful log-in should pop up with the username field and password field again.

Eg,
Unsucessful log-in,pls try again

Username :_______________
Password:________________

I tried puting it like this :

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
 response.sendRedirect( "jas2.jsp" ) ;
 
}
else{
out.println("Unsucessful login,");
    }

When i tried this the error message gets displayed without the user loggin or not
   


0
 
LVL 15

Assisted Solution

by:jimmack
jimmack earned 40 total points
ID: 9743735
For testing purposes, add a line inside your "if" and an "else" like this:

if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"

   System.out.println("rs password = " + rs.getSting("password") + ", rs username = " + rs.getString("username"));

   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}
else
{
    System.out.println("Result set is empty");
}

I'm guessing that either the username or password don't match, or you have an empty result set.
0
 

Author Comment

by:Jasbir21
ID: 9744053
hi, i have split points because both answers help me.

thanks and God bless
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9744067
;-) Thanx
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
We take a look at some of the most common obstacles that IT teams run into as they work relentlessly to keep all the alarms and sirens from going off at once.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question