Solved

Login script

Posted on 2003-11-09
8
473 Views
Last Modified: 2010-04-01
I have a login script which i am not sure is correct or not:
the problem i am facing is with the username is correct, the user should be allowed t o enter jas.jsp but if it is wrong, an error message with sorry wrong log-in with user being redirected to the same page login page.
can anyone help me , this is my code:
<%@ page import="java.sql.*"%>

 
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>

<html>
<body  BGColor="#FFFFF0" >
<%
String connectionURL = "jdbc:mysql://localhost:3306/mydatabase?user=;password=";

try
{

 


   
   Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection   connection = DriverManager.getConnection(connectionURL, "", "");
   Statement statement=connection.createStatement();


String myquery="select username,password from account where username='"+acc.getUsername()+"'";
ResultSet rs=statement.executeQuery(myquery);

   String username=acc.getUsername();
    String passwd=acc.getPasswd();


boolean anyRecords=rs.next();
//while(rs.next()){

//if(anyRecords){



//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    

         
//}

 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;



}
catch( SQLException ex )
{
   ex.printStackTrace() ;
}
catch( ClassNotFoundException ex )
{
   ex.printStackTrace() ;
}


%>
<form action="account.jsp" name="form1" >
<input type="hidden" name="posted" value="yes">
<Font Size="4 Color="Black" Face="Garamond" Align="Center">
Username :
<input type="text" name="username" size=20 />
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>
</p>





&Password :
<input type="password" name="passwd" size=20/>
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>

</p>

</Font>

</p>

<input type="submit" value="New">
</form>

</body>
</html>
note:my pc crash so i am using a cybercafe, so there might be a delay in responding , sorry
0
Comment
Question by:Jasbir21
8 Comments
 
LVL 1

Accepted Solution

by:
JNic earned 50 total points
ID: 9709670
This is the part of your code in question:

boolean anyRecords=rs.next();
//while(rs.next()){
//if(anyRecords){
//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    
//}
 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;

I would do like this:

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9709828
Have you considered using the login management facilities that are built into the servlet container?

Have a look at the code that you can get from this page:

http://archive.moreservlets.com/Chapter7.html

If you want to see the details about how to implement this fully, you'll need to buy the book ;-)
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9709902
if you don't want to buy the book, here is a free online resource to get you started with standard j2ee security.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
and if you use tomcat:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 

Author Comment

by:Jasbir21
ID: 9712409
hi,
  I am unable to try it on now, coz i haven't got my pc ,pls give me a day.

Thanks
0
 

Author Comment

by:Jasbir21
ID: 9743705
hi,
 i have tried :
boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
the problem is if the login is not sucessful, error,sorry unsucessful log-in should pop up with the username field and password field again.

Eg,
Unsucessful log-in,pls try again

Username :_______________
Password:________________

I tried puting it like this :

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
 response.sendRedirect( "jas2.jsp" ) ;
 
}
else{
out.println("Unsucessful login,");
    }

When i tried this the error message gets displayed without the user loggin or not
   


0
 
LVL 15

Assisted Solution

by:jimmack
jimmack earned 40 total points
ID: 9743735
For testing purposes, add a line inside your "if" and an "else" like this:

if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"

   System.out.println("rs password = " + rs.getSting("password") + ", rs username = " + rs.getString("username"));

   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}
else
{
    System.out.println("Result set is empty");
}

I'm guessing that either the username or password don't match, or you have an empty result set.
0
 

Author Comment

by:Jasbir21
ID: 9744053
hi, i have split points because both answers help me.

thanks and God bless
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9744067
;-) Thanx
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Read about the ways of improving workplace communication.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now