Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Login script

Posted on 2003-11-09
8
Medium Priority
?
480 Views
Last Modified: 2010-04-01
I have a login script which i am not sure is correct or not:
the problem i am facing is with the username is correct, the user should be allowed t o enter jas.jsp but if it is wrong, an error message with sorry wrong log-in with user being redirected to the same page login page.
can anyone help me , this is my code:
<%@ page import="java.sql.*"%>

 
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>

<html>
<body  BGColor="#FFFFF0" >
<%
String connectionURL = "jdbc:mysql://localhost:3306/mydatabase?user=;password=";

try
{

 


   
   Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection   connection = DriverManager.getConnection(connectionURL, "", "");
   Statement statement=connection.createStatement();


String myquery="select username,password from account where username='"+acc.getUsername()+"'";
ResultSet rs=statement.executeQuery(myquery);

   String username=acc.getUsername();
    String passwd=acc.getPasswd();


boolean anyRecords=rs.next();
//while(rs.next()){

//if(anyRecords){



//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    

         
//}

 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;



}
catch( SQLException ex )
{
   ex.printStackTrace() ;
}
catch( ClassNotFoundException ex )
{
   ex.printStackTrace() ;
}


%>
<form action="account.jsp" name="form1" >
<input type="hidden" name="posted" value="yes">
<Font Size="4 Color="Black" Face="Garamond" Align="Center">
Username :
<input type="text" name="username" size=20 />
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>
</p>





&Password :
<input type="password" name="passwd" size=20/>
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>

</p>

</Font>

</p>

<input type="submit" value="New">
</form>

</body>
</html>
note:my pc crash so i am using a cybercafe, so there might be a delay in responding , sorry
0
Comment
Question by:Jasbir21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Accepted Solution

by:
JNic earned 200 total points
ID: 9709670
This is the part of your code in question:

boolean anyRecords=rs.next();
//while(rs.next()){
//if(anyRecords){
//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    
//}
 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;

I would do like this:

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9709828
Have you considered using the login management facilities that are built into the servlet container?

Have a look at the code that you can get from this page:

http://archive.moreservlets.com/Chapter7.html

If you want to see the details about how to implement this fully, you'll need to buy the book ;-)
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9709902
if you don't want to buy the book, here is a free online resource to get you started with standard j2ee security.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
and if you use tomcat:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Jasbir21
ID: 9712409
hi,
  I am unable to try it on now, coz i haven't got my pc ,pls give me a day.

Thanks
0
 

Author Comment

by:Jasbir21
ID: 9743705
hi,
 i have tried :
boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
the problem is if the login is not sucessful, error,sorry unsucessful log-in should pop up with the username field and password field again.

Eg,
Unsucessful log-in,pls try again

Username :_______________
Password:________________

I tried puting it like this :

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
 response.sendRedirect( "jas2.jsp" ) ;
 
}
else{
out.println("Unsucessful login,");
    }

When i tried this the error message gets displayed without the user loggin or not
   


0
 
LVL 15

Assisted Solution

by:jimmack
jimmack earned 160 total points
ID: 9743735
For testing purposes, add a line inside your "if" and an "else" like this:

if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"

   System.out.println("rs password = " + rs.getSting("password") + ", rs username = " + rs.getString("username"));

   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}
else
{
    System.out.println("Result set is empty");
}

I'm guessing that either the username or password don't match, or you have an empty result set.
0
 

Author Comment

by:Jasbir21
ID: 9744053
hi, i have split points because both answers help me.

thanks and God bless
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9744067
;-) Thanx
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WooCommerce is becoming the most powerful e-commerce plugin for Wordpress. And why not. The platform comprises of numerous core plugins that may come in handy, powerful options to make your website development task much easier.
Geo-targeting is the practice of distributing content based on a person’s location, as best as you can determine it. Let’s look at some ways you could successfully use this tactic. The following tips and case studies could lead to meaningful results.
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question