Solved

Login script

Posted on 2003-11-09
8
475 Views
Last Modified: 2010-04-01
I have a login script which i am not sure is correct or not:
the problem i am facing is with the username is correct, the user should be allowed t o enter jas.jsp but if it is wrong, an error message with sorry wrong log-in with user being redirected to the same page login page.
can anyone help me , this is my code:
<%@ page import="java.sql.*"%>

 
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>

<html>
<body  BGColor="#FFFFF0" >
<%
String connectionURL = "jdbc:mysql://localhost:3306/mydatabase?user=;password=";

try
{

 


   
   Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection   connection = DriverManager.getConnection(connectionURL, "", "");
   Statement statement=connection.createStatement();


String myquery="select username,password from account where username='"+acc.getUsername()+"'";
ResultSet rs=statement.executeQuery(myquery);

   String username=acc.getUsername();
    String passwd=acc.getPasswd();


boolean anyRecords=rs.next();
//while(rs.next()){

//if(anyRecords){



//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    

         
//}

 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;



}
catch( SQLException ex )
{
   ex.printStackTrace() ;
}
catch( ClassNotFoundException ex )
{
   ex.printStackTrace() ;
}


%>
<form action="account.jsp" name="form1" >
<input type="hidden" name="posted" value="yes">
<Font Size="4 Color="Black" Face="Garamond" Align="Center">
Username :
<input type="text" name="username" size=20 />
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>
</p>





&Password :
<input type="password" name="passwd" size=20/>
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>

</p>

</Font>

</p>

<input type="submit" value="New">
</form>

</body>
</html>
note:my pc crash so i am using a cybercafe, so there might be a delay in responding , sorry
0
Comment
Question by:Jasbir21
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 1

Accepted Solution

by:
JNic earned 50 total points
ID: 9709670
This is the part of your code in question:

boolean anyRecords=rs.next();
//while(rs.next()){
//if(anyRecords){
//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    
//}
 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;

I would do like this:

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9709828
Have you considered using the login management facilities that are built into the servlet container?

Have a look at the code that you can get from this page:

http://archive.moreservlets.com/Chapter7.html

If you want to see the details about how to implement this fully, you'll need to buy the book ;-)
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 9709902
if you don't want to buy the book, here is a free online resource to get you started with standard j2ee security.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
and if you use tomcat:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Jasbir21
ID: 9712409
hi,
  I am unable to try it on now, coz i haven't got my pc ,pls give me a day.

Thanks
0
 

Author Comment

by:Jasbir21
ID: 9743705
hi,
 i have tried :
boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
the problem is if the login is not sucessful, error,sorry unsucessful log-in should pop up with the username field and password field again.

Eg,
Unsucessful log-in,pls try again

Username :_______________
Password:________________

I tried puting it like this :

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
 response.sendRedirect( "jas2.jsp" ) ;
 
}
else{
out.println("Unsucessful login,");
    }

When i tried this the error message gets displayed without the user loggin or not
   


0
 
LVL 15

Assisted Solution

by:jimmack
jimmack earned 40 total points
ID: 9743735
For testing purposes, add a line inside your "if" and an "else" like this:

if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"

   System.out.println("rs password = " + rs.getSting("password") + ", rs username = " + rs.getString("username"));

   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}
else
{
    System.out.println("Result set is empty");
}

I'm guessing that either the username or password don't match, or you have an empty result set.
0
 

Author Comment

by:Jasbir21
ID: 9744053
hi, i have split points because both answers help me.

thanks and God bless
0
 
LVL 15

Expert Comment

by:jimmack
ID: 9744067
;-) Thanx
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Building a cohesive image for your brand is vital to making an impression on consumers. When the economy is tough, brands do better than unbranded  products. This can have a huge impact on your long-term profits, as the economy goes up and down.
This article describes a method of delivering Word templates for use in merging Access data to Word documents, that requires no computer knowledge on the part of the recipient -- the templates are saved in table fields, and are extracted and install…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question