Login script

I have a login script which i am not sure is correct or not:
the problem i am facing is with the username is correct, the user should be allowed t o enter jas.jsp but if it is wrong, an error message with sorry wrong log-in with user being redirected to the same page login page.
can anyone help me , this is my code:
<%@ page import="java.sql.*"%>

 
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>
<jsp:useBean id="acc" class="com.dhal.account" scope="session"/>
<jsp:setProperty name="acc" property="*"/>

<html>
<body  BGColor="#FFFFF0" >
<%
String connectionURL = "jdbc:mysql://localhost:3306/mydatabase?user=;password=";

try
{

 


   
   Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection   connection = DriverManager.getConnection(connectionURL, "", "");
   Statement statement=connection.createStatement();


String myquery="select username,password from account where username='"+acc.getUsername()+"'";
ResultSet rs=statement.executeQuery(myquery);

   String username=acc.getUsername();
    String passwd=acc.getPasswd();


boolean anyRecords=rs.next();
//while(rs.next()){

//if(anyRecords){



//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    

         
//}

 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;



}
catch( SQLException ex )
{
   ex.printStackTrace() ;
}
catch( ClassNotFoundException ex )
{
   ex.printStackTrace() ;
}


%>
<form action="account.jsp" name="form1" >
<input type="hidden" name="posted" value="yes">
<Font Size="4 Color="Black" Face="Garamond" Align="Center">
Username :
<input type="text" name="username" size=20 />
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>
</p>





&Password :
<input type="password" name="passwd" size=20/>
<Font size="4" Color="RED" Face="Garamond" >
 &#42
</Font>

</p>

</Font>

</p>

<input type="submit" value="New">
</form>

</body>
</html>
note:my pc crash so i am using a cybercafe, so there might be a delay in responding , sorry
Jasbir21Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JNicCommented:
This is the part of your code in question:

boolean anyRecords=rs.next();
//while(rs.next()){
//if(anyRecords){
//if(rs.getString(1).trim().equals(username))
 //if(rs.getString(2).trim().equals(passwd))
//System.out.println("OK");    
//}
 if( request.getParameter( "posted" ) != null )
           response.sendRedirect( "jas2.jsp" ) ;

I would do like this:

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jimmackCommented:
Have you considered using the login management facilities that are built into the servlet container?

Have a look at the code that you can get from this page:

http://archive.moreservlets.com/Chapter7.html

If you want to see the details about how to implement this fully, you'll need to buy the book ;-)
0
kennethxuCommented:
if you don't want to buy the book, here is a free online resource to get you started with standard j2ee security.
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
and if you use tomcat:
http://www.onjava.com/pub/a/onjava/2001/07/24/tomcat.html?page=2
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Jasbir21Author Commented:
hi,
  I am unable to try it on now, coz i haven't got my pc ,pls give me a day.

Thanks
0
Jasbir21Author Commented:
hi,
 i have tried :
boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
   System.out.println("OK");
}
else{
    response.sendRedirect( "jas2.jsp" ) ;
}

   
the problem is if the login is not sucessful, error,sorry unsucessful log-in should pop up with the username field and password field again.

Eg,
Unsucessful log-in,pls try again

Username :_______________
Password:________________

I tried puting it like this :

boolean match=false;
if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"
   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}

if (match){
 response.sendRedirect( "jas2.jsp" ) ;
 
}
else{
out.println("Unsucessful login,");
    }

When i tried this the error message gets displayed without the user loggin or not
   


0
jimmackCommented:
For testing purposes, add a line inside your "if" and an "else" like this:

if (rs.next()){
// the following line assumes your db-fields are called "password" and "username"

   System.out.println("rs password = " + rs.getSting("password") + ", rs username = " + rs.getString("username"));

   if (rs.getString("password").equals(passwd)&&rs.getString("username").equals(username)){
      match=true;
   }
}
else
{
    System.out.println("Result set is empty");
}

I'm guessing that either the username or password don't match, or you have an empty result set.
0
Jasbir21Author Commented:
hi, i have split points because both answers help me.

thanks and God bless
0
jimmackCommented:
;-) Thanx
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
JSP

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.