Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 445
  • Last Modified:

Simple Login problem

Hi once again,

    The problem regards the login page....

1 - When I enter a new ID and wrong password, the "Main.jsp" page appears

2 - When I enter a wrong ID and new password, the "Main.jsp" page appears

3 - When I enter both wrong ID and password, the "Main.jsp" page appears

4 - When I enter both new ID and password, the "Login.jsp?error=bad" page appears. Why is it so? Everything is going in reverse. If I enter a wrong ID or password, then the "Login.jsp?error=bad" must appear

What's the solution... ???

<%
  PreparedStatement ps = con.prepareStatement("select * from customer where loginid = '" + request.getParameter("uid") + "' and password = '" + request.getParameter("pwd") + "'");
  ResultSet rs1 = ps.executeQuery();

  while(rs1.next())
  {
    if(request.getParameter("uid")!=null && request.getParameter("pwd")!=null)
    {
      if(rs1.getString("loginid").equals(request.getParameter("uid")) && rs1.getString("password").equals("pwd"))
      {
        out.println("Hello");
      }else{
        response.sendRedirect("Login.jsp?error=bad");
      }
    }
  }
%>
0
adnan_rais
Asked:
adnan_rais
  • 8
  • 8
  • 5
  • +1
2 Solutions
 
JNicCommented:
I am not sure why it does it in reverse, but I see some issues that we can fix.

1) Are you sure that your db-table customer contains the fields "loginid" and "password" ?
2) You are double checking at the moment. First you do a search in your db where you only ask for results that contains the entered loginid and the entered password. Then on these results you run another test for the same thing.

What about just doing like this:
<%
  PreparedStatement ps = con.prepareStatement("select * from customer where loginid = '" + request.getParameter("uid") + "' and password = '" + request.getParameter("pwd") + "'");
  ResultSet rs1 = ps.executeQuery();
if (rs1.next()){  // Here you just say: "If there exists any customers with the entered loginid/password comination then..."
  System.out.println("hello");
}
else{
   response.sendRedirect("Login.jsp?error=bad");
}
%>

Let me know, if it works :-)

Regards,

Nic
0
 
jimmackCommented:
You say that you get the error when you enter a "new" login and password.  This implies that the record should not appear in the database.

JNic's solution should be used if you are attempting to identify if the uid and pwd already exist (though you might want to add the test for nulls:

<%
  if(request.getParameter("uid")!=null && request.getParameter("pwd")!=null)
  {
      // Include JNic's solution here
  }
  else
  {
    response.sendRedirect("Login.jsp?error=bad");
  }
%>

However, the way your question is worded implies that you want Main.jsp to appear only if a new uid/password combintation is entered.  Is that what you actually want?

Perhaps I can clarify that last question.

When you say "When I enter both new ID and password", do you mean that the ID and password are already in the database or not?
0
 
TimYatesCommented:
And

if(rs1.getString("loginid").equals(request.getParameter("uid")) && rs1.getString("password").equals("pwd"))

should be:

if(rs1.getString("loginid").equals(request.getParameter("uid")) && rs1.getString("password").equals(request.getParameter("pwd")))
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jimmackCommented:
Haha.  Missed that one ;-)
0
 
TimYatesCommented:
hee hee...

20 points doesn't split 3 ways either ;-)

I just couldn't resist :-)
0
 
JNicCommented:
Good find! - Missed it too... ;-/
0
 
adnan_raisAuthor Commented:
JNic ur idea worked out but look a another big problem... the same problem that occurred in my last question.....

According to the following code

1 - if i enter wrong Transfering Account no but existing account no, the page works correctly by moving to Transfer.jsp with an error message

2 - If I enter a wrong Account no but existing Transfering Account no. the page once again works correctly by moving to Transfer.jsp with an error message

   but the main problem is that in case 2, it also updates the 'balance' field of the Transfering Account owner.... Although it shouldn't do like that.....Why is it so? Reply me immediately plz......

JNic, jimmack.... plz sort out the solution
I'm waiting for ur replies desperately

<%
  PreparedStatement ps = con.prepareStatement("select * from account where account_no = " + request.getParameter("acc_no") + " and loginid = '" + session.getAttribute("userID") + "'");
  ResultSet rs = ps.executeQuery();

  boolean insertTo = true;
  if(rs.next())
  {
    insertTo = true;
  }else{
    insertTo = false;
    response.sendRedirect("Transfer.jsp?error=bad&acc_no=" + request.getParameter("acc_no") + "&trans_acc_no=" + request.getParameter("trans_acc_no") + "&amt=" + request.getParameter("amt") + "&bank=" + request.getParameter("bank") + "");
  }

  PreparedStatement ps1 = con.prepareStatement("select * from account where account_no = " + request.getParameter("trans_acc_no") + " and branch_code = " + request.getParameter("bank") + "");
  ResultSet rs1 = ps1.executeQuery();

  if(rs1.next())
  {
    insertTo = true;
  }else{
    insertTo = false;
    response.sendRedirect("Transfer.jsp?ac=bad&acc_no=" + request.getParameter("acc_no") + "&trans_acc_no=" + request.getParameter("trans_acc_no") + "&amt=" + request.getParameter("amt") + "&bank=" + request.getParameter("bank") + "");
  }

  PreparedStatement ps2 = con.prepareStatement("select * from account where account_no = " + request.getParameter("acc_no") + " and loginid = '" + session.getAttribute("userID") + "'");
  ResultSet rs3 = ps2.executeQuery();

  int bal=0;
  while(rs3.next())
  {
    bal = rs3.getInt("balance");
    bal = bal - 2000;
    if(bal < Integer.parseInt(request.getParameter("amt")))
    {
      insertTo = false;
      out.println("<br><br>Hello " + session.getAttribute("userID") + "!");
      out.println("<br><br><br><br><font color=blue face=verdana size=3><b>Your balance is not sufficient to transfer the amount of " + request.getParameter("amt") + " /- Rs</b></font>");
    }
  }

    if(insertTo){
      int trans_bal=0;
      int bal1=0;
      int bal2 = 0;
      PreparedStatement ps3 = con.prepareStatement("select * from account where account_no = " + request.getParameter("trans_acc_no") + " and branch_code = " + request.getParameter("bank") + "");
      ResultSet rs4 = ps3.executeQuery();

      while(rs4.next())
      {
        insertTo = false;
        bal1 = rs4.getInt("balance");
      }
      trans_bal = bal1 + Integer.parseInt(request.getParameter("amt"));
      out.println("trans_add_bal: " + trans_bal);

      int remainingBal = 0;
      out.println("bal: " + (bal+2000));
      remainingBal = (bal+2000) - Integer.parseInt(request.getParameter("amt"));
      out.println("rem_bal: " + remainingBal);
      out.println("trans_bal: " + bal1);
      out.println("<br><br>Hello " + session.getAttribute("userID") + "!<br>");
      out.println("<br><br><br><br><font color=blue face=verdana size=3><b>Money transferred successfully</b></font><br>");
      out.println("<br><br>User Balance Before Transfer = <b>" + (bal+2000) + " /- Rs</b>");
      out.println("<br>Transferring Money = <b>" + request.getParameter("amt") + " /- Rs</b>");
      out.println("<br>Your remaining balance after Transferring Money = <b>" + (remainingBal) + " /- Rs</b>");

      Statement statement = con.createStatement();
      String strSQL = "Update account set balance = " + remainingBal + " where account_no = " + request.getParameter("acc_no") + " and loginid = '" + session.getAttribute("userID") + "'";
      statement.executeUpdate(strSQL);
      statement.close();

      Statement statement2 = con.createStatement();
      String strSQL1 = "Update account set balance = " + trans_bal + " where account_no = " + request.getParameter("trans_acc_no") + " and branch_code = " + request.getParameter("bank") + "";
      statement2.executeUpdate(strSQL1);
      statement2.close();
    }
%>
0
 
JNicCommented:
In the very beginning (line four):

Change :  boolean insertTo = true;

to: boolean insertTo=false;

I think that is it. Otherwise let us know. - Btw. 20 points is certainly hard earned these days! ;-)

Regards,

Nic
0
 
adnan_raisAuthor Commented:
it still did the same, i.e. , updated the 'balance' field of Transfering Account No by adding the amount when the error for "Account No doesn't exist" appears in Transfer.jsp.... It is doing double action, adding the 'balance' field for Transfering Account No when almost all data is entered properly and when the account matching error occurs... What to do?
0
 
adnan_raisAuthor Commented:
did u giyz find any solution plz do reply as it's urgent
0
 
jimmackCommented:
You're using:

while (rs3.next()) again instead of an if.  I don't think the loop is necessary and may be causing problems.

Similarly you have while(rs4.next())

Also, within the while(rs4.next()) loop, you set insertTo to false, but it is not tested again after that.

Your prepared statements ps and ps2 are the same.

I'm working on restructuring the code.  Expect it within the next 10 minutes.  Make a backup of your existing code now, just in case the new version contains mistakes!
0
 
jimmackCommented:
Ok, replace the code you've shown above with the following.  It's now all in nested "if"s, which isn't particularly nice to look at, but I think the logic flows a bit better.

With the size of this code, you should give serious consideration to creating some separate methods to do some of these bits.

Remember.  I told you to back up your existing code before replacing it with the following!

<%
        PreparedStatement ps = con.prepareStatement("select * from account where account_no = " +
                request.getParameter("acc_no") +
                " and loginid = '" +
                session.getAttribute("userID") +
                "'");
               
        PreparedStatement ps1 = con.prepareStatement("select * from account where account_no = " +
                request.getParameter("trans_acc_no") +
                " and branch_code = " +
                request.getParameter("bank") +
                "");

        ResultSet rs = ps.executeQuery();

        if (rs.next())  // Valid user found in database
        {
            ResultSet rs1 = ps1.executeQuery();
   
            if (rs1.next())  // Transaction account found
            {
                ResultSet rs3 = ps.executeQuery();
       
                int bal = 0;
                if (rs3.next())  // Valid user found (again!) in database
                {
                    bal = rs3.getInt("balance");
                    bal = bal - 2000;
                    if (bal < Integer.parseInt(request.getParameter("amt")))  // Not enough balance for transfer
                    {
                        out.println("<br><br>Hello " + session.getAttribute("userID") + "!");
                        out.println("<br><br><br><br><font color=blue face=verdana size=3><b>Your balance is not sufficient to transfer the amount of " +
                                request.getParameter("amt") +
                                " /- Rs</b></font>");
                    }
                    else // Balance contains enough for transfer
                    {
                        int trans_bal = 0;
                        int bal1 = 0;
                        int bal2 = 0;
                        ResultSet rs4 = ps1.executeQuery();
           
                        if(rs4.next())  // Transaction account details found (again!)
                        {
                            bal1 = rs4.getInt("balance");
                            trans_bal = bal1 + Integer.parseInt(request.getParameter("amt"));
                            out.println("trans_add_bal: " + trans_bal);
               
                            int remainingBal = 0;
                            out.println("bal: " + (bal + 2000));
                            remainingBal = (bal + 2000) - Integer.parseInt(request.getParameter("amt"));
                            out.println("rem_bal: " + remainingBal);
                            out.println("trans_bal: " + bal1);
                            out.println("<br><br>Hello " + session.getAttribute("userID") + "!<br>");
                            out.println("<br><br><br><br><font color=blue face=verdana size=3><b>Money transferred successfully</b></font><br>");
                            out.println("<br><br>User Balance Before Transfer = <b>" + (bal + 2000) + " /- Rs</b>");
                            out.println("<br>Transferring Money = <b>" + request.getParameter("amt") + " /- Rs</b>");
                            out.println("<br>Your remaining balance after Transferring Money = <b>" + (remainingBal) + " /- Rs</b>");
               
                            Statement statement = con.createStatement();
                            String strSQL = "Update account set balance = " + remainingBal + " where account_no = " + request.getParameter("acc_no") + " and loginid = '" + session.getAttribute("userID") + "'";
                            statement.executeUpdate(strSQL);
                            statement.close();
               
                            Statement statement2 = con.createStatement();
                            String strSQL1 = "Update account set balance = " + trans_bal + " where account_no = " + request.getParameter("trans_acc_no") + " and branch_code = " + request.getParameter("bank") + "";
                            statement2.executeUpdate(strSQL1);
                            statement2.close();
                        }
                    }
                }
            }
            else
            {
                response.sendRedirect("Transfer.jsp?ac=bad&acc_no=" +
                        request.getParameter("acc_no") +
                        "&trans_acc_no=" +
                        request.getParameter("trans_acc_no") +
                        "&amt=" +
                        request.getParameter("amt") +
                        "&bank=" +
                        request.getParameter("bank") +
                        "");
            }
        }
        else
        {
            response.sendRedirect("Transfer.jsp?error=bad&acc_no=" +
                    request.getParameter("acc_no") +
                    "&trans_acc_no=" +
                    request.getParameter("trans_acc_no") +
                    "&amt=" + request.getParameter("amt") +
                    "&bank=" + request.getParameter("bank") +
                    "");
        }
%>
0
 
adnan_raisAuthor Commented:
ok
0
 
adnan_raisAuthor Commented:
just wait
0
 
jimmackCommented:
I can't believe I'm doing all this for just 20 points (JNic too) ;-)
0
 
adnan_raisAuthor Commented:
Thanx ur code worked
0
 
jimmackCommented:
Have you got 20 points to spare so that you can increase the points to 40 and split it between JNic and myself?
0
 
JNicCommented:
Thanks jimmack :-)

Adnan_rais, if I may, I will give you a few advices:

1) You should be careful not to work with too large parts of code that you dont understand fully. This is a mistake I have often made myself, and the result is very often, that it is hard to ask the right questions.
Instead of just replacing your code with complete solutions, try to be harder on yourself and really make sure that you can justify every part of the code.

2) If you know, that your code is going a certain place (fx to your response.sendRedirects) but do not understand why it behaves in a certain manner, it helps to print out as much debugging as you can. Fx. Print out the revelant db-reads, the relevant request-parameter-reads, print out results of branches in the code.

Heres a small example of what you could do if you are in trouble (its just a random snip of jimmacks code):

if (rs.next())  // Valid user found in database
        {
            System.out.println("Valid user found");  // added by Nic
            ResultSet rs1 = ps1.executeQuery();
   
            if (rs1.next())  // Transaction account found
            {
                System.out.println("Transaction account found"); // added by Nic
                ResultSet rs3 = ps.executeQuery();
       
                int bal = 0;
                if (rs3.next())  // Valid user found (again!) in database
                {
                    System.out.println("Valid user found - yes again"); // added by Nic
                    bal = rs3.getInt("balance");

And so on....

3) make good comments (like jimmack did) in the code. It helps you to remember what happens.

4) NEVER feel ashamed of asking questions. - We all have holes in our knowledge! (Maybe except kennethxu ;-D)

Good luck in your future work!

Regards,

Nic
0
 
adnan_raisAuthor Commented:
Just a little more problem to ask.....

In the database, the 'trans_date' field(datatype is Date/Time) contains the following dates for the 'account_no' 3....

11/15/03
11/15/03
11/15/03
11/16/03
11/17/03
11/18/03

if I enter 11/15/03 as start date, and 11/20/03 as end date.... the program doesn't go to the next page but redirects to Transaction.jsp with an error showing "End Date is incorrect".... I'm sorry for posting the code once again..... JNic thanx for ur suggestions but what should I do if I can't get it then

//TransAct.jsp
<%
  String sdate = request.getParameter("month") + "/" + request.getParameter("day") + "/" + request.getParameter("year");
  String edate = request.getParameter("month1") + "/" + request.getParameter("day1") + "/" + request.getParameter("year1");

  out.println(sdate + "<br>" + edate);
  PreparedStatement ps = con.prepareStatement("select * from transaction1 where account_no = " + request.getParameter("acc_no") + " and trans_date >= " + sdate + "");

  PreparedStatement ps1 = con.prepareStatement("select * from transaction1 where account_no = " + request.getParameter("acc_no") + " and trans_date <= " + edate + "");

  PreparedStatement ps2 = con.prepareStatement("select * from account where account_no = " + request.getParameter("acc_no") + " and loginid = '" + session.getAttribute("userID") + "'");

  PreparedStatement ps3 = con.prepareStatement("select * from transaction1 where account_no = " + request.getParameter("acc_no") + " and trans_date >= " + sdate + " and trans_date <= " + edate + "");

  ResultSet rs = ps.executeQuery();
  if(rs.next())
  {
    ResultSet rs1 = ps1.executeQuery();
    if(rs1.next())
    {
      ResultSet rs2 = ps2.executeQuery();
      if(rs2.next())
      {
        ResultSet rs3 = ps3.executeQuery();

        if(rs3.next())
        {
          out.println("<tr bgcolor=whitesmoke>");
          out.println("<td align=right>" + rs3.getInt("transaction_id") + "</td>");
          out.println("<td>" + rs3.getDate("trans_date") + "</td>");
          out.println("<td align=right>" + rs3.getInt("debit") + "</td>");
          out.println("<td align=right>" + rs3.getInt("credit") + "</td>");
          out.println("<td align=right>" + rs3.getInt("transaction_account_no") + "</td>");
          out.println("</tr>");
        }
      }else{
        response.sendRedirect("Transaction.jsp?login=bad&month=" + request.getParameter("month") + "&day=" + request.getParameter("day") + "&year=" + request.getParameter("year") + "&month1=" + request.getParameter("month1") + "&day1=" + request.getParameter("day1") + "&year1=" + request.getParameter("year1") + "&acc_no=" + request.getParameter("acc_no") + "");
      }
    }else{
      response.sendRedirect("Transaction.jsp?edate=bad&month=" + request.getParameter("month") + "&day=" + request.getParameter("day") + "&year=" + request.getParameter("year") + "&month1=" + request.getParameter("month1") + "&day1=" + request.getParameter("day1") + "&year1=" + request.getParameter("year1") + "&acc_no=" + request.getParameter("acc_no") + "");
    }
  }else{
    response.sendRedirect("Transaction.jsp?sdate=bad&month=" + request.getParameter("month") + "&day=" + request.getParameter("day") + "&year=" + request.getParameter("year") + "&month1=" + request.getParameter("month1") + "&day1=" + request.getParameter("day1") + "&year1=" + request.getParameter("year1") + "&acc_no=" + request.getParameter("acc_no") + "");
  }
%>

//Here is the error catching code in Transaction.jsp
<%
  String err = request.getParameter("login");
  String err1 = request.getParameter("edate");
  String err2 = request.getParameter("sdate");
  if( err != null )
  {
    out.println("<tr><td align=middle colspan=2><b><font color=red size=3>Account # doesn't exist</font></b></td></tr>");
  }else if( err1 != null )
  {
    out.println("<tr><td align=middle colspan=2><b><font color=red size=3>End Date is incorrect</font></b></td></tr>");
   }else if( err2 != null )
  {
    out.println("<tr><td align=middle colspan=2><b><font color=red size=3>Start Date is incorrect</font></b></td></tr>");
  }
%>

Do let me know what to do n sorry for disturbing many more times
0
 
adnan_raisAuthor Commented:
if I enter a wrong account no, then "Start Date is incorrect" error is displayed although account_no error must b shown
0
 
jimmackCommented:
adnan_rais, I'm sorry, but I think that JNic and I have already done more than enough for your original question.  This one should definitely be posted as a different question.
0
 
JNicCommented:
I have to say that I agree with jimmack....  
Note the question guidelines (for ONE question):

This question is urgent or extremely difficult (500 points)
This question is important or difficult (250 points)
This question is not important and moderately difficult (125 points)
This question is not important and easy (50 points)

0
 
jimmackCommented:
Thanx ;-)
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 8
  • 8
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now