Solved

jsp and java class login script

Posted on 2004-09-09
8
429 Views
Last Modified: 2010-04-01
I have this function to check if a login is correct:

    public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs != null)
            ret = true;
        return(ret);
    }

And my JSP looks like this:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title></head>
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("submit");
if (submit != null){
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    ua.dbConnect();
    if (ua.authUser(username, password)) {
        session.setAttribute("logged", username);
        String logged = (String)session.getValue("logged");
        msg = "You are now logged in, " + logged + "";
        } else {
            msg = "Unable to log you in, your username and password must be wrong.";
        }
    %>

<%= msg %>

    <%
 } else {
    %>
    <form method='post' action='index.jsp'>
    <table width='300' border='0'>
        <tr>
            <td colspan='2'><%= msg %>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' size='30' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password' size='30'/></td>
        </tr>
        <tr>
            <td>Submit:</td>
            <td><input type='submit' name='submit' value='Login'/></td>
        </tr>
    </table>
    </form>
<%
}
%>
       

</body>
</html>


It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?

Thanks!
0
Comment
Question by:k41d3n
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:hamood
ID: 12017265
check your rs like this

if (rs.next()) {

return true;
}

hamood
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017312
And don't forget to close the resultSet and statement, or else you will crash the database fairly quickly... :-(
0
 
LVL 4

Accepted Solution

by:
hamood earned 500 total points
ID: 12017343
You need to move to the first record in rs if it exists by using rs.next method. If any reord found by querey then rs.next will move you to the first record.


this statement will always return true
if rs!=null is always true because rs in not null in this case.
rs = stmt.executeQuery();
 
Your complete function will be like this

public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs.next()){
               ret = true;
        }  
        return(ret);
    }


hamood
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 2

Author Comment

by:k41d3n
ID: 12017374
That did it.

I need to learn the nuances of using classes.


Thanks for your help.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017394
And as I said...close your resultset and statement:

public boolean authUser(String username, String password) throws Exception {
    try {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        return rs.next() ;
    }
    finally {
        try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
        try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
    }
}
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12018309
I have a dbDisconnect(); that does that, I just forgot to call it in the jsp.

Thanks Tim :)
0
 
LVL 1

Expert Comment

by:pronane
ID: 12055564
can i ask a question?  what else does ur jsp do once uve logged in?  do you not keep getting back to the same page that says ur logged in?
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12057555
Nah, it sets a cookie, and a session then redirects to the main index page.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SEO can be a real minefield to navigate, but there are three simple ways to up your SEO game just be re-assessing your content output.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question