Solved

jsp and java class login script

Posted on 2004-09-09
8
423 Views
Last Modified: 2010-04-01
I have this function to check if a login is correct:

    public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs != null)
            ret = true;
        return(ret);
    }

And my JSP looks like this:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title></head>
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("submit");
if (submit != null){
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    ua.dbConnect();
    if (ua.authUser(username, password)) {
        session.setAttribute("logged", username);
        String logged = (String)session.getValue("logged");
        msg = "You are now logged in, " + logged + "";
        } else {
            msg = "Unable to log you in, your username and password must be wrong.";
        }
    %>

<%= msg %>

    <%
 } else {
    %>
    <form method='post' action='index.jsp'>
    <table width='300' border='0'>
        <tr>
            <td colspan='2'><%= msg %>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' size='30' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password' size='30'/></td>
        </tr>
        <tr>
            <td>Submit:</td>
            <td><input type='submit' name='submit' value='Login'/></td>
        </tr>
    </table>
    </form>
<%
}
%>
       

</body>
</html>


It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?

Thanks!
0
Comment
Question by:k41d3n
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:hamood
ID: 12017265
check your rs like this

if (rs.next()) {

return true;
}

hamood
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017312
And don't forget to close the resultSet and statement, or else you will crash the database fairly quickly... :-(
0
 
LVL 4

Accepted Solution

by:
hamood earned 500 total points
ID: 12017343
You need to move to the first record in rs if it exists by using rs.next method. If any reord found by querey then rs.next will move you to the first record.


this statement will always return true
if rs!=null is always true because rs in not null in this case.
rs = stmt.executeQuery();
 
Your complete function will be like this

public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs.next()){
               ret = true;
        }  
        return(ret);
    }


hamood
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12017374
That did it.

I need to learn the nuances of using classes.


Thanks for your help.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 35

Expert Comment

by:TimYates
ID: 12017394
And as I said...close your resultset and statement:

public boolean authUser(String username, String password) throws Exception {
    try {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        return rs.next() ;
    }
    finally {
        try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
        try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
    }
}
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12018309
I have a dbDisconnect(); that does that, I just forgot to call it in the jsp.

Thanks Tim :)
0
 
LVL 1

Expert Comment

by:pronane
ID: 12055564
can i ask a question?  what else does ur jsp do once uve logged in?  do you not keep getting back to the same page that says ur logged in?
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12057555
Nah, it sets a cookie, and a session then redirects to the main index page.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
In  today’s increasingly digital world, managed service providers (MSPs) fight for their customers’ attention, looking for ways to make them stay and purchase more services. One way to encourage that behavior is to develop a dependable brand of prod…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now