Solved

jsp and java class login script

Posted on 2004-09-09
8
430 Views
Last Modified: 2010-04-01
I have this function to check if a login is correct:

    public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs != null)
            ret = true;
        return(ret);
    }

And my JSP looks like this:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title></head>
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("submit");
if (submit != null){
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    ua.dbConnect();
    if (ua.authUser(username, password)) {
        session.setAttribute("logged", username);
        String logged = (String)session.getValue("logged");
        msg = "You are now logged in, " + logged + "";
        } else {
            msg = "Unable to log you in, your username and password must be wrong.";
        }
    %>

<%= msg %>

    <%
 } else {
    %>
    <form method='post' action='index.jsp'>
    <table width='300' border='0'>
        <tr>
            <td colspan='2'><%= msg %>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' size='30' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password' size='30'/></td>
        </tr>
        <tr>
            <td>Submit:</td>
            <td><input type='submit' name='submit' value='Login'/></td>
        </tr>
    </table>
    </form>
<%
}
%>
       

</body>
</html>


It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?

Thanks!
0
Comment
Question by:k41d3n
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:hamood
ID: 12017265
check your rs like this

if (rs.next()) {

return true;
}

hamood
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017312
And don't forget to close the resultSet and statement, or else you will crash the database fairly quickly... :-(
0
 
LVL 4

Accepted Solution

by:
hamood earned 500 total points
ID: 12017343
You need to move to the first record in rs if it exists by using rs.next method. If any reord found by querey then rs.next will move you to the first record.


this statement will always return true
if rs!=null is always true because rs in not null in this case.
rs = stmt.executeQuery();
 
Your complete function will be like this

public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs.next()){
               ret = true;
        }  
        return(ret);
    }


hamood
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 2

Author Comment

by:k41d3n
ID: 12017374
That did it.

I need to learn the nuances of using classes.


Thanks for your help.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017394
And as I said...close your resultset and statement:

public boolean authUser(String username, String password) throws Exception {
    try {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        return rs.next() ;
    }
    finally {
        try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
        try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
    }
}
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12018309
I have a dbDisconnect(); that does that, I just forgot to call it in the jsp.

Thanks Tim :)
0
 
LVL 1

Expert Comment

by:pronane
ID: 12055564
can i ask a question?  what else does ur jsp do once uve logged in?  do you not keep getting back to the same page that says ur logged in?
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12057555
Nah, it sets a cookie, and a session then redirects to the main index page.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Multiple Images Upload [JSP Web-application] 3 41
Retrieving file from bytes array in spring mvc 8 62
web application structure 18 95
servlet example 17 51
If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question