k41d3n
asked on
jsp and java class login script
I have this function to check if a login is correct:
public boolean authUser(String username, String password) throws Exception {
String query = "SELECT * FROM user WHERE username = ? AND password = ?";
stmt = conn.prepareStatement( query );
stmt.setString( 1, username );
stmt.setString( 2, password );
rs = stmt.executeQuery();
boolean ret = false;
if (rs != null)
ret = true;
return(ret);
}
And my JSP looks like this:
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("subm
if (submit != null){
String username = request.getParameter("user
String password = request.getParameter("pass
ua.dbConnect();
if (ua.authUser(username, password)) {
session.setAttribute("logg
String logged = (String)session.getValue("
msg = "You are now logged in, " + logged + "";
} else {
msg = "Unable to log you in, your username and password must be wrong.";
}
%>
<%= msg %>
<%
} else {
%>
<form method='post' action='index.jsp'>
<table width='300' border='0'>
<tr>
<td colspan='2'><%= msg %>
<tr>
<td>Username:</td>
<td><input type='text' name='username' size='30' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' size='30'/></td>
</tr>
<tr>
<td>Submit:</td>
<td><input type='submit' name='submit' value='Login'/></td>
</tr>
</table>
</form>
<%
}
%>
</body>
</html>
It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?
Thanks!
public boolean authUser(String username, String password) throws Exception {
String query = "SELECT * FROM user WHERE username = ? AND password = ?";
stmt = conn.prepareStatement( query );
stmt.setString( 1, username );
stmt.setString( 2, password );
rs = stmt.executeQuery();
boolean ret = false;
if (rs != null)
ret = true;
return(ret);
}
And my JSP looks like this:
<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("subm
if (submit != null){
String username = request.getParameter("user
String password = request.getParameter("pass
ua.dbConnect();
if (ua.authUser(username, password)) {
session.setAttribute("logg
String logged = (String)session.getValue("
msg = "You are now logged in, " + logged + "";
} else {
msg = "Unable to log you in, your username and password must be wrong.";
}
%>
<%= msg %>
<%
} else {
%>
<form method='post' action='index.jsp'>
<table width='300' border='0'>
<tr>
<td colspan='2'><%= msg %>
<tr>
<td>Username:</td>
<td><input type='text' name='username' size='30' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' size='30'/></td>
</tr>
<tr>
<td>Submit:</td>
<td><input type='submit' name='submit' value='Login'/></td>
</tr>
</table>
</form>
<%
}
%>
</body>
</html>
It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?
Thanks!
And don't forget to close the resultSet and statement, or else you will crash the database fairly quickly... :-(
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That did it.
I need to learn the nuances of using classes.
Thanks for your help.
I need to learn the nuances of using classes.
Thanks for your help.
And as I said...close your resultset and statement:
public boolean authUser(String username, String password) throws Exception {
try {
String query = "SELECT * FROM user WHERE username = ? AND password = ?";
stmt = conn.prepareStatement( query );
stmt.setString( 1, username );
stmt.setString( 2, password );
rs = stmt.executeQuery();
return rs.next() ;
}
finally {
try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
}
}
public boolean authUser(String username, String password) throws Exception {
try {
String query = "SELECT * FROM user WHERE username = ? AND password = ?";
stmt = conn.prepareStatement( query );
stmt.setString( 1, username );
stmt.setString( 2, password );
rs = stmt.executeQuery();
return rs.next() ;
}
finally {
try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
}
}
ASKER
I have a dbDisconnect(); that does that, I just forgot to call it in the jsp.
Thanks Tim :)
Thanks Tim :)
can i ask a question? what else does ur jsp do once uve logged in? do you not keep getting back to the same page that says ur logged in?
ASKER
Nah, it sets a cookie, and a session then redirects to the main index page.
if (rs.next()) {
return true;
}
hamood