Solved

jsp and java class login script

Posted on 2004-09-09
8
431 Views
Last Modified: 2010-04-01
I have this function to check if a login is correct:

    public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs != null)
            ret = true;
        return(ret);
    }

And my JSP looks like this:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title></head>
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("submit");
if (submit != null){
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    ua.dbConnect();
    if (ua.authUser(username, password)) {
        session.setAttribute("logged", username);
        String logged = (String)session.getValue("logged");
        msg = "You are now logged in, " + logged + "";
        } else {
            msg = "Unable to log you in, your username and password must be wrong.";
        }
    %>

<%= msg %>

    <%
 } else {
    %>
    <form method='post' action='index.jsp'>
    <table width='300' border='0'>
        <tr>
            <td colspan='2'><%= msg %>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' size='30' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password' size='30'/></td>
        </tr>
        <tr>
            <td>Submit:</td>
            <td><input type='submit' name='submit' value='Login'/></td>
        </tr>
    </table>
    </form>
<%
}
%>
       

</body>
</html>


It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?

Thanks!
0
Comment
Question by:k41d3n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:hamood
ID: 12017265
check your rs like this

if (rs.next()) {

return true;
}

hamood
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017312
And don't forget to close the resultSet and statement, or else you will crash the database fairly quickly... :-(
0
 
LVL 4

Accepted Solution

by:
hamood earned 500 total points
ID: 12017343
You need to move to the first record in rs if it exists by using rs.next method. If any reord found by querey then rs.next will move you to the first record.


this statement will always return true
if rs!=null is always true because rs in not null in this case.
rs = stmt.executeQuery();
 
Your complete function will be like this

public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs.next()){
               ret = true;
        }  
        return(ret);
    }


hamood
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:k41d3n
ID: 12017374
That did it.

I need to learn the nuances of using classes.


Thanks for your help.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017394
And as I said...close your resultset and statement:

public boolean authUser(String username, String password) throws Exception {
    try {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        return rs.next() ;
    }
    finally {
        try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
        try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
    }
}
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12018309
I have a dbDisconnect(); that does that, I just forgot to call it in the jsp.

Thanks Tim :)
0
 
LVL 1

Expert Comment

by:pronane
ID: 12055564
can i ask a question?  what else does ur jsp do once uve logged in?  do you not keep getting back to the same page that says ur logged in?
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12057555
Nah, it sets a cookie, and a session then redirects to the main index page.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem with Pie chart in Jsp 20 235
gZip compression filter 2 182
I get error: useBean: Duplicate bean name: {0} 1 162
mysql jsp example issue 32 74
This article was initially published on Monitis Blog, you can read it here . When it comes to deciding which approach to website performance monitoring is best for your business, unfortunately, like so many options in life . . . it depends. In t…
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question