Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

jsp and java class login script

Posted on 2004-09-09
8
Medium Priority
?
437 Views
Last Modified: 2010-04-01
I have this function to check if a login is correct:

    public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs != null)
            ret = true;
        return(ret);
    }

And my JSP looks like this:

<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*" %>
<%@page import="auth.*" %>
<html>
<head><title>Login!</title></head>
<body>
<%
UserAuth ua = new UserAuth();
String msg = "You are not logged in.";
String submit = request.getParameter("submit");
if (submit != null){
    String username = request.getParameter("username");
    String password = request.getParameter("password");
    ua.dbConnect();
    if (ua.authUser(username, password)) {
        session.setAttribute("logged", username);
        String logged = (String)session.getValue("logged");
        msg = "You are now logged in, " + logged + "";
        } else {
            msg = "Unable to log you in, your username and password must be wrong.";
        }
    %>

<%= msg %>

    <%
 } else {
    %>
    <form method='post' action='index.jsp'>
    <table width='300' border='0'>
        <tr>
            <td colspan='2'><%= msg %>
        <tr>
            <td>Username:</td>
            <td><input type='text' name='username' size='30' /></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password' size='30'/></td>
        </tr>
        <tr>
            <td>Submit:</td>
            <td><input type='submit' name='submit' value='Login'/></td>
        </tr>
    </table>
    </form>
<%
}
%>
       

</body>
</html>


It sets the session fine, the problem is that even if I enter a false username and password it accepts it as true. What am I doing wrong here?

Thanks!
0
Comment
Question by:k41d3n
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 4

Expert Comment

by:hamood
ID: 12017265
check your rs like this

if (rs.next()) {

return true;
}

hamood
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017312
And don't forget to close the resultSet and statement, or else you will crash the database fairly quickly... :-(
0
 
LVL 4

Accepted Solution

by:
hamood earned 2000 total points
ID: 12017343
You need to move to the first record in rs if it exists by using rs.next method. If any reord found by querey then rs.next will move you to the first record.


this statement will always return true
if rs!=null is always true because rs in not null in this case.
rs = stmt.executeQuery();
 
Your complete function will be like this

public boolean authUser(String username, String password) throws Exception {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        boolean ret = false;
        if (rs.next()){
               ret = true;
        }  
        return(ret);
    }


hamood
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Author Comment

by:k41d3n
ID: 12017374
That did it.

I need to learn the nuances of using classes.


Thanks for your help.
0
 
LVL 35

Expert Comment

by:TimYates
ID: 12017394
And as I said...close your resultset and statement:

public boolean authUser(String username, String password) throws Exception {
    try {
        String query = "SELECT * FROM user WHERE username = ? AND password = ?";
        stmt = conn.prepareStatement( query );
        stmt.setString( 1, username );
        stmt.setString( 2, password );
        rs = stmt.executeQuery();
        return rs.next() ;
    }
    finally {
        try { if( rs != null ) rs.close() ; rs = null ; } catch( SQLException ex ) {}
        try { if( stmt != null ) stmt.close() ; stmt = null ; } catch( SQLException ex ) {}
    }
}
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12018309
I have a dbDisconnect(); that does that, I just forgot to call it in the jsp.

Thanks Tim :)
0
 
LVL 1

Expert Comment

by:pronane
ID: 12055564
can i ask a question?  what else does ur jsp do once uve logged in?  do you not keep getting back to the same page that says ur logged in?
0
 
LVL 2

Author Comment

by:k41d3n
ID: 12057555
Nah, it sets a cookie, and a session then redirects to the main index page.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question