• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 404
  • Last Modified:

jsp email authentication

I want to design a log in page by using jsp, and mysql.  The funcation I want to implement is, when a  new user first time log in, they need create an account,

The order is:
1. user need input their email address, then the email address will be varified by a jsp progarm and a db table (On server side, I will create a table which store all authunicated user email address and name)

If successful, that means this user is legiable to create an account. i.e. create their own password.

2. After they input all these information, they need check their email to active their account. Their password will also be stored in the table. If later on, they forget their password, they can retirve it through email.

My question is how to use email to do the authentication, i.e. through checking email to active their account for the first time?

Wish to hear your suggestions about this.

Thank you so much for your help.
0
lilyyan
Asked:
lilyyan
  • 8
  • 3
1 Solution
 
maXXXeECommented:
In ur mysql database u could hav a column with boolean value.  Lets say u first set that column to false.

and then u send a link to user for account activation.
Eg: http://yoursite/activate.jsp?id=username

In the activate page  you set the boolean value in the db to true for the record with the username.
0
 
bloodredsunCommented:
I would advise that you send the new user a link which is only valid for 1 hour. This link contains a version of their username and email combined  as a request parameter but not as shown above in plain text but as a hashed version.
0
 
lilyyanAuthor Commented:
Hi, appreciate your replies.

maXXXeE :
I'm thinking your idea is :

1. after user create their password, they will need to check therir email. and in the email, there is a link: http://yoursite/activate.jsp?id=username . when user click the link, the activate.jsp will set the boolean value to true.

--But how this can be implemented ?

2. How about the second time login?

i.e. That  boolean column has been set to be true. How the program knows this is the first time login or the second time login. Do I need another jsp to achieve this?

would you please show me an example?


bloodredsun: thanks for your advice.

I would consider your idea later, as it's more complicated to me.

look forward to hearing your replies.



0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
maXXXeECommented:
1)once u add a field to the database (lets assume  the table name "users"  field name to be "active")
in the activate.jsp u will change value of that field to true
--activate.jsp
  ...connection code...
  resultset=statement.execute("update users set active=true where username='" + request.getParameter("username") +"'");
  ...code...

2)evertime the user login, the login script should check the field. and only give access if the value of field is true
--login.jsp
  ...code...
  if(!rs.getBoolean("active"))
  {
     //redirect to error page
  }
0
 
lilyyanAuthor Commented:
Hi , thank you sooo much.

I'm still a little confused.

1). In step one

Suppose there is a form

<form action="http://yoursite/activate.jsp?id=username" method="post">

User input email add. , name , and password.

</form>

In your idea, do users need to check email to active their account?

If so, how to achieve this?

Thanks for your reply.
0
 
maXXXeECommented:
u did not get it clear
===
<form action="http://yoursite/activate.jsp?id=username" method="post">

User input email add. , name , and password.

</form>
====
the above code is wrong
-------------------------------------------------

I will start over once again

1)u will have a form where users will register
<form action="register.jsp" method="post">

User input email add. , name , and password.

</form>

2)IN YOUR REGISTER PAGE, once registration is succesfully completed, u have to send the link "http://yoursite/activate.jsp?id=username" to the email of the user.

3) The user will check the mail send to him and click on the link

next steps as i said in previous comment, repeating once more

4)once u add a field to the database (lets assume  the table name "users"  field name to be "active")
in the activate.jsp u will change value of that field to true
--activate.jsp
  ...connection code...
  resultset=statement.execute("update users set active=true where username='" + request.getParameter("username") +"'");
  ...code...

5)evertime the user login, the login script should check the field. and only give access if the value of field is true
--login.jsp
  ...code...
  if(!rs.getBoolean("active"))
  {
     //redirect to error page
  }
0
 
lilyyanAuthor Commented:
Hi thanks a lot for your reply.

Right now, I'm trying to set the password by using sql update statement: ( I already hard coded )
----------
insertStmt = sqlConn.prepareStatement("UPDATE useraccounts SET userPassword=1234 WHERE userName=abc");
insertStmt.executeUpdate();

--------------
There is always en error : java.lang.NullPointerException .........

----------
in this line :insertStmt.close();

Could you help check is there any error in above statements ?

Appreciate your attention.


0
 
lilyyanAuthor Commented:
please ingore my last post. There is a syntax error in the program.
0
 
lilyyanAuthor Commented:
Hi maXXXeE,

In the link: http://yoursite/activate.jsp?id=username

what id stands for ? Is id a variable name ?

also in : request.getParameter("username")

username should be a variable name ?

may you explain a little bit ?

Thanks a lot for your attention






0
 
lilyyanAuthor Commented:
maXXXeE,

I'm thinking id is a hidden field, so I add one line in register.jsp

<input type="hidden" name="id">

1. when you use:" http://yoursite/activate.jsp?id=username" to pass the variable in the url, in here username name is a variable name or a string( the user's actual name)?   I'm confused about this.

2. when using this statemant: "request.getParameter("username")" in active.jsp , I replaced username with id, cause when I print :
out.println("username=" + username), it's a null value.
----------------------------------------
but:  request.getParameter("id")
out.println("id=" + id), i got id=username, still incorrect.


0
 
lilyyanAuthor Commented:
also I'm thinking I just send user this link: http://yoursite/activate.jsp

and set <input type="hidden" name="id" value="<%=username"%>> in register.jsp.

will this be a good idea?

Thank you sooo much for your reply.
0
 
lilyyanAuthor Commented:
Hello, maXXXeE

Problem solved. Thanks for your replies and suggestions.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now