Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Enterprise & Remote Computing >> Web Tier APIs

ID Verification using JSP

[nobr][nobr]Hi All,

i am using the code below to make ID Verification of accessing a web site but the the validation method does not work, i mean i can access the web site with any username and password even if they are not stored in the database.

where am using a table of customers how only allowed to access the web site.

can anyone know what is wrong in the code,

thanks iin advace.

login.jsp

<html>

<head>

<title>Login page</title>

</head>

<body>

<br>

<h3><center>Please enter your user name and

password</center></h3>

<br>

<br>

<form action="process2.jsp "method ="post" >

<center>username</center>

<center><input type ="text" name=

"username"></center>

<center>password</center>

<center><input type ="password" name =

"password"></center>

<center><input type="submit"name="Submit"

value="Login"></center>

</form>

</body>

</html>

[code]

process2.jsp page

[code]

<%@ page import="java.util.*" %>

<jsp:useBean id="idHandler" class="foo.Login" scope="request">

<jsp:setProperty name="idHandler" property="*"/>

</jsp:useBean>

<%

if (idHandler.validate()){

%>

<jsp:forward page="success.jsp"/>

<%

}else{

%>

<jsp:forward page="retry.jsp"/>

<%

}

%>

the bean class

import java.sql.*;

publicclass Login{

private String username ="";

private String password ="";

public Login(){

}

publicvoid setUsername(String username){

this.username = username;

}

publicvoid setPassword(String password){

this.password = password;

}

publicboolean authenticate(String username2,

String password2){

String query="select * from Registration;";

String DbUserName="";

String DbPassword="";

String finalUser="";

try{

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

Connection

con=DriverManager.getConnection("jdbc:odbc:register");

Statement stat=con.createStatement();

ResultSet rst=stat.executeQuery(query);

while(rst.next())

{

DbUserName=rst.getString("UserName");

DbPassword=rst.getString("password");

if (username2.equals(DbUserName) &&

password2.equals(DbPassword)){

break;

}

}

returntrue;

}catch(Exception e){

e.printStackTrace();

returnfalse;

}

}}

[/nobr]

[4876 byte] By [Sehama] at [2007-11-26 22:35:38]
«« Printing the whole file
»» valueMap code snippet
# 1

Okay I don't see a validate method in the Login class but I assume you mean the authenticate method.

look at the relevant code snippet:

while(rst.next()) {

DbUserName=rst.getString("UserName");

DbPassword=rst.getString("password");

if (username2.equals(DbUserName) &&

password2.equals(DbPassword)) {

break;

}

}

return true;

No matter what happens (whether you find a match or not) when you leave the while loop you return true which means everybody is authenticated.

Try something like this

public boolean authenticate(String username2,

String password2) {

String query="select * from Registration;";

String DbUserName="";

String DbPassword="";

String finalUser="";

try {

Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");

Connection con=DriverManager.getConnection("jdbc:odbc:register");

Statement stat=con.createStatement();

ResultSet rst=stat.executeQuery(query);

while(rst.next()) {

DbUserName=rst.getString("UserName");

DbPassword=rst.getString("password");

if (username2.equals(DbUserName) &&

password2.equals(DbPassword)) {

return true;

}

}

}catch(Exception e){

e.printStackTrace();

}

return false;

}

Of course you'll want to add a finally block to close you database connection, statment and resultset gracefully.

tolmanka at 2007-7-10 11:45:03 > top of Java-index,Enterprise & Remote Computing,Web Tier APIs...
Enterprise & Remote Computing
Web Tier APIs

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified