File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes JSP Password checking problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "JSP Password checking problem" Watch "JSP Password checking problem" New topic
Author

JSP Password checking problem

Michael Michna
Greenhorn

Joined: May 28, 2002
Posts: 4
Hi,
I'm currently doing a JSP Project for school, one of my pages is a form where users can log in, their usernames & passwords are stored in a DB.
Here's the code for my code for the form:
[LogIn.jsp]
<%@ page import="java.util.*" %>
<%@ page import="java.sql.*" %>
<HTML>
<HEAD><TITLE>Log Gebruiker in</TITLE>
<link rel="stylesheet" href="gip.css" type="text/css">
</HEAD>
<BODY>
<P>
<P> 
<P> 
<P><img src="images/wsbeheer.gif" width="101" height="11"><br>
<br>
<a href="toevoegen.jsp">Produkten toevoegen</a>
<FORM name="form1" method="post" action="LogInVerwerking.jsp">
<TABLE border=1 cellpadding=0 cellspacing=0>
<TR>
<TD>Gebruikersnaam: </TD>
<TD>
<INPUT type="text" name="GebruikerIn" maxlength="10">
</TD>
</TR>
<BR>
<TR>
<TD>Wachtwoord: </TD>
<TD>
<INPUT type="password" name="WachtwoordIn" maxlength="20">
</TD>
</TR>
<BR>
</TABLE>
<INPUT type="submit" name="Submit" value="Submit">
</FORM>
<P> 
</BODY>
</HTML>
The code that handles the form:
[LogInVerwerking.jsp]
<%@ page import="java.util.*" %>
<%@ page import="java.sql.*" %>
<%
Connection con;
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
String url="jdbc dbc:Gebruikers";
con = DriverManager.getConnection(url);
Statement stmt = con.createStatement();
String user;
String password;

gebruiker=request.getParameter("GebruikerIn");
wachtwoord=request.getParameter("WachtwoordIn");


ResultSet rs = stmt.executeQuery("SELECT * FROM tblGebruikers WHERE USERNAME='"+user+"' AND PASSWORD='"+password+"'");

while(rs.next()){
String dbUser = rs.getString("USERNAME");
String dbPassword= rs.getString("PASSWORD");

boolean entrance;
entrance=false;


if ((user.equals(dbUser)) && (password.equals(dbPassword))){
entrance=true;
}
else{
entrance=false;
}



if (entrance==true){%>
<jsp:forward page="Entrance.jsp"/>
<%}
else{%>
<jsp:forward page="NoEntrance.jsp"/>
<%}
}
%>
Now, the problem is here;
When I put in the correct login & password it forwards me to the 'entrace.jsp' page, but when it's incorrect, instead of redirecting me to the other page it gives me a blank page.. When i switch the first 'entrance==true' to 'false' it redirects me to the 'NoEntrance.jsp' page.. So it doesn't even check if 'entrance' could be false.. (i think)
Your help is greatly appreciated,
Michael
Dave Vick
Ranch Hand

Joined: May 10, 2001
Posts: 3244
Michael
the problem is that you set and test your flag within the while loop and you only enter the while loop if there is a match to the user and password. Pull the entrance delcaration outside of the loop and then test it after the loop:
[LogInVerwerking.jsp]

Or, dont even use the flag and just use the forward tag inside the loop. The select statement already checks for a match so another test is redundant:

hope that helps
[ May 28, 2002: Message edited by: Dave Vick ]

Dave
Michael Michna
Greenhorn

Joined: May 28, 2002
Posts: 4
Thanks,
Actually I tried that earlier too, but it didn't work.. saying that 'entrance' was not a known variable or something, but now i declared it outside the loop and together with what you pointed out it works fine
Thanks
 
wood burning stoves
 
subject: JSP Password checking problem