aspose file tools*
The moose likes Servlets and the fly likes user authentication servlet problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "user authentication servlet problem" Watch "user authentication servlet problem" New topic
Author

user authentication servlet problem

keerthana kuruba
Greenhorn

Joined: May 12, 2011
Posts: 22


Hi ,

i created one servlet for username and password validation.It works fine only for one user.If i create new user then i can able to login in with that new user only not with any another username and password(previous user).I doubt my servlet is not working properly.I will share my servlet code ...please check my code and rectify where i went wrong.Kindly suggest any ideas to work with all new username and password.As am novice in servlet concepts.After the user validation then only i can go further pages to develop.One more thing the else part is not working fine.If the user is not valis it will stay in that page but doesnt show the error message.Please help me.

seevlet code::
-----------------------------------------------------------------
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.util.*;

public class School extends HttpServlet{

public void service (HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
RequestDispatcher dispatcher=null;
Connection conn = null;
String url = "jdbc:mysql://localhost:3306/track?user=root&password=root" ;
String driver = "com.mysql.jdbc.Driver";
String username=new String("");
String password=new String(" ");
//String user=request.getParameter("user");
//String pass=request.getParameter("pass");
String strQuery= "";
Statement st=null;
ResultSet rs=null;
//HttpSession session = request.getSession(false);

try {
Class.forName(driver).newInstance();
conn=DriverManager.getConnection(url);
//conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/track","root","root");
//strQuery="select * from user where userID='"+user+"' and password='"+pass+"'";
strQuery="select userID,password from user";
System.out.println(strQuery);

st = conn.createStatement();
//rs=st.executeQuery("select * from user where userID='"+user+"' and password='"+pass+"'");
rs = st.executeQuery(strQuery);

int count=0;
while(rs.next())
{
//session.setAttribute("user",rs.getString(1));
//session.setAttribute("pass",rs.getString(2));
username=rs.getString("userID");
password=rs.getString("password");
//count++;
}
rs.close();
st.close();

}

catch(Exception e)
{
e.printStackTrace();
}

String user=request.getParameter("user");
String pass=request.getParameter("pass");
if(username.equals(user)&& password.equals(pass))
{
//response.sendRedirect("Map2.jsp");
dispatcher = request.getRequestDispatcher("Second.jsp");
dispatcher.forward( request, response);
}
else
{

request.setAttribute("errorMessage", "Invalid username or password");
//out.println("Invlid Login/password");
dispatcher = request.getRequestDispatcher("Track.jsp");
dispatcher.forward( request, response);
//response.sendRedirect("error.html");

}

}

}
Any help and suggestions would be appreciated.
Vijay Tidake
Ranch Hand

Joined: Nov 04, 2008
Posts: 146

Hi keerthana kuruba,

The error lies in your query.

strQuery="select userID,password from user";

Above query selects all records in "user" table and again you are iterating over the whole Recordset,thus username and password
gets the latest/last record value.

I have modified your code little bit,try it.Hope it will work.



Thanks


The important thing is not to stop questioning.Curiosity has its own reason for existing.
Sudheer Bhat
Ranch Hand

Joined: Feb 22, 2011
Posts: 75
Small correction to the modified code:
The code is vulnerable to SQL Injection since you are using literals in your SQL (using statement). Use prepared statement and then set the values for the username and password(so that you will be binding the user name).
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: user authentication servlet problem
 
Similar Threads
datas storing twice from servlet to mysql database
unable to forward using jsp:forward
no error message display for invalid user and password authentication
Help with this code!
To show the Error message at the login.jsp page using servlet