Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

user authentication servlet problem

 
keerthana kuruba
Greenhorn
Posts: 22
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Hi ,

i created one servlet for username and password validation.It works fine only for one user.If i create new user then i can able to login in with that new user only not with any another username and password(previous user).I doubt my servlet is not working properly.I will share my servlet code ...please check my code and rectify where i went wrong.Kindly suggest any ideas to work with all new username and password.As am novice in servlet concepts.After the user validation then only i can go further pages to develop.One more thing the else part is not working fine.If the user is not valis it will stay in that page but doesnt show the error message.Please help me.

seevlet code::
-----------------------------------------------------------------
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.*;
import java.util.*;

public class School extends HttpServlet{

public void service (HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException
{
response.setContentType("text/html");
PrintWriter out = response.getWriter();
RequestDispatcher dispatcher=null;
Connection conn = null;
String url = "jdbc:mysql://localhost:3306/track?user=root&password=root" ;
String driver = "com.mysql.jdbc.Driver";
String username=new String("");
String password=new String(" ");
//String user=request.getParameter("user");
//String pass=request.getParameter("pass");
String strQuery= "";
Statement st=null;
ResultSet rs=null;
//HttpSession session = request.getSession(false);

try {
Class.forName(driver).newInstance();
conn=DriverManager.getConnection(url);
//conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/track","root","root");
//strQuery="select * from user where userID='"+user+"' and password='"+pass+"'";
strQuery="select userID,password from user";
System.out.println(strQuery);

st = conn.createStatement();
//rs=st.executeQuery("select * from user where userID='"+user+"' and password='"+pass+"'");
rs = st.executeQuery(strQuery);

int count=0;
while(rs.next())
{
//session.setAttribute("user",rs.getString(1));
//session.setAttribute("pass",rs.getString(2));
username=rs.getString("userID");
password=rs.getString("password");
//count++;
}
rs.close();
st.close();

}

catch(Exception e)
{
e.printStackTrace();
}

String user=request.getParameter("user");
String pass=request.getParameter("pass");
if(username.equals(user)&& password.equals(pass))
{
//response.sendRedirect("Map2.jsp");
dispatcher = request.getRequestDispatcher("Second.jsp");
dispatcher.forward( request, response);
}
else
{

request.setAttribute("errorMessage", "Invalid username or password");
//out.println("Invlid Login/password");
dispatcher = request.getRequestDispatcher("Track.jsp");
dispatcher.forward( request, response);
//response.sendRedirect("error.html");

}

}

}
Any help and suggestions would be appreciated.
 
Vijay Tidake
Ranch Hand
Posts: 148
Hibernate Java Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi keerthana kuruba,

The error lies in your query.

strQuery="select userID,password from user";

Above query selects all records in "user" table and again you are iterating over the whole Recordset,thus username and password
gets the latest/last record value.

I have modified your code little bit,try it.Hope it will work.



Thanks
 
Sudheer Bhat
Ranch Hand
Posts: 75
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Small correction to the modified code:
The code is vulnerable to SQL Injection since you are using literals in your SQL (using statement). Use prepared statement and then set the values for the username and password(so that you will be binding the user name).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic