File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes Validate userid and password Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "Validate userid and password" Watch "Validate userid and password" New topic
Author

Validate userid and password

P Arunkumar
Ranch Hand

Joined: Jan 05, 2012
Posts: 119
Hi


I need to validate my user-id and password with servlet and jsp concept , iam using MySQL database.

Iam new to development field, please anyone help me to do validation with example and explanation.


Thanks in advance.
sarath j nair
Greenhorn

Joined: Nov 10, 2011
Posts: 11

// This is the action for checking your user name and password with db value

public ActionForward verification(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response)
throws Exception {

ActionForward forward = new ActionForward();
LoginactionForm loginactionForm = (LoginactionForm) form;
try
{

//Database connection

Class.forName("com.mysql.jdbc.Driver");
Connection con=DriverManager.getConnection("jdbc:mysql://localhost:3306/carrent","DB_USERNAME","DB_PASSWORD");
String sql="select * from login";
Statement st=con.createStatement();
ResultSet rs=null;
rs=st.executeQuery(sql);
String username=loginactionForm.getUsername();
String password=loginactionForm.getPassword();

while(rs.next()){

if((username.equals(rs.getString(1))) && (password.equals(rs.getString(2)))){


forward = mapping.findForward("success");
break;
}
else{

forward = mapping.findForward("failure");

}

}
rs.close();
}
catch(Exception e)
{
System.out.println("exception part");
e.printStackTrace();
}
return forward;
}
sarath j nair
Greenhorn

Joined: Nov 10, 2011
Posts: 11

JSP FOR LOGIN



<%@ page language="java"%>
<%@ taglib uri="http://jakarta.apache.org/struts/tags-bean" prefix="bean"%>
<%@ taglib uri="http://jakarta.apache.org/struts/tags-html" prefix="html"%>
<%@ taglib uri="http://jakarta.apache.org/struts/tags-logic" prefix="logic" %>
<html>
<head>
<title></title>
</head>
<script type="text/javascript">
function check(target){
if(target==0)document.login.action="dataentry.do?method=verification&reqid=entry";
}
</script>
<body>
<FORM METHOD="post" NAME="login" action="">
username<html:text property="username" name="LoginactionForm"></html:text>
Password<html:password property="password" name="LoginactionForm"></html:password>

<input type="submit" value="Submit" onclick="check(0);">
</form>
</body>
</html>
sarath j nair
Greenhorn

Joined: Nov 10, 2011
Posts: 11

package action.form; // Add the path of the package means where LoginactionForm saved
import org.apache.struts.action.ActionForm;

public class LoginactionForm extends ActionForm {


private String username;
private String password;


public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;

}

public String getPassword() {
return password;
}

public void setPassword(String password) {
this.password = password;
}
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61199
    
  66

That solution is incredibly inefficient. Simply select the one record that matches the entered username and password. There's no need to loop through any records.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
chris webster
Bartender

Joined: Mar 01, 2009
Posts: 1703
    
  14

Can't help you with the Java/MySQL specific stuff, but the logic of your SQL should check that the input user/password values match the ones in the database i.e. something like SELECT 1 FROM users WHERE user_name = :input_user AND password = :input_password. You also need to allow for encrypted passwords in the database e.g. MD5. If the SQL returns a row, then you know the details match. If not, then you know the user/password combination is wrong.

You should not just fetch all the users into your Java code and compare them. As Bear says, this is inefficient, and it is also insecure: you should not be looking at any other users here. If you code your SQL to check the username and password within the WHERE clause, then you do not need to fetch the stored password at all.


No more Blub for me, thank you, Vicar.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
sarath j nair wrote:// This is the action for checking your user name and password with db value

I sure hope not. Passwords should never be stored in cleartext in the DB; they should be hashed using an algorithm like SHA-2.
 
wood burning stoves
 
subject: Validate userid and password