Validate userid and password

Hi

I need to validate my user-id and password with servlet and jsp concept , iam using MySQL database.

Iam new to development field, please anyone help me to do validation with example and explanation.

Thanks in advance.

// This is the action for checking your user name and password with db value

public ActionForward verification(ActionMapping mapping, ActionForm form,HttpServletRequest request, HttpServletResponse response)
throws Exception {

ActionForward forward = new ActionForward();
LoginactionForm loginactionForm = (LoginactionForm) form;
try
{

//Database connection

Class.forName("com.mysql.jdbc.Driver");
Connection con=DriverManager.getConnection("jdbc:mysql://localhost:3306/carrent","DB_USERNAME","DB_PASSWORD");
String sql="select * from login";
Statement st=con.createStatement();
ResultSet rs=null;
rs=st.executeQuery(sql);
String username=loginactionForm.getUsername();
String password=loginactionForm.getPassword();

while(rs.next()){

if((username.equals(rs.getString(1))) && (password.equals(rs.getString(2)))){

forward = mapping.findForward("success");
break;
}
else{

forward = mapping.findForward("failure");

}

}
rs.close();
}
catch(Exception e)
{
System.out.println("exception part");
e.printStackTrace();
}
return forward;
}

JSP FOR LOGIN

<%@ page language="java"%>
<%@ taglib uri="http://jakarta.apache.org/struts/tags-bean" prefix="bean"%>
<%@ taglib uri="http://jakarta.apache.org/struts/tags-html" prefix="html"%>
<%@ taglib uri="http://jakarta.apache.org/struts/tags-logic" prefix="logic" %>
<html>
<head>
<title></title>
</head>
<script type="text/javascript">
function check(target){
if(target==0)document.login.action="dataentry.do?method=verification&reqid=entry";
}
</script>
<body>
<FORM METHOD="post" NAME="login" action="">

username<html:text property="username" name="LoginactionForm"></html:text>

Password<html:password property="password" name="LoginactionForm"></html:password>

package action.form; // Add the path of the package means where LoginactionForm saved
import org.apache.struts.action.ActionForm;

public class LoginactionForm extends ActionForm {

private String username;
private String password;

public String getUsername() {
return username;
}

public void setUsername(String username) {
this.username = username;

}

public String getPassword() {
return password;
}

public void setPassword(String password) {
this.password = password;
}

That solution is incredibly inefficient. Simply select the one record that matches the entered username and password. There's no need to loop through any records.

Can't help you with the Java/MySQL specific stuff, but the logic of your SQL should check that the input user/password values match the ones in the database i.e. something like SELECT 1 FROM users WHERE user_name = :input_user AND password = :input_password. You also need to allow for encrypted passwords in the database e.g. MD5. If the SQL returns a row, then you know the details match. If not, then you know the user/password combination is wrong.

You should not just fetch all the users into your Java code and compare them. As Bear says, this is inefficient, and it is also insecure: you should not be looking at any other users here. If you code your SQL to check the username and password within the WHERE clause, then you do not need to fetch the stored password at all.

sarath j nair wrote:// This is the action for checking your user name and password with db value

I sure hope not. Passwords should never be stored in cleartext in the DB; they should be hashed using an algorithm like SHA-2.