aspose file tools*
The moose likes JDBC and the fly likes login check while password is encrypted in db. Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "login check while password is encrypted in db." Watch "login check while password is encrypted in db." New topic
Author

login check while password is encrypted in db.

Omkar G. Deshmukh
Ranch Hand

Joined: Sep 21, 2012
Posts: 41
i have one login form that checks user authentication but password is encrypted in db then how do i write a code to check this login . i am using jsp technology.
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30758
    
156

You run the encryption function against the password the user entered. If the encrypted password that comes from that function matches the encrypted password stored in the database, the user is allowed in.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Omkar G. Deshmukh
Ranch Hand

Joined: Sep 21, 2012
Posts: 41
ok i wil try this....
Omkar G. Deshmukh
Ranch Hand

Joined: Sep 21, 2012
Posts: 41
i tried this but not got expected output.. i wrote
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
What happens, and how does that differ from what you were expecting?

Note that something encrypted is not text, but binary data. That means you can't use "new String(byte[])", you need to use "new String(byte[], String)".

catch(Exception e){}

Never do this. You *must* handle exceptions, at least print the error message someplace where you'll see it (ike a log file). Otherwise, how will you know what goes wrong?

Also note that your code is susceptible to SQL injection attacks; you should use a PreparedStatement for the query.


Ping & DNS - my free Android networking tools app
Omkar G. Deshmukh
Ranch Hand

Joined: Sep 21, 2012
Posts: 41
sir actually i am getting output .. every time that login failed.jsp file gets executed even when both login id and pwd are same.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
You can print out the SQL query from the JSP, and run it by hand against the DB to make sure it returns what you think it returns.
Omkar G. Deshmukh
Ranch Hand

Joined: Sep 21, 2012
Posts: 41
ok sir
Omkar G. Deshmukh
Ranch Hand

Joined: Sep 21, 2012
Posts: 41
problem while upating the record


<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*"%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>

<%
String a=request.getParameter("reg_id");
String b=request.getParameter("fnm");
String c=request.getParameter("lnm");
String d=request.getParameter("day");
String e=request.getParameter("month");
String f=request.getParameter("yr");
String g=request.getParameter("pc_num");
String h=request.getParameter("e_degree");
String i=request.getParameter("yr_comp");
String j=request.getParameter("exp");
String k=request.getParameter("cc_nm");
String l=request.getParameter("pc_nm");
String m=request.getParameter("cc_pos");
String n=request.getParameter("bond");
String o=request.getParameter("cc_pack");
String p=request.getParameter("doj_day");
String q=request.getParameter("doj_month");
String r=request.getParameter("doj_yr");
String s=request.getParameter("e_phn");
String t=request.getParameter("e_email");
String u=request.getParameter("add");
String v=request.getParameter("pin");
String w=request.getParameter("city");
String x=request.getParameter("state");
String y=request.getParameter("country");

if(a=="" || b=="" || c=="" || d=="" || e=="" || f=="" || g=="" || h=="" || j=="" || j=="" || k=="" || l=="" || m=="" || n=="" || o=="" || p=="" || q=="" || r=="" || s=="" || t=="" || u=="" || v=="" || w=="" || x=="" || y=="")
{ %>
<jsp:forward page="compupdate.jsp">
<jsp:param name="msg1" value="incomplet record"/>
</jsp:forward>

<% }

Connection con=null;
PreparedStatement pst=null;
Statement smt=null;
ResultSet rs=null;


try
{


Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con = DriverManager.getConnection("jdbcdbc:MyNewProjectDsn");
smt= con.createStatement();
rs= smt.executeQuery("select Reg_id from compadd where Reg_id='"+a+"'");


if(rs.next())
{



pst=con.prepareStatement("update compadd set Reg_id=?,fe_name=?,le_name=?,birth_date=?,birth_month=?,birth_yr=?,e_pan=?,e_quli=?,e_yrcom=?,e_exp=?,e_cc=?,e_pc=?,e_cp=?,e_bond=?,e_pack=?,e_jd=?,e_jm=?,e_jy=?,e_phn=?,e_email=?,e_add=?,e_pin=?,e_city=?,e_state=?,e_country=? where Reg_id=?");

pst.setString(1,a);
pst.setString(2,b);
pst.setString(3,c);
pst.setString(4,d);
pst.setString(5,e);
pst.setString(6,f);
pst.setString(7,g);
pst.setString(8,h);
pst.setString(9,i);
pst.setString(10,j);
pst.setString(11,k);
pst.setString(12,l);
pst.setString(13,m);
pst.setString(14,n);
pst.setString(15,o);
pst.setString(16,p);
pst.setString(17,q);
pst.setString(18,r);
pst.setString(19,s);
pst.setString(20,t);
pst.setString(21,u);
pst.setString(22,v);
pst.setString(23,w);
pst.setString(24,x);
pst.setString(25,y);
pst.setString(26,a);


int data= pst.executeUpdate();


}
else
{%>
<jsp:forward page="compupdate.jsp">
<jsp:param name="msg2" value="cant update"></jsp:param>
</jsp:forward>
<% }
}

catch (Exception exc) {
out.println(exc);
exc.getMessage();
}


finally
{
con.close();
smt.close();
pst.close();
smt.close();

}


%>

</body>
</html>
=========================================
getting error

java.sql.SQLException: [Microsoft][ODBC SQL Server Driver]Connection is busy with results for another hstmt
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30758
    
156

First, if(a=="" ) is not valid Java. Strings need to be compared with equals() rather than ==.

For your problem, it looks like you are using the same statement variable for two different things.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: login check while password is encrypted in db.