sri,
I created two files
1.password.html
<html>
<head><title>password</title>
</head>
<body>
<form name="abc" action="pass.jsp" method="POST">
<input type="text" name="userid" size="25" value="">
<input type="password" name="pass" size="25" value="">
<input type="submit" name="tn1" value="Submit" >
<input type="reset" name="tn2" value="Reset">
</form>
</body>
</html>
and another
2.pass.jsp
< %@page contentType="text/html" pageEncoding="UTF-8"%>
<%@ page language ="java" %>
<%@ page import="java.sql.*, javax.sql.*,javax.naming.*,java.io.*,java.util.*" %>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>
JSP Page</title>
</head>
<body>
<%
String userid = request.getParameter("userid");
String password = request.getParameter("pass");
try
{
Connection connection = null;
Statement st = null;
ResultSet rs = null;
Class.forName("oracle.jdbc.driver.OracleDriver");
connection = DriverManager.getConnection("jdbc:Oracle:thin:@localhost:1522:xe","system","kis");
st = connection.createStatement();
rs = st.executeQuery("select username from password where username='" + userid + "' and password='" + password + "'");
out.println("Valid==" + rs);
if (rs.next())
{
String UserID = rs.getString("username");
out.println("Valid user=" + UserID);
%>
<jsp:forward page="/registration.jsp" />
}
else
{
out.println("Invalid user"); %>
<jsp:forward page="/invalid.jsp" />
<% } rs.close();
}
catch (Exception ex)
{
out.println(ex.getMessage());
out.println("Unable to connect to database."); } %>
</body>
</html>
Problem :
---------
In pass.jsp I used <jsp:forward page="/registration.jsp" /> to open another window when userid and password matchs with userid and password of database then only it opens another window registration.html . Problem is if user knows registraion.html directly ,he is not using password.html. without entering into password.html he is directly entering into registration.html.Above code is not perfectly authenticated He has to access it only after password.html i.e he should get permission from password.html to access registration.html.
Please help me to solve my problem.
[ July 21, 2008: Message edited by: kishore rowthu kumar ]
[ July 21, 2008: Message edited by: kishore rowthu kumar ]
[ July 21, 2008: Message edited by: kishore rowthu kumar ]