• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

My login application accepts any and all username/passwords.

 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm working on a login that verifies the username/password against a Oracle database via a jdbc connection. I have a page that the application forwards to when the login entered is correct and a page that it forwards to when the login is incorrect. Problem is no matter what username/password that is put in it forwards to the correct login page.

Any help is greatly appreciated. Here is my code:


My login form index.jsp


Correct login page userLogged.jsp


Incorrect login page invalidLogin.jsp


LoginServlet.java


UserDAO.java


UserBean.java


ConnectionManager.java
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The UserDAO class is missing an else in a crucial spot.
 
John Piper
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:The UserDAO class is missing an else in a crucial spot.



You sir are a gentleman and a scholar. Thank you! That finally fixed it.
 
Greenhorn
Posts: 10
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Why dont you use PreparedStatement and get rid of all these ' ?
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Why dont you use PreparedStatement and get rid of all these ' ?


Indeed you should. As it is, the code is wide open to SQL injection attacks.
 
Bartender
Posts: 2407
36
Scala Python Oracle Postgres Database Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:As it is, the code is wide open to SQL injection attacks.



Also, do you really want to pass your password around as clear text? Just a thought....
 
Anything worth doing well is worth doing poorly first. Just look at this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic