• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

Login JSP if condition and redirecting issue

 
Greenhorn
Posts: 7
Tomcat Server Chrome Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Heyya fellas!
I'm trying to do a basic (no strict rules set yet ) jsp login authentication page, I applied my logic and wrote a code, i think i problem is in "IF Condition" and i'm not sure which is the redirection method.
The setup is like this, there is a .accdb name Userlog, from which the program accesses the username and password, if true then redirects to Admin.html!
Here the code

---------------------Html code--------------------------------------


---------------------Jsp code--------------------------------------------


Helpppp pleaseeee...!!!
 
Marshal
Posts: 67449
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Step 1: Change your form to submit its values to a servlet, not a JSP.
Step 2: Replace the JSP that's the target of the form action with a servlet. JSPs should never be used for processing, just for creating views. And Java code should never appear in a modern JSP.

Once you've done that we can take it from there.
 
Tuhin Bagh
Greenhorn
Posts: 7
Tomcat Server Chrome Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Step 1: Change your form to submit its values to a servlet, not a JSP.
Step 2: Replace the JSP that's the target of the form action with a servlet. JSPs should never be used for processing, just for creating views. And Java code should never appear in a modern JSP.

Once you've done that we can take it from there.


Sir i knew that java shouldn't be used ..!! but my college project should be totally in jsp n html :(
thought the above code was my logic, but if i use servelet , my marks will get deducted
 
Bear Bibeault
Marshal
Posts: 67449
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Gotta love a course that ingrains bad habits.
 
Sheriff
Posts: 21997
107
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should use a PreparedStatement and put the username in the where clause*. That will return only zero or one results. If it's zero, login has failed. If it's one, you check the password.

It seems as if you store your passwords in plain text in the database. You really shouldn't, it's quite insecure. Everybody who can read your database can read all passwords. You should instead hash the passwords when storing them in the database, then hash the provided password and compare the hashes.

* The PreparedStatement can help you prevent SQL injection.
 
Tuhin Bagh
Greenhorn
Posts: 7
Tomcat Server Chrome Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
:@ damm yeah Bear i agree..!!!
Rob :| i had seen those 1 and 0 condition codes, in many examples! can you please gimme the code! i'll be really thankful..!!
 
Rob Spoor
Sheriff
Posts: 21997
107
Eclipse IDE Spring VI Editor Chrome Java Ubuntu Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You know how to add a where clause to your query, right? After that, all you need to do is change your while into an [t]if[/tt]. If it returns true, there is one result. Otherwise there are no results, and the user account simply does not exist.
 
    Bookmark Topic Watch Topic
  • New Topic