Member Avatar for TheQuad

got a problem with a login page, my code doesn't seem to seperate each users details from the database. Here is my code: any suggestions?

<%@page import="java.sql.*"%>
<%@page contentType="text/html"%>
<%
    String loginMessage = "";
    String un = "";
    String pw = "";

    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    Connection cn = DriverManager.getConnection("jdbc:odbc:RentalDB", "", "");
    Statement st = cn.createStatement();
    ResultSet r = st.executeQuery("SELECT * FROM Member");

    if (request.getParameter("btnLogon") != null) {

        while (r.next()) {
            un += r.getString("Email");
            pw += r.getString("Password");

            if ((request.getParameter("txtUsername").equals(un)) && (request.getParameter("txtPassword").equals(pw))) {
                session.setAttribute("Logon", "OK");
                response.sendRedirect("Menu Page.jsp");
                loginMessage = "well done";

            } else {
                loginMessage = "Login details incorrect";
                session.setAttribute("Logon", "NOT_OK");
            }
        }
    }

    cn.close();

%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login Page</title>
    </head>
    <body>
        <form method ="post">
            <center>
                <p> Please Log on: <br /></p>
                Username: <input name="txtUsername" type="text" /> Password: <input name="txtPassword" type="password" /> <br/>

                <p><input name="btnLogon" type="submit" value="Logon" /> <br/>  </p>
                <p><%=loginMessage%></p>
                <p><%=un%> </p>
            </center>
        </form>
    </body>
</html>

As an aside, one thing worth noting is that you must have to avoid Java code in JSP-Files. Your Java code must be placed into Servlet and other model classes to handle and process the request. In JSP files, you may use EL (Expression Language) and JSTL . The standard tag library JSTL can do most of the common things that you need scriplets for.

Have a look at good post - How to avoid Java Code in JSP-Files?

In code-snippet, you may add WHERE clause to the SELECT statement :

String username=request.getParameter("txtUsername");
String password=request.getParameter("txtPassword");

Connection cn = DriverManager.getConnection("jdbc:odbc:RentalDB", "", "");
String sql="SELECT * from Member where Email=? and Password=?";
PreparedStatement st = cn.prepareStatement(sql);
st.setString(1,username);
st.setString(2,password);

ResultSet r = st.executeQuery();

if(r.next())
{
   //
}
Member Avatar for TheQuad

Thanks, I'll give that a go and hope that it works, the email and password from the login fields need to match the users within the DB, will what you've suggested work for this?

read this tutorial...... click

Dan Quadrozzi,

Do you think I don't monitor java forums? This could/will be classed as plagiarism if I find any of these suggestions in yours or any of your collegues code. You may want to warn other class mates of this. I can see that this is the second time now.

Regards,

Mark

dear TheQuad,

Do ensure the content you post should Legal

Dan Quadrozzi,

Do you think I don't monitor java forums? This could/will be classed as plagiarism if I find any of these suggestions in yours or any of your collegues code. You may want to warn other class mates of this. I can see that this is the second time now.

Regards,

Mark

@markdixon
Option A) Possible prank from fellow student that just now discovered there are site where people can advice, then you pathetic.
Option B) It is "the" teacher, but then I would be ashamed because why would one teach people DB connectivity from JSP which is bad thing to do. You should look back and reconsider your teaching curriculum, because you are wasting people time and teaching 10 years old techniques that are unwelcome

@TheQuad if you do not copy and paste solution, but based on provided examples workout your own solution you win. Follow also advice provided by adatapost

You try to retrieve the values from the html first and then supply them to the query string and then check whether the email matches with the password or not.Try replacing it as below.............

<%@page import="java.sql.*"%>
<%@page contentType="text/html"%>
<%
    String loginMessage = "";
    String un = "";
    String pw = "";
    String username = "";
    username=request.getParameter("txtUsername");
    String password = "";
    password=request.getParameter("txtPassword");
    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    Connection cn = DriverManager.getConnection("jdbc:odbc:RentalDB", "", "");
    Statement st = cn.createStatement();
    ResultSet r = st.executeQuery("SELECT Password FROM Member where email='"+username+"'");
 
    if (request.getParameter("btnLogon") != null) {
 while (r.next()) {
            pw += r.getString("Password");
 
            if (password.equals(pw))) {
                session.setAttribute("Logon", "OK");
                response.sendRedirect("Menu Page.jsp");
                loginMessage = "well done";
 
            } else {
                loginMessage = "Login details incorrect";
                session.setAttribute("Logon", "NOT_OK");
            }
        }
    }
 
    cn.close();
 
%>
 
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login Page</title>
    </head>
    <body>
        <form method ="post">
            <center>
                <p> Please Log on: <br /></p>
                Username: <input name="txtUsername" type="text" /> Password: <input name="txtPassword" type="password" /> <br/>
 
                <p><input name="btnLogon" type="submit" value="Logon" /> <br/>  </p>
                <p><%=loginMessage%></p>
                <p><%=un%> </p>
            </center>
        </form>
    </body>
</html>
commented: DB connection with use of scriplets, the worst thing you can do these day. You better get your self up to date! -4
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.