jsp login not working

Question

TheQuad

12 Years Ago

got a problem with a login page, my code doesn't seem to seperate each users details from the database. Here is my code: any suggestions?

<%@page import="java.sql.*"%>
<%@page contentType="text/html"%>
<%
    String loginMessage = "";
    String un = "";
    String pw = "";

    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    Connection cn = DriverManager.getConnection("jdbc:odbc:RentalDB", "", "");
    Statement st = cn.createStatement();
    ResultSet r = st.executeQuery("SELECT * FROM Member");

    if (request.getParameter("btnLogon") != null) {

        while (r.next()) {
            un += r.getString("Email");
            pw += r.getString("Password");

            if ((request.getParameter("txtUsername").equals(un)) && (request.getParameter("txtPassword").equals(pw))) {
                session.setAttribute("Logon", "OK");
                response.sendRedirect("Menu Page.jsp");
                loginMessage = "well done";

            } else {
                loginMessage = "Login details incorrect";
                session.setAttribute("Logon", "NOT_OK");
            }
        }
    }

    cn.close();

%>

<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login Page</title>
    </head>
    <body>
        <form method ="post">
            <center>
                <p> Please Log on: <br /></p>
                Username: <input name="txtUsername" type="text" /> Password: <input name="txtPassword" type="password" /> <br/>

                <p><input name="btnLogon" type="submit" value="Logon" /> <br/>  </p>
                <p><%=loginMessage%></p>
                <p><%=un%> </p>
            </center>
        </form>
    </body>
</html>

java-jsp

6 Contributors
7 Replies
288 Views
1 Week Discussion Span
Latest Post 12 Years Ago Latest Post by jaikiran_cool

kvprajapati 1,826 Posting Genius

12 Years Ago

As an aside, one thing worth noting is that you must have to avoid Java code in JSP-Files. Your Java code must be placed into Servlet and other model classes to handle and process the request. In JSP files, you may use EL (Expression Language) and JSTL . The standard tag library JSTL can do most of the common things that you need scriplets for.

Have a look at good post - How to avoid Java Code in JSP-Files?

In code-snippet, you may add WHERE clause to the SELECT statement :

String username=request.getParameter("txtUsername");
String password=request.getParameter("txtPassword");

Connection cn = DriverManager.getConnection("jdbc:odbc:RentalDB", "", "");
String sql="SELECT * from Member where Email=? and Password=?";
PreparedStatement st = cn.prepareStatement(sql);
st.setString(1,username);
st.setString(2,password);

ResultSet r = st.executeQuery();

if(r.next())
{
   //
}

Edited 12 Years Ago by kvprajapati because: added code

anand01 0 Junior Poster

12 Years Ago

read this tutorial...... click

Edited 12 Years Ago by anand01 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

TheQuad · Answer 1 · 2011-12-09T03:05:18+00:00

Thanks, I'll give that a go and hope that it works, the email and password from the login fields need to match the users within the DB, will what you've suggested work for this?

markdixon 0 Newbie Poster · Answer 2 · 2011-12-12T20:36:26+00:00

Dan Quadrozzi,

Do you think I don't monitor java forums? This could/will be classed as plagiarism if I find any of these suggestions in yours or any of your collegues code. You may want to warn other class mates of this. I can see that this is the second time now.

Regards,

Mark

anand01 0 Junior Poster · Answer 3 · 2011-12-13T20:02:08+00:00

anand01 0 Junior Poster

12 Years Ago

dear TheQuad,

Do ensure the content you post should Legal

Edited 12 Years Ago by anand01 because: n/a

peter_budo 2,532 Code tags enforcer Team Colleague Featured Poster · Answer 4 · 2011-12-14T13:56:23+00:00

Dan Quadrozzi,
Do you think I don't monitor java forums? This could/will be classed as plagiarism if I find any of these suggestions in yours or any of your collegues code. You may want to warn other class mates of this. I can see that this is the second time now.
Regards,
Mark

@markdixon
Option A) Possible prank from fellow student that just now discovered there are site where people can advice, then you pathetic.
Option B) It is "the" teacher, but then I would be ashamed because why would one teach people DB connectivity from JSP which is bad thing to do. You should look back and reconsider your teaching curriculum, because you are wasting people time and teaching 10 years old techniques that are unwelcome

@TheQuad if you do not copy and paste solution, but based on provided examples workout your own solution you win. Follow also advice provided by adatapost

jaikiran_cool -6 Newbie Poster · Answer 5 · 2011-12-20T11:18:39+00:00

You try to retrieve the values from the html first and then supply them to the query string and then check whether the email matches with the password or not.Try replacing it as below.............

<%@page import="java.sql.*"%>
<%@page contentType="text/html"%>
<%
    String loginMessage = "";
    String un = "";
    String pw = "";
    String username = "";
    username=request.getParameter("txtUsername");
    String password = "";
    password=request.getParameter("txtPassword");
    Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
    Connection cn = DriverManager.getConnection("jdbc:odbc:RentalDB", "", "");
    Statement st = cn.createStatement();
    ResultSet r = st.executeQuery("SELECT Password FROM Member where email='"+username+"'");
 
    if (request.getParameter("btnLogon") != null) {
 while (r.next()) {
            pw += r.getString("Password");
 
            if (password.equals(pw))) {
                session.setAttribute("Logon", "OK");
                response.sendRedirect("Menu Page.jsp");
                loginMessage = "well done";
 
            } else {
                loginMessage = "Login details incorrect";
                session.setAttribute("Logon", "NOT_OK");
            }
        }
    }
 
    cn.close();
 
%>
 
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login Page</title>
    </head>
    <body>
        <form method ="post">
            <center>
                <p> Please Log on: <br /></p>
                Username: <input name="txtUsername" type="text" /> Password: <input name="txtPassword" type="password" /> <br/>
 
                <p><input name="btnLogon" type="submit" value="Logon" /> <br/>  </p>
                <p><%=loginMessage%></p>
                <p><%=un%> </p>
            </center>
        </form>
    </body>
</html>

DB connection with use of scriplets, the worst thing you can do these day. You better get your self up to date!