validate user and password problem [Archive]

Click to See Complete Forum and Search --> : validate user and password problem

esluye

December 21st, 2002, 10:50 AM

hi,

i already success buil the connection with my user info. but the peoblem is, when i enter the correct user name and the wrong password, it's still work. Below is the coding for the validate username and password that had benn done, please check for me what's wrong with the coding. Thanks.

-----------------------------------------------------------------------------------

void jButton1_actionPerformed(ActionEvent e) {
String userid = jTextField1.getText();
System.out.println( "User ID is : " + userid);
try
{
connection = getDBConnection();
String query = "SELECT * FROM UserInfo WHERE UserID='" + userid + "'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery( query );
//displayResultSet ( resultSet );
resultSet.next();
String dbUserID = resultSet.getString("UserID");

if (dbUserID != null)
{
String dbUserPasswd = resultSet.getString("Password");

/* if(passwd equals with db password or not)
call to DataMining page
else
invalid password*/

System.out.println("dbUserID: " + dbUserID);
System.out.println("dbUserPasswd: " + dbUserPasswd);
}
else
{
System.out.println("dbUserID is null");
}
statement.close();
connection.close();
}
catch(SQLException sqlex)
{
System.out.println("DB Connection failed: " + sqlex);
//throw new SQLException("DB Connection failed");

}
:( :confused:

dlorde

December 21st, 2002, 12:43 PM

Well the code you posted doesn't actually do any validation, it just gets a user record from the database by the user ID and then prints out the user ID and password from the database record. There's no code for doing anything with a password you type in... :rolleyes:

Or is this just a joke?

sam_ccld

December 23rd, 2002, 03:09 PM

Hi
I agree with Dave, you should compare the user input ie userID and password with
rs.getString("userID") and rs.getString("password") if there is a match then the user is a valide user else he/she is an invalid user....

void jButton1_actionPerformed(ActionEvent e) {
String userid = jTextField1.getText();
String password = jTextField2.getText();

//userid & password not null
try
{
connection = getDBConnection();
String query = "SELECT * FROM UserInfo
WHERE UserID='" + userid + "'" + " AND dbUserPasswd = '" + password +"'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery( query );

while (resultSet.next()) {
if ( userid== resultSet.getString("UserID") && password==resultSet.getString("dbUserPasswd")) {
// The user is a valid user, there should be one record found Iguess ??
}else{
// the user is not a valid user

}

}

System.out.println("dbUserID: " + dbUserID);
System.out.println("dbUserPasswd: " + dbUserPasswd);
}

statement.close();
connection.close();
}
catch(SQLException sqlex)
{
System.out.println("DB Connection failed: " + sqlex);
//throw new SQLException("DB Connection failed");

}