|
-
December 21st, 2002, 11:50 AM
#1
validate user and password problem
hi,
i already success buil the connection with my user info. but the peoblem is, when i enter the correct user name and the wrong password, it's still work. Below is the coding for the validate username and password that had benn done, please check for me what's wrong with the coding. Thanks.
-----------------------------------------------------------------------------------
void jButton1_actionPerformed(ActionEvent e) {
String userid = jTextField1.getText();
System.out.println( "User ID is : " + userid);
try
{
connection = getDBConnection();
String query = "SELECT * FROM UserInfo WHERE UserID='" + userid + "'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery( query );
//displayResultSet ( resultSet );
resultSet.next();
String dbUserID = resultSet.getString("UserID");
if (dbUserID != null)
{
String dbUserPasswd = resultSet.getString("Password");
/* if(passwd equals with db password or not)
call to DataMining page
else
invalid password*/
System.out.println("dbUserID: " + dbUserID);
System.out.println("dbUserPasswd: " + dbUserPasswd);
}
else
{
System.out.println("dbUserID is null");
}
statement.close();
connection.close();
}
catch(SQLException sqlex)
{
System.out.println("DB Connection failed: " + sqlex);
//throw new SQLException("DB Connection failed");
}
 
-
December 21st, 2002, 01:43 PM
#2
Well the code you posted doesn't actually do any validation, it just gets a user record from the database by the user ID and then prints out the user ID and password from the database record. There's no code for doing anything with a password you type in... 
Or is this just a joke?
Please use [CODE]...your code here...[/CODE] tags when posting code. If you get an error, please post the full error message and stack trace, if present.
-
December 23rd, 2002, 04:09 PM
#3
Hi
I agree with Dave, you should compare the user input ie userID and password with
rs.getString("userID") and rs.getString("password") if there is a match then the user is a valide user else he/she is an invalid user....
Code:
void jButton1_actionPerformed(ActionEvent e) {
String userid = jTextField1.getText();
String password = jTextField2.getText();
//userid & password not null
try
{
connection = getDBConnection();
String query = "SELECT * FROM UserInfo
WHERE UserID='" + userid + "'" + " AND dbUserPasswd = '" + password +"'";
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery( query );
while (resultSet.next()) {
if ( userid== resultSet.getString("UserID") && password==resultSet.getString("dbUserPasswd")) {
// The user is a valid user, there should be one record found Iguess ??
}else{
// the user is not a valid user
}
}
System.out.println("dbUserID: " + dbUserID);
System.out.println("dbUserPasswd: " + dbUserPasswd);
}
statement.close();
connection.close();
}
catch(SQLException sqlex)
{
System.out.println("DB Connection failed: " + sqlex);
//throw new SQLException("DB Connection failed");
}
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
