I am building a online community as my 4th year college project.
I am using Apache Tomcat as my server, and MySQL as my database server and JDBC as my database connection.
I am able to send the data entered in my registration form( in HTML) to MySQL using a JSP page called "Sign".
My database is called "project", and the table is called "form" containing "loginid" and "password" fields.
But the problem i am having is that i am not being able to validate the user i.e to see that the user account is there in my database or not!
But in my code only the first condition is being executed(i.e the "if" part only in the HTML section), please i would be very thankful if anyone helps me in modifying the code.
the code is:
<%@ page import="java.util.*" %>
<%@ page import="java.sql.*" %>
<%
String connectionURL = "jdbc:mysql://localhost:3306/project?user=root&password=fedora";
Connection connection = null;
Statement statement = null;
ResultSet rs = null;
String username = request.getParameter("loginid")!=null?request.getParameter("loginid"):"";
String pwrd = request.getParameter("password")!=null?request.getParameter("password"):"";
String redirect = "";
%>
<%Class.forName("com.mysql.jdbc.Driver").newInstance();
String loginid = "";
String password = "";
int count = 0;
try
{
connection = DriverManager.getConnection(connectionURL, "root", "fedora");
statement = connection.createStatement();
rs = statement.executeQuery("SELECT * FROM useraccounts WHERE loginid = '" + username + "' and password = '" + pwrd + "'");
while (rs.next()) {
loginid = rs.getString("username");
password = rs.getString("pwrd");
count++;
}
connection.close();
} catch (Exception ex)
{
ex.printStackTrace();
} finally
{
}
%>
<html>
<head>
<title> joencom </TITLE>
</head>
<body>
<%
if(!pwrd.equals(password)){
%>
<% out.println("1.You entered a wrong password! Please "); %>
<a href="Welcome2008.jsp">log-in again!</a>
<%} else if((username.equalsIgnoreCase(loginid)) && (pwrd.equalsIgnoreCase(password) && count>0)){%>
<jsp:forward page="profile.jsp"/>
<%}else if ((username.equals("")) || (pwrd.equals(""))){%>
<% out.println("Please input the required fields "); %>
<a href="Welcome2008.jsp">log-in again!</a>
<% }else if (!username.equals(loginid)){ %>
<% out.println("2.You have entered a wrong username! Please "); %>
<a href="Welcome2008.jsp">log-in again!</a>
<% } else{%>
<% out.println("Invalid user!"); %>
<a href="Welcome2008.jsp">log-in again!</a>
<% }%>
</body>
</html>
I am using Apache Tomcat as my server, and MySQL as my database server and JDBC as my database connection.
I am able to send the data entered in my registration form( in HTML) to MySQL using a JSP page called "Sign".
My database is called "project", and the table is called "form" containing "loginid" and "password" fields.
But the problem i am having is that i am not being able to validate the user i.e to see that the user account is there in my database or not!
But in my code only the first condition is being executed(i.e the "if" part only in the HTML section), please i would be very thankful if anyone helps me in modifying the code.
the code is:
<%@ page import="java.util.*" %>
<%@ page import="java.sql.*" %>
<%
String connectionURL = "jdbc:mysql://localhost:3306/project?user=root&password=fedora";
Connection connection = null;
Statement statement = null;
ResultSet rs = null;
String username = request.getParameter("loginid")!=null?request.getParameter("loginid"):"";
String pwrd = request.getParameter("password")!=null?request.getParameter("password"):"";
String redirect = "";
%>
<%Class.forName("com.mysql.jdbc.Driver").newInstance();
String loginid = "";
String password = "";
int count = 0;
try
{
connection = DriverManager.getConnection(connectionURL, "root", "fedora");
statement = connection.createStatement();
rs = statement.executeQuery("SELECT * FROM useraccounts WHERE loginid = '" + username + "' and password = '" + pwrd + "'");
while (rs.next()) {
loginid = rs.getString("username");
password = rs.getString("pwrd");
count++;
}
connection.close();
} catch (Exception ex)
{
ex.printStackTrace();
} finally
{
}
%>
<html>
<head>
<title> joencom </TITLE>
</head>
<body>
<%
if(!pwrd.equals(password)){
%>
<% out.println("1.You entered a wrong password! Please "); %>
<a href="Welcome2008.jsp">log-in again!</a>
<%} else if((username.equalsIgnoreCase(loginid)) && (pwrd.equalsIgnoreCase(password) && count>0)){%>
<jsp:forward page="profile.jsp"/>
<%}else if ((username.equals("")) || (pwrd.equals(""))){%>
<% out.println("Please input the required fields "); %>
<a href="Welcome2008.jsp">log-in again!</a>
<% }else if (!username.equals(loginid)){ %>
<% out.println("2.You have entered a wrong username! Please "); %>
<a href="Welcome2008.jsp">log-in again!</a>
<% } else{%>
<% out.println("Invalid user!"); %>
<a href="Welcome2008.jsp">log-in again!</a>
<% }%>
</body>
</html>