• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Junilu Lacar
  • Martin Vashko
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Scott Selikoff
  • salvin francis
  • Piet Souris

Forgot Password returns null mail while entering in the textarea.

 
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

c cannot be resolved

What should i Initialize for c?
 
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
OOPS sorry its

 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
yes. That works. :) While taking to reset password page, i kept two fields for entering new password and confirm password. I am trying to update the password in the first table. So should i keep the email field too to check the entered mail and db mail same then update password?
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You will need to email id to update the matching record.  But ideally you should not ask him/her to enter the email id again, because he has already clicked on the reset link, so when you are validating against the token id you can keep the email id in session/request attribute depending upon the scenario and use that to update.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So it is like I should keep their mail id constant in the reset_password page, so that the user have only to fill the reset password fields?
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Means I should keep static text in emailid field. Right
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I didn't understand what exactly you mean by constant.  As much as I know you can use session variables.  You can keep the email id in session attribute and retrieve from session while you update.
 
Master Rancher
Posts: 4370
47
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Again, returning 0 will result in a major security hole should an exception occur when calling the database to find the token and timestamp.

What it should do is up to you, but presumably you don't want to allow any random user to set a password just because your database burped.

You also have to log that exception somewhere, otherwise how will you ever know if there's been a problem with the database.

I suggest you take a step back from the code and try and figure out how you want this to work.
At the moment you are hitting issues and throwing code at the page in the hopes it'll all work.

Figure out how it's supposed to work first, preferably as some form of unit tests, that way you will have a better idea if you've actually fulfilled your requirements.
Anything else and you are likely to end up with some nasty bugs that are hard to fix.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
As you told I added the code Its returning null value in the textbox.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You are retrieve it from session but before redirecting to this page did you save the email id to session?
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Means while validating the link i should save the mail-id here?  As here only page redirection is happening
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes you should save the email id to session just before forwarding.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
In password Dao i added the above code. Here itself it is returning null.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It will return null, because in the link that you sent has only tokenid.   There are two ways either send the emailid too along with tokenid when you are sending the reset link in mail or option 2 once you retrieve the tokenid fetch the email id from database.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Post the latest PasswordUpdateServlet code once and that byTokenId method of PassworDAO.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
PasswordUpdateservlet code


PasswordDao code

 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
//Add this method to PasswordDAO


 
Dave Tolls
Master Rancher
Posts: 4370
47
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am clearly just talking to the wind here, as the bug I have highlighted is still there.

Oh well, I hope this isn't for anything important.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What security hole does it lead to when the method returns 0?  Would you mind putting some more insight into this, and how is a random user resetting the password?  Okay I understood what you were trying to say.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
instead of , I hope I am correct this time.
 
Dave Tolls
Master Rancher
Posts: 4370
47
  • Likes 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
And the SQL statement.

And (though this is not security as such, but best practice) not logging the exception.

Really, take a step back and think.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Updating in database, As we retrieved the mailid in textbox, here the email id is printing null.

String email = resetPwdBean.getEmail();
System.out.println("Hai"+email);



 
Sheriff
Posts: 24743
59
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Gayathri Gayu wrote:Updating in database, As we retrieved the mailid in textbox, here the email id is printing null.

String email = resetPwdBean.getEmail();
System.out.println("Hai"+email);



Okay. So why is it null?

Hint: None of the code you just posted has anything to do with the answer to that question.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Its not retrieving from the textbox. So it is returning null. I guess
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


Do you get the value here, or is it showing null here?
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I gave the value in resetpassword.jsp file
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sounds good, and probably from here you are invoking a servlet?  Show the servlet code.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
servlet code for your reference.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
 //Does it print the value here?
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes the mail id getting printed there.
 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


As per your code you are only setting the password in ResetPwdBean, I didn't see any call to set the email value in ResetPwdBean.  Look carefully into your code.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
YEs I didn't set my email there now it works. Please tell me whwther the query is correct? Because executing the query returns

UPDATE into Users(password) values (** NOT SPECIFIED **)

 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


 
Swastik Dey
Master Rancher
Posts: 2249
20
Android Java ME Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So did it work?
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry for the delay. Just now going to run the application. I will let you know the output soon.
 
Gayathri Gayu
Ranch Foreman
Posts: 316
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That works. Thanks for the help. :)
 
Paul Clapham
Sheriff
Posts: 24743
59
Eclipse IDE Firefox Browser MySQL Database
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Swastik Dey wrote:



Better still, just declare the statement variable as type PreparedStatement in the first place.
 
mooooooo ..... tiny ad ....
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!