Well, I can't supply you with any pre-debugged code, but I can make a few observations that may help.
1. There is a school of thought that says that passwords should NEVER be decryptable. It might seem counterintuitive, but if there's no way to decrypt the passwords, then anyone breaking into the password database can't harvest them. One-way encryption's sufficient so long as the same result occurs each time you encrypt, since to validate a password, you encrypt it. I like this little trick:
If the count comes back zero, the password (or userID) didn't match. The beautiful thing about this is that in this scenario, even the true encrypted password isn't exposed to normal logic - only the encrypted password under
test (I assume that there are no database buffers floating around in snoopable RAM, of course).
As far as the encryption process itself is concerned, the
Java cryptography package can be used for that. It's not part of the standard JDK's though, since export restrictions apply.