JDBC validating username and password against SQL database

Hi People
I've got a problem: I need to create a database(SQL) to store username and passwords. I've made the database. Now I need to write a Login Screen(Java application) where users can input the username and password, the Java Application needs so verify that the username and password matches the respective entry in the database, if any.

This is what I've done:

import java.awt.*; import java.awt.event.*; import javax.swing.*; import java.sql.*; import javax.swing.AbstractButton; public class AdminFrame2 extends JFrame implements ActionListener, WindowListener, MouseListener { private OkButton Ok = new OkButton("Log In"); private MyButton Ca = new MyButton("Cancel"); private JTextField tf; private JTextField pf; private Container cp; private JLabel label = new JLabel("Enter USERNAME: "); private JLabel label1 = new JLabel("Enter PASSWORD: "); public AdminFrame2() { super("Administrator GUI"); setBounds(200, 200, 400, 250); setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); tf = new JTextField(10); pf = new JTextField(10); FlowLayout flow = new FlowLayout(); setLayout(flow); cp = getContentPane(); cp.add(label); cp.add(tf); cp.add(label1); cp.add(pf); cp.add(Ok); cp.add(Ca); tf.setHorizontalAlignment(SwingConstants.CENTER); pf.setHorizontalAlignment(SwingConstants.CENTER); Ok.addActionListener(this); Ca.addActionListener(this); setVisible(true); } String data = "jdbc:odbc:VideoStore"; public void windowActivated(WindowEvent e) {} public void windowClosed(WindowEvent e) {} public void windowDeactivated(WindowEvent e) {} public void windowDeiconified(WindowEvent e) {} public void windowIconified(WindowEvent e) {} public void windowOpened(WindowEvent e) {} public void windowClosing(WindowEvent e) {} public void mouseClicked(MouseEvent e) {} public void mouseReleased(MouseEvent e) {} public void mousePressed(MouseEvent e) {} class MyButton extends JButton { MouseListener m = new MouseAdapter() { public void mousePressed(MouseEvent e) { System.exit(0); } }; public MyButton(String label){ super(label); addMouseListener(m); } } class OkButton extends JButton { MouseListener m = new MouseAdapter() { public void mousePressed(MouseEvent e) { try { Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); Connection conn = DriverManager.getConnection(data, "", ""); Statement st = conn.createStatement(); ResultSet rec = st.executeQuery("SELECT users_name, users_password FROM USERS"); while (rec.next()) { String x = tf.getText(); String y = pf.getText(); if (x == rec.getString("users_name")) { if (y == rec.getString("users_password")) { System.out.println("Logged in!"); } else { System.out.println("Password did not match username!"); } } else { [color=red]System.out.println("Username did not match the database");[/color] } } st.close(); } catch(SQLException d) { System.out.println(e.toString()); } catch(ClassNotFoundException f) { System.out.println(e.toString()); } } }; public OkButton(String label){ super(label); addMouseListener(m); } } public void actionPerformed(ActionEvent e) { } public static void main(String[] args) { new AdminFrame2(); } public void mouseEntered(MouseEvent e) {} public void mouseExited(MouseEvent e) {} }


The errors I'm getting says that my "Username did not match the database" and I'm sure that it should because it is the correct username


the usernames and passwords entered in my database are as follows:
('JOHN','DOG12') ('SARAH','CAT36') ('PEET','ABCDE') ('VIV','98765') ('JOE','VWXYZ') ('RYNO','12345') ('DENE','10203') ('MIKE','A1B2C') ('HOME','ANY12') ('USER','YOU56')


Please tell me what I'm doing wrong
Thanks
Dene

Try with

if (x.equals(rec.getString("users_name"))) { if (y.equals(rec.getString("users_password")) {

== for object types compares reference not the value.

Purushothaman Thambu wrote:Try with

if (x.equals(rec.getString("users_name"))) { if (y.equals(rec.getString("users_password")) {

== for object types compares reference not the value.

Thank you Purushothaman is works great now, thank you for taking the time to help
Dene

If you are building a secure database you should not be keeping the actual password in your database.
The password should be kept as an encrypted value and when the
user enters their password it is encrypted with the same algorithm
and compared to the database value.

Agad

Agador Paloi wrote: If you are building a secure database you should not be keeping the actual password in your database.
The password should be kept as an encrypted value and when the
user enters their password it is encrypted with the same algorithm
and compared to the database value.

Agad

Hi Agad
It's sounds like the better thing to do, the problem is that i don't know how to do it. Is it something that I am supposed to do inside my SQL database or in my Java code?

In my Java code I have tried to change the password field to a JPasswordField but I get an error on this piece of code:
String y = pf.getPassword();

The message is: incompatible types found : char[ ] required: java.lang.String String y = pf.getPassword(); 1 error

Can you please tell me what I'm doing wrong and what I should do, or maybe a tutorial on how to fix it?

Thank you in advance
Dene

Dene,
If you look at the String class JavaDoc, there should be something about converting a char[] to a String. I think it's one of the constructors.

JPassword does not do any encryption, it just doesnt display the entered field
on the screen. You could use something like MessageDigest to create
an encrypted password :

public static byte[] getHashedPasswd(String in_password) { byte[] return_hashed_passwd = { '0', '0'} ; try { byte [] temp_bytes = in_password.getBytes("UTF-8"); MessageDigest mdigest = MessageDigest.getInstance("SHA-1"); return_hashed_passwd = mdigest.digest(temp_bytes); } catch ( UnsupportedEncodingException ue) { System.out.print(ue.getMessage()); } catch ( NoSuchAlgorithmException nsa) { System.out.print(nsa.getMessage()); } return return_hashed_passwd; }