• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

login check while password is encrypted in db.

 
Omkar G. Deshmukh
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have one login form that checks user authentication but password is encrypted in db then how do i write a code to check this login . i am using jsp technology.
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34686
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You run the encryption function against the password the user entered. If the encrypted password that comes from that function matches the encrypted password stored in the database, the user is allowed in.
 
Omkar G. Deshmukh
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok i wil try this....
 
Omkar G. Deshmukh
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i tried this but not got expected output.. i wrote
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What happens, and how does that differ from what you were expecting?

Note that something encrypted is not text, but binary data. That means you can't use "new String(byte[])", you need to use "new String(byte[], String)".

catch(Exception e){}

Never do this. You *must* handle exceptions, at least print the error message someplace where you'll see it (ike a log file). Otherwise, how will you know what goes wrong?

Also note that your code is susceptible to SQL injection attacks; you should use a PreparedStatement for the query.
 
Omkar G. Deshmukh
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sir actually i am getting output .. every time that login failed.jsp file gets executed even when both login id and pwd are same.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can print out the SQL query from the JSP, and run it by hand against the DB to make sure it returns what you think it returns.
 
Omkar G. Deshmukh
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok sir
 
Omkar G. Deshmukh
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
problem while upating the record


<%@page contentType="text/html"%>
<%@page pageEncoding="UTF-8"%>
<%@page import="java.sql.*"%>


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>JSP Page</title>
</head>
<body>

<%
String a=request.getParameter("reg_id");
String b=request.getParameter("fnm");
String c=request.getParameter("lnm");
String d=request.getParameter("day");
String e=request.getParameter("month");
String f=request.getParameter("yr");
String g=request.getParameter("pc_num");
String h=request.getParameter("e_degree");
String i=request.getParameter("yr_comp");
String j=request.getParameter("exp");
String k=request.getParameter("cc_nm");
String l=request.getParameter("pc_nm");
String m=request.getParameter("cc_pos");
String n=request.getParameter("bond");
String o=request.getParameter("cc_pack");
String p=request.getParameter("doj_day");
String q=request.getParameter("doj_month");
String r=request.getParameter("doj_yr");
String s=request.getParameter("e_phn");
String t=request.getParameter("e_email");
String u=request.getParameter("add");
String v=request.getParameter("pin");
String w=request.getParameter("city");
String x=request.getParameter("state");
String y=request.getParameter("country");

if(a=="" || b=="" || c=="" || d=="" || e=="" || f=="" || g=="" || h=="" || j=="" || j=="" || k=="" || l=="" || m=="" || n=="" || o=="" || p=="" || q=="" || r=="" || s=="" || t=="" || u=="" || v=="" || w=="" || x=="" || y=="")
{ %>
<jsp:forward page="compupdate.jsp">
<jsp:param name="msg1" value="incomplet record"/>
</jsp:forward>

<% }

Connection con=null;
PreparedStatement pst=null;
Statement smt=null;
ResultSet rs=null;


try
{


Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
con = DriverManager.getConnection("jdbcdbc:MyNewProjectDsn");
smt= con.createStatement();
rs= smt.executeQuery("select Reg_id from compadd where Reg_id='"+a+"'");


if(rs.next())
{



pst=con.prepareStatement("update compadd set Reg_id=?,fe_name=?,le_name=?,birth_date=?,birth_month=?,birth_yr=?,e_pan=?,e_quli=?,e_yrcom=?,e_exp=?,e_cc=?,e_pc=?,e_cp=?,e_bond=?,e_pack=?,e_jd=?,e_jm=?,e_jy=?,e_phn=?,e_email=?,e_add=?,e_pin=?,e_city=?,e_state=?,e_country=? where Reg_id=?");

pst.setString(1,a);
pst.setString(2,b);
pst.setString(3,c);
pst.setString(4,d);
pst.setString(5,e);
pst.setString(6,f);
pst.setString(7,g);
pst.setString(8,h);
pst.setString(9,i);
pst.setString(10,j);
pst.setString(11,k);
pst.setString(12,l);
pst.setString(13,m);
pst.setString(14,n);
pst.setString(15,o);
pst.setString(16,p);
pst.setString(17,q);
pst.setString(18,r);
pst.setString(19,s);
pst.setString(20,t);
pst.setString(21,u);
pst.setString(22,v);
pst.setString(23,w);
pst.setString(24,x);
pst.setString(25,y);
pst.setString(26,a);


int data= pst.executeUpdate();


}
else
{%>
<jsp:forward page="compupdate.jsp">
<jsp:param name="msg2" value="cant update"></jsp:param>
</jsp:forward>
<% }
}

catch (Exception exc) {
out.println(exc);
exc.getMessage();
}


finally
{
con.close();
smt.close();
pst.close();
smt.close();

}


%>

</body>
</html>
=========================================
getting error

java.sql.SQLException: [Microsoft][ODBC SQL Server Driver]Connection is busy with results for another hstmt
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 34686
367
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
First, if(a=="" ) is not valid Java. Strings need to be compared with equals() rather than ==.

For your problem, it looks like you are using the same statement variable for two different things.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic