Check username and password with MySQL

Question

I am trying to verify username and password with MySQL. But it's not working. I can't find the problem. Can anybody help me fix it?

private void jButton2ActionPerformed(java.awt.event.ActionEvent evt) {                            
    String user = jTextField1.getText();
    char[] pass = jPasswordField1.getPassword();

    try
    {
        Class.forName("com.mysql.jdbc.Driver");
        con = DriverManager.getConnection("jdbc:mysql://localhost:3306/JEREN","root","");
        Statement stat = con.createStatement();
        String sql = "Select * from tbl_User Where username='" + user + "' and password='"+pass+"'";
        rs = stat.executeQuery(sql);
        while (rs.next())
        {
            if (user.equals(rs.getString("username")))
            {
                if (pass.equals(rs.getString("password")))
                {
                          JOptionPane.showMessageDialog(null,"Login Successfully");
                          main.getWindows();
                }
                          else
                                  {
                                      JOptionPane.showMessageDialog(null,"Incorrect Password");
            }
            else
            {
                JOptionPane.showMessageDialog(null,"Incorrect Login");
            }
        }
        stat.close();
        con.close();
    }
    catch (SQLException | HeadlessException e)
    {
        //e.printStackTrace();
        JOptionPane.showMessageDialog(null,"PROBLEM OCCURED !!!! ");
    } 
    catch (ClassNotFoundException ex) {
        Logger.getLogger(Users.class.getName()).log(Level.SEVERE, null, ex);
    }
 // TODO add your handling code here:
}  

Actually I think it is not checking the enteries with username and password in database. am I right?

Answer 1

Firstly, select by username , then hash the user entered password en check if it matches the hashed password in the database. I suggest something like SHA-2

I also suggest you write classes to handle your code, ie a User class.. You also forgot to close your ResultSet

One more thing, use PreparedStatement

Answer 2

You are checking for password and username match 2 times.

String sql = "Select * from tbl_User Where username='" + user + "' and password='"+pass+"'";

There you already check the password and user, First you shuld check if the password its not stored as MD5 or any other hash type

After that sql you only need to check if its returns any row like @Prabhakaran says

Answer 3

Do like this

Statement stat = con.createStatement();
user = user.toLowerCase();
pass = pass.toLowerCase();
String sql = "Select * from tbl_User Where LOWER(username)='" + user + "' and LOWER(password)='"+pass+"'";
rs = stat.executeQuery(sql);
if(rs.next())
{
     JOptionPane.showMessageDialog(null,"Login Successfully");
                        main.getWindows();
}
else
{
    JOptionPane.showMessageDialog(null,"Incorrect Login");

}

Answer 4

Check code which is written is connecting to database, password is not there in the below code

con = DriverManager.getConnection("jdbc:mysql://localhost:3306/JEREN","root","");

Second is check the user and pass variable is getting the value from the action event.

Answer 5

First things first.

Code will only be used to validate the error. So you must paste the error fired by your program.

Since we don't have enough information to the problem, I will try to help you out.

1- It seems your connection variable missing the "Connection" try this :

Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/"DATABASENAME"?useTimezone=true&serverTimezone=UTC","USERNAME","PASSWORD");

2 - You already made the if statement to the query in the beginning, so you don't have to start all over again with You can simply type : if (rs.next()) { }
else { JOptionPane.showMessageDialog(null,"Incorrect Password"); } if (rs.next()) { }
else { JOptionPane.showMessageDialog(null,"Incorrect Password"); } if (rs.next()) { }
else { JOptionPane.showMessageDialog(null,"Incorrect Password"); } then carry on with the exception part

this is the code :

try
{
    Class.forName("com.mysql.jdbc.Driver");
   Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/JEREN","root","");
    Statement stat = con.createStatement();
    String sql = "Select * from tbl_User Where username='" + user + "' and password='"+pass+"'";
    rs = stat.executeQuery(sql);
    if (rs.next())
    {

                      JOptionPane.showMessageDialog(null,"Login Successfully");
                      main.getWindows();
            }
                      else
                              {
                                  JOptionPane.showMessageDialog(null,"Incorrect Password");
        }
        else
        {
            JOptionPane.showMessageDialog(null,"Incorrect Login");

    }
    stat.close();
    con.close();
}
catch (SQLException | HeadlessException e)
{
    //e.printStackTrace();
    JOptionPane.showMessageDialog(null,"PROBLEM OCCURED !!!! ");
} 
catch (ClassNotFoundException ex) {
    Logger.getLogger(Users.class.getName()).log(Level.SEVERE, null, ex);
}

// TODO add your handling code here: }`