I want to make a basic "forgot password" system and I gave a random generated token for each user and stored it in database. The user has to enter his email on a form to request a link for the password reset. Then, he receives an email with a specific link like: http://localhost:8080/login/reset-password.jsp?token=fd6256666910438486e76760952ea71d where the parameter "token" retrieves the token value that is associated with his email in database.
Now, my question is, how can I get the password updated while getting the token value in URL?
I have tried to request the parameter from URL but I don't know what I'm missing here because when I'm debugging it shows me that reset_token is NULL and because of that, nothing is updated . Please help.
Here's my table:
CREATE TABLE user (
id bigint identity NOT NULL,
username varchar(50) NOT NULL,
email varchar(50) NOT NULL,
password varchar(50) NOT NULL,
attempts int DEFAULT 3,
state varchar(50) DEFAULT 'Active’,
reset_token varchar(50),
time_token TIMESTAMP,
PRIMARY KEY (id)
);
Here's my servlet:
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String password = request.getParameter("password");
String token = request.getParameter("token");
ForgotPasswordHandler.UpdatePassword(password, token);
String message = "Password changed!";
request.setAttribute("message", message);
request.getRequestDispatcher("reset-password.jsp?token=" + token).forward(request, response);
}
And this is the method from ForgotPasswordHandler.java:
public static void UpdatePassword(String password, String token) throws SQLException {
PreparedStatement ps = null;
try
{
if (con == null){
System.out.println("Failed connection");
} else {
ps = con.prepareStatement(
"UPDATE user SET password = ? WHERE reset_token = ?");
ps.setString(1,password);
ps.setString(2,token);
ps.executeUpdate();
if (!con.getAutoCommit()) {
con.commit();
}
}
}
catch (Exception e) {
e.printStackTrace(System.out);
}
finally {
if (ps != null) {
ps.close();
}
}
So, after long hours searching, I figured out that the token parameter isn't retrieving anything because in a post request it gets values from the body and not from URL, so I simply added an hidden input inside the form like this:
<input type="hidden" name="token" value="<%= request.getParameter("token")%>">
And it worked perfectly. Hope this helps someone in the future.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.