I would like to ensure that when a user enters username & password, authentication is done by checking if input matches some row in the user table. Here is the code so far: It allows only the first user in the database to login. Please suggest how I can set it right. Thanks
private class thehandler implements ActionListener {
@Override
public void actionPerformed(ActionEvent ae) {
String namevalue = usertext.getText();
String pwdvalue = pwdtext.getText();
//read values from user table in sql database
try {
Class.forName("com.mysql.jdbc.Driver");
String conUrl = "jdbc:mysql://localhost/hall?" +
"user=root&password=blend";
Connection con = DriverManager.getConnection(conUrl);
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM user");
while(rs.next()) {
if(namevalue.equals(rs.getString("userName")) && pwdvalue.equals(rs.getString("password"))) {
JOptionPane.showMessageDialog(null, "You are logged in",
"Makhall login", JOptionPane.INFORMATION_MESSAGE);
//move on to homepage if user is valid
homePage home = new homePage();
home.setAlwaysOnTop(rootPaneCheckingEnabled);
}
else {
JOptionPane.showMessageDialog(null, "Incorrect username or password",
"Error", JOptionPane.ERROR_MESSAGE);
}
break;
}
}
catch (SQLException e) {
System.out.println("SQL Exception: "+ e.toString());
}
catch (ClassNotFoundException cE) {
System.out.println("Class Not Found Exception: "+ cE.toString());
}
}
}
Sorry, I think this is awful code. You have everything mingled together: UI, database connection, querying, etc. Java's an object-oriented language. One of the tenants of good object design is cohesion: have a class do one thing well.
Start by separating your database querying into a data access object. Get it working, test it, and let other clients simply use it. You'll build up your complex solution by letting simpler objects collaborate.
Your immediate problem is that your SELECT needs a WHERE clause: WHERE username = ?
.
You only want to check the password for the user at hand.
That question mark is deliberate: use PreparedStatement, not Statement.
You're selecting all the users from the database. Don't ever do this. Instead, select the user which has the given login. If it exists, check the password. If it doesn't exist, then the login itself is incorrect.
Also:
I also made the same program. See here:
String m=jt1.getText();
String n= new String(jt2.getPassword());
try{
Connection con = DriverManager.getConnection("jdbc:mysql://localhost/darshanproject","root","");
Statement st = con.createStatement();
String q="select * from emp where UID='"+m+"'";
ResultSet rs=st.executeQuery(q);
rs.next();
String user, pass;
user =rs.getString("UID");
pass =rs.getString("password");
{ if(m.compareTo(user)==0)
if(n.compareTo(pass)==0)
System.out.println("login Success");
else
System.out.println("Wrong Password");
}
}catch(Exception ex){
System.out.println(ex);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.