|
-
Login (Java Servlet/Database)
I'm trying to create a login page that will verify users, create a session, and then redirect them to a specific page according to their user_type in the database. Everything seems to be working accept that it will not verify everything that has an "else if" statement. It will verify the user_type in the if and the user_type with the else, but seems to skip over the else if's. I need it to check else if's as well. I'll supply my code. Any suggestions would be appreciated. Thanks in advance.
Code:
/* Login verifies username and password, creates session with username,
* and directs user to correct page via their usertype. */
import java.sql.*;
import java.io.*;
import oracle.jdbc.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class login extends HttpServlet
{
public void doPost (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
// Get the requested name and the output writer.
PrintWriter out = response.getWriter ();
String username = request.getParameter ("username");
String password = request.getParameter ("password");
String user = request.getParameter ("username");
String faculty = "Faculty";
String hod = "HOD";
String student = "Student";
String employee = "Employee";
String admin = "Administrator";
//Used to instantiate a connection
Connection conn = null;
try
{
// Load Oracle driver to connect to the database.
Class.forName ("oracle.jdbc.driver.OracleDriver");
// Connect to the database
conn = DriverManager.getConnection
("...");
// Create a statement and a query and get the ResultSet.
Statement stmt = conn.createStatement ();
ResultSet rs = stmt.executeQuery ("...");
/* If it is a valid user: create the session and direct user to
*correct page. Creates session. Keeps the username name in the
*session till the browser is close */
if (rs.next()) {
HttpSession session = request.getSession(true);
session.setAttribute("user", username);
if(
(!(username.equals ("null")) && username.equals(rs.getString ("username")))
&& (!(password.equals ("null")) && password.equals(rs.getString ("password")))
&& (admin.equals(rs.getString ("user_type"))))
{
//Creates session with username and direct to next page.
response.sendRedirect("admin.html");
}//Administrator
else if (
(!(username.equals (null)) && username.equals("rs.getString ('username')"))
&& (!(password.equals (null)) && password.equals("rs.getString ('password')"))
&& (hod.equals("rs.getString ('user_type')")))
{
//Creates session with username and direct to next page.
// HttpSession session = request.getSession(true);
/session.setAttribute("user", username);
response.sendRedirect("headofdept.html");
}//Head of Department
else if (
(!(username.equals (null)) && username.equals("rs.getString ('username')"))
&& (!(password.equals (null)) && password.equals("rs.getString ('password')"))
&& (faculty.equals("rs.getString ('user_type')")))
{
//Creates session with username and direct to next page.
//HttpSession session = request.getSession(true);
//session.setAttribute("user", username);
response.sendRedirect("faculty.html");
}//Faculty
else if (
(!(username.equals(null)) && username.equals("rs.getString ('username')"))
&& (!(password.equals (null)) && password.equals("rs.getString ('password')"))
&& (employee.equals("rs.getString ('user_type')")))
{
//Creates session with username and direct to next page.
//HttpSession session = request.getSession(true);
//session.setAttribute("user", username);
response.sendRedirect("employee.html");
}//Employee
else if (
(!(username.equals (null)) && username.equals(rs.getString ("username")))
&& (!(password.equals (null)) && password.equals(rs.getString ("password")))
&& (student.equals(rs.getString ("user_type"))))
{
//Creates session with username and direct to next page.
/*Cookie cookie = new Cookie ("user", rs.getString ("password"));
cookie.setMaxAge (3600); // Set the maximum age to be an hour.
response.addCookie (cookie);
response.sendRedirect("createstudentuser.html");*/
//HttpSession session = request.getSession(true);
//session.setAttribute("user", username);
//out.println ("<h3>Username: " + (String) session.getAttribute ("user") + "<h3>");
response.sendRedirect("student.html");
}//Students
else out.println ("<h3>Incorrect login information.</h3>");
}
rs.close();
} //try (For DB load)
//Error handled if Integer is not passed for an int variable type.
catch(NumberFormatException e)
{
out.println("Number Format Exception");
return;
}//catch(NumberFormatException e)
//Error handled if there is an SQL error.
catch(SQLException e)
{
out.println(e.getMessage());
while((e = e.getNextException()) != null)
out.println(e.getMessage());
}//catch(SQLException e)
//Error handled if .class file for HTML action cannot be found.
catch(ClassNotFoundException e)
{
out.println(e.getMessage());
}//catch(ClassNotFoundException e)
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}//try
catch (Exception ignored) {}
}//if (conn !=null)
} // finally
} //doGet
} // End login.java
-
(!(username.equals (null)) && username.equals("rs.getString ('username')"))
You mistyped quotes, should be:
Code:
(!(username.equals (null)) && username.equals(rs.getString ("username")))
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Top DevX Stories
Easy Web Services with SQL Server 2005 HTTP Endpoints
JavaOne 2005: Java Platform Roadmap Focuses on Ease of Development, Sun Focuses on the "Free" in F.O.S.S.
Wed Yourself to UML with the Power of Associations
Microsoft to Add AJAX Capabilities to ASP.NET
IBM's Cloudscape Versus MySQL
|
Reply With Quote
Bookmarks