I'm trying to create a login page that will verify users, create a session, and then redirect them to a specific page according to their user_type in the database. Everything seems to be working accept that it will not verify everything that has an "else if" statement. It will verify the user_type in the if and the user_type with the else, but seems to skip over the else if's. I need it to check else if's as well. I'll supply my code. Any suggestions would be appreciated. Thanks in advance.
Code:
/* Login verifies username and password, creates session with username,
* and directs user to correct page via their usertype. */
import java.sql.*;
import java.io.*;
import oracle.jdbc.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class login extends HttpServlet
{
public void doPost (HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException
{
// Get the requested name and the output writer.
PrintWriter out = response.getWriter ();
String username = request.getParameter ("username");
String password = request.getParameter ("password");
String user = request.getParameter ("username");
String faculty = "Faculty";
String hod = "HOD";
String student = "Student";
String employee = "Employee";
String admin = "Administrator";
//Used to instantiate a connection
Connection conn = null;
try
{
// Load Oracle driver to connect to the database.
Class.forName ("oracle.jdbc.driver.OracleDriver");
// Connect to the database
conn = DriverManager.getConnection
("...");
// Create a statement and a query and get the ResultSet.
Statement stmt = conn.createStatement ();
ResultSet rs = stmt.executeQuery ("...");
/* If it is a valid user: create the session and direct user to
*correct page. Creates session. Keeps the username name in the
*session till the browser is close */
if (rs.next()) {
HttpSession session = request.getSession(true);
session.setAttribute("user", username);
if(
(!(username.equals ("null")) && username.equals(rs.getString ("username")))
&& (!(password.equals ("null")) && password.equals(rs.getString ("password")))
&& (admin.equals(rs.getString ("user_type"))))
{
//Creates session with username and direct to next page.
response.sendRedirect("admin.html");
}//Administrator
else if (
(!(username.equals (null)) && username.equals("rs.getString ('username')"))
&& (!(password.equals (null)) && password.equals("rs.getString ('password')"))
&& (hod.equals("rs.getString ('user_type')")))
{
//Creates session with username and direct to next page.
// HttpSession session = request.getSession(true);
/session.setAttribute("user", username);
response.sendRedirect("headofdept.html");
}//Head of Department
else if (
(!(username.equals (null)) && username.equals("rs.getString ('username')"))
&& (!(password.equals (null)) && password.equals("rs.getString ('password')"))
&& (faculty.equals("rs.getString ('user_type')")))
{
//Creates session with username and direct to next page.
//HttpSession session = request.getSession(true);
//session.setAttribute("user", username);
response.sendRedirect("faculty.html");
}//Faculty
else if (
(!(username.equals(null)) && username.equals("rs.getString ('username')"))
&& (!(password.equals (null)) && password.equals("rs.getString ('password')"))
&& (employee.equals("rs.getString ('user_type')")))
{
//Creates session with username and direct to next page.
//HttpSession session = request.getSession(true);
//session.setAttribute("user", username);
response.sendRedirect("employee.html");
}//Employee
else if (
(!(username.equals (null)) && username.equals(rs.getString ("username")))
&& (!(password.equals (null)) && password.equals(rs.getString ("password")))
&& (student.equals(rs.getString ("user_type"))))
{
//Creates session with username and direct to next page.
/*Cookie cookie = new Cookie ("user", rs.getString ("password"));
cookie.setMaxAge (3600); // Set the maximum age to be an hour.
response.addCookie (cookie);
response.sendRedirect("createstudentuser.html");*/
//HttpSession session = request.getSession(true);
//session.setAttribute("user", username);
//out.println ("<h3>Username: " + (String) session.getAttribute ("user") + "<h3>");
response.sendRedirect("student.html");
}//Students
else out.println ("<h3>Incorrect login information.</h3>");
}
rs.close();
} //try (For DB load)
//Error handled if Integer is not passed for an int variable type.
catch(NumberFormatException e)
{
out.println("Number Format Exception");
return;
}//catch(NumberFormatException e)
//Error handled if there is an SQL error.
catch(SQLException e)
{
out.println(e.getMessage());
while((e = e.getNextException()) != null)
out.println(e.getMessage());
}//catch(SQLException e)
//Error handled if .class file for HTML action cannot be found.
catch(ClassNotFoundException e)
{
out.println(e.getMessage());
}//catch(ClassNotFoundException e)
finally
{
//Clean up resources, close the connection.
if(conn != null)
{
try
{
conn.close();
}//try
catch (Exception ignored) {}
}//if (conn !=null)
} // finally
} //doGet
} // End login.java
Reply With Quote
Bookmarks