Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

JSP user registration and login page 2

Status
Not open for further replies.
HacH

HacH

Programmer
Dec 24, 2002
27
GB
Hello All,

I am new to JSP and need to create a user registration and login page. I have little bit of Java experience but not JSP. I am using Access db to hold user detials. Can anyone please help, I have no idea where to start, the work is for my university project.

Thanks
 
Sort by date Sort by votes
Generally when creating a web login the eaiest way to do this is to create two pages. The first page will hold the login form and post to the second page, the second page will make your database connection, execute a query based on the entered username/password, then check the query for validation purposes to make sure the username/password existed. Basically the front page can be strictly a flat html file, sa it doesn't need to do anything more complicated than:
Code: 
<html>
<body>
<form method=POST action=&quot;verify.asp&quot;>
Username: <input type=&quot;text&quot; name=&quot;txtUsername&quot;><br />
Password: <input type=&quot;password&quot; name=&quot;txtPassword&quot;><br />
<input type=&quot;submit&quot; value=&quot;Log In&quot;>
</form>
</html>

The second page will be in JSP:
Code: 
Step 1) Read in the values for the username and password from previous page
Step 2) Gte rid of bad characters inthem like quotes, single quotes, etc. Anything your database won't like
Step 3) Create your SQL statement, somehting like:
   &quot;SELECT * FROM UserTable WHERE user_name = '&quot; + strUsername + &quot;' AND user_pass = '&quot; + strPassword + &quot;'&quot;
Step 4) If the recordset from the above query is EOF, return them to login page, otherwise either redirect them or show them content because they have a valid login.

That should be a basic outline to a login approach, feel free to post back if you have any more questions,
-Tarwn Experts are only people who have realized how much they will never know about a language.
________________________________________________________________________________
Want to get great answers to your Tek-Tips questions? Have a look at faq333-2924
 
Upvote 0 Downvote
Thanks Tarwn,

Another question I have is that should I create the user registration page in the same format?

The user enters detials into a html form, this is posted to a jsp page which checks if details already exist...if not then it will create new user otherwise request detials to be modified.

Thanks

Hach



 
Upvote 0 Downvote
Yes, this si the easiest way to handle web data. It is possible to build all of the screens (login scren, registraion scren, etc) into the same file and also pass around a hidden input field with a value to decide the next action, but generally what you wil have is a form or a link with querysring that causes some action when it is sent/submitted.

The general method of server-side coding is wait to receive something, execute some code/script based on what you receive, start waiting again.

-Tarwn Experts are only people who have realized how much they will never know about a language.
________________________________________________________________________________
Want to get great answers to your Tek-Tips questions? Have a look at faq333-2924
 
Upvote 0 Downvote
I have managed to create the registration and login pages. I have a Microssoft Access database named example.mdb and have created the system DSN and called it &quot;example&quot;. Can you please tell me how to connect to this database through my JSP registration page. I have read some examples on the web and a book that use the &quot;taglib&quot;. I assume this is similar to a javaBean but created for a specific purpose, but this does not make any sense. Can you please tell me what code I need and how to make the connection.

Thanks

Hach
 
Upvote 0 Downvote
Hi HacH:

Tarwn code is excellent for your application. You must improve it if you plan to use it in production. There are some corrections I would made:

1) &quot;SELECT * FROM UserTable WHERE user_name = '&quot; + strUsername + &quot;' AND user_pass = '&quot; + strPassword + &quot;'&quot;

Check this query:
SELECT * FROM UserTable WHERE user_name = 'anything' AND user_pass = '' OR ''=''

This would be true for any database, so a hacker just have to put:
' OR ''='
in the password field to access your application.

You can avoid this using another authentication mechanism (LDAP or something similar) or using java.sql.PreparedStatement to access the database.

2) It's not good to have business code embedded in a JSP page, as a matter of design patterns. You can see a detailed explanation of this issue in another thread answered by me. It is better for you to use a Session Bean to perform the authentication and mantain session information to show the content to an specific user.

you can use a bean which is a simple class with the jsp directive:

<%@ page import=&quot;ClassName&quot; %>
<jsp:useBean id=&quot;className&quot; scope=&quot;session&quot; class=&quot;ClassName&quot; />

You can use the bean methods in the jsp like:

className.method();

---------------

Now, the connection to the database, could be made through the jdbc conectivity. If you are using access, one way is to use the jdbc-odbc bridge. You can set an ODBC source in the configuration Panel and then point a java.sql.Connection to this source through the jdbc.odbc driver. check this example:
Code: 
database.properties:

driver=sun.jdbc.odbc.JdbcOdbcDriver
jdbc=jdbc:odbc:YOUR_SOURCE_NAME
user=
passwd=

Connection Bean:


	private static String driver;
	private static String jdbc;
	private static String user;
	private static String passwd;


	private static void getResources(){
		try{
			resources=ResourceBundle.getBundle(&quot;database&quot;);
			driver=resources.getString(&quot;driver&quot;);
			jdbc=resources.getString(&quot;jdbc&quot;);
			user=resources.getString(&quot;user&quot;);
			passwd=resources.getString(&quot;passwd&quot;);
		}
		catch(MissingResourceException e){
			ex.show(&quot;No se encuentra el recurso:&quot;,e);
		}
		catch(Exception e){
			ex.show(&quot;Excepcion no reconocida:&quot;,e);
		}
	}


	private static void conectar(){
		try{
			Class.forName(driver);
		}
		catch(ClassNotFoundException e){
			ex.show(&quot;No se encuentra el driver especificado:&quot;,e);
		}
		catch(Exception e){
			ex.show(&quot;Excepcion no reconocida:&quot;,e);
		}
			
		try{
            conexion = DriverManager.getConnection(jdbc,user,passwd);
			metaData=conexion.getMetaData();
		}
		catch(SQLException e){
			ex.show(&quot;No se puede obtener la conexion:&quot;,e);
		}
		catch(Exception e){
			ex.show(&quot;Excepcion no reconocida:&quot;,e);
		}
		
		System.out.println(&quot;Conexion realizada. ID: &quot;+conexion);

	}

Feel free to post back if you have any more questions.

Hope it helps.

Pedro Andrés Solorzano
Pontificia Universidad Javeriana
Bogotá, Colombia, SurAmérica.
 
Upvote 0 Downvote
This is the thread I told you about:

thread695-381165

Hope it helps. Pedro Andrés Solorzano
Pontificia Universidad Javeriana
Bogotá, Colombia, SurAmérica.
 
Upvote 0 Downvote
Pedro:

You mention that someone could attempt an SQL injection attack in step 1, that was the reasoning behind my step 2 was to replace certain characters (like single quotes) with their escape characters (double single quotes).


Also, could you explain the reasoning a bit more behind the seperation of business and design?

-Tarwn Experts are only people who have realized how much they will never know about a language.
________________________________________________________________________________
Want to get great answers to your Tek-Tips questions? Have a look at faq333-2924
 
Upvote 0 Downvote
Hi Tarwn:

That's right, I didn't note the second step. It's just another way to do the same thing, checking for bad characters or using prepared statement (I still recommend the prepared statement). Again, your code is excellent and I think it is a good way to start with JSP's. I think it is much clear to HacH, who has no experience with this kind of programming.

About the design patterns, check the following thread:

Thread695-381165

It is not a detailed explanation, because it is a whole book issue, but it gives an idea. There is a link to other information too.

Hope it Helps. Pedro Andrés Solorzano
Pontificia Universidad Javeriana
Bogotá, Colombia, SurAmérica.
 
Upvote 0 Downvote
Ah, I must not have been awake the last time I read this post, basically it's another seperation of content and logic type of thing. Wasn't aware that the common practice was to move the logic to beans though, thanks for the info.
-Tarwn ________________________________________________________________________________
Want to get great answers to your Tek-Tips questions? Have a look at faq333-2924
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

jmarkus
  • Locked
  • Question
Exception in thread &quot;AWT-EventQueue-0&quot; triggered by normal user, but not administrator
Replies
0
Views
463
jmarkus
jmarkus
Xsi
  • Locked
  • Question
Date and week randomizer
Replies
3
Views
352
Xsi
Xsi
SamBones
  • Locked
  • Question
JVM 1.8 Min and Max Heap Sizes
Replies
7
Views
921
Diancecht
Diancecht
remeng
  • Locked
  • Question
Hockey Goal Light and Phillips Hue
Replies
1
Views
293
xwb
xwb
seema165
  • Locked
  • Question
Web Application (JSP, Servlets, Struts) Issue - Java &amp; Tomcat Upgrade
Replies
12
Views
495
Diancecht
Diancecht

Part and Inventory Search

Sponsor

Back
Top