Login and register form in one page in servlet

Question

0.00/5 (No votes)

See more:

I have stored email, dob, first name and last name in the database. Now i want to make password creation. In login page first time user should create password and it should store in the db. Again if the same user logs in with correct credentials, it should redirect to landing page. But there are only two fields in font end one is email and another one is password.

What I have tried:

I have tried this servlet code but i didnt get where to put insert value for first time password store.

Java

package admin.com;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import java.sql.*;

import javax.servlet.http.HttpSession;

public class LoginServlet extends HttpServlet {
	private static final long serialVersionUID = 102831973239L;

	/**
	 * @see HttpServlet#HttpServlet()
	 */
	public LoginServlet() {
		super();
		// TODO Auto-generated constructor stub
	}

	/**
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
	 *      response)
	 */
	protected void doGet(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		PrintWriter out = response.getWriter();
		String email = request.getParameter("useremail");
		String password = request.getParameter("password");
		
		

		
		String searchQuery = "select * from login where email='" + email
				+ "' AND password='" + password + "'" ;
		try {
			Class.forName("com.mysql.jdbc.Driver");
		} catch (ClassNotFoundException e) {
			System.out.println(e.getMessage());
		}
		try {
			Connection con = DriverManager.getConnection(
					"jdbc:mysql://localhost:3306/test", "root", "" + ""
							+ "" + "");
			Statement stmt = con.createStatement();
			ResultSet rs = stmt.executeQuery(searchQuery);
			
			
			 
			// out.println("email: "+email);
			// out.println("password: "+password);
			// out.println("type: "+type);
		//	out.println("type: ");
			
			boolean isEmpty = rs.next();
		
		//	out.println("type: " + type);
			if (!isEmpty) {
				// redirect to error page
				// System.out.println("<font color=red>invalid user name or password</font>");
				//request.getSession().removeAttribute("errorMessage");
				
			//	System.out.println("Invalid Credentials");
				
				response.sendRedirect("index.jsp");
				request.setAttribute("error","Invalid Username or Password");
			
			} else if (isEmpty) {
				// fetch the session from request, create new session if session
				// is not present in the request
				HttpSession session = request.getSession(true);
				session.setAttribute("FirstName", rs.getString("first_name"));
			    session.setAttribute("LastName", rs.getString("last_name"));
				session.setAttribute("employee_id", rs.getString("employee_id"));
				
				// session.setAttribute("Type", rs.getString("type"));
				// redirect to success page
			  //	session.setMaxInactiveInterval(50); // *600 secs = 10 mins *//

				// if(rs.next()){
				// stype t1=new type();
				String user_type = rs.getString("user_type");
				// String type= rs.getString("type");
			//	out.println("type: " + type);
				if ("admin".equals(user_type)) {
					// redirect to buyer page
					response.sendRedirect("Landing.jsp");
				} else if ("emp".equals(user_type)) {
					// redirect to seller page
					response.sendRedirect("error.jsp");
					request.setAttribute("error","Invalid Username or Password");
					
				}

				// }

			}
		} catch (SQLException e) {
			System.out.println("SQLException occured: " + e.getMessage());
			e.printStackTrace();
		}
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
	 *      response)
	 */
	protected void doPost(HttpServletRequest request,
			HttpServletResponse response) throws ServletException, IOException {
		// TODO Auto-generated method stub
	}

}

Posted 13-Jun-17 19:54pm

Venkatesh K H

Add a Solution

Comments

Richard MacCutchan 14-Jun-17 4:17am

If the user tries to login and credentials cannot be found in the database then you will need them to register. This usually means directing them to a different page to input their details.

Richard Deeming 14-Jun-17 17:07pm

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Richard Deeming 14-Jun-17 17:08pm

And NEVER store passwords in plain text.

Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)