javaAddict
Nearly a Senior Poster
Team Colleague
3,329 posts since Dec 2007
Reputation Points: 1,014
Solved Threads: 448
Have something to say? Contribute New Article Reply to this Article
password appear not encrypted in the JSP URL
The following is my code for login function. I save the password as MD5 but inside the url after logged in it shows the full word instead of showing MD5. I'm still very new to Java EE and any help I can get will be very much appreciated.
<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*" errorPage="" %>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Login Page</title>
</head>
<body>
<form name="form1" method="GET" action="LoginServlet" onsubmit="return checkForm()">
<table width="80%" border="0" cellspacing="2" cellpadding="2" align="center" class="firsttbl">
<tr>
<td><%@ include file="banner.jsp" %></td>
</tr>
<tr>
<td><table width="40%" bordercolor="#0099FF" border="1" cellspacing="0" cellpadding="0" align="center">
<tr>
<td><table width="100%" border="0" cellspacing="2" cellpadding="4">
<tr>
<td width="35%"> </td>
<td width="3%"> </td>
<td width="62%"> </td>
</tr>
<tr>
<td colspan="3" align="center"><b>User Login Page</b></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td align="right">Username</td>
<td>:</td>
<td><input type="text" name="Username" size="25" class="textbox" ></td>
</tr>
<tr>
<td align="right">Password</td>
<td>:</td>
<td><input type="password" name="Password" size="25" class="textbox"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
<tr>
<td colspan="3" align="center"><!--<input type="hidden" name="actionID" value="LoginServlet" /> --><input type="submit" name="Login" value="Login"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table></td>
</tr>
</table></td>
</tr>
<tr>
<td><%@ include file="footer.jsp" %></td>
</tr>
</table>
<script type="text/javascript">
function checkForm(){
if(document.form1.Username.value == ""){
alert("Please enter Username.");
return false;
}
if(document.form1.Password.value == ""){
alert("Please enter password.");
return false;
}
else{
return true;
}
}
</script>
</form>
</body>
</html>import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
public class Relay extends HttpServlet {
@Override
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, java.io.IOException {
processRequest(request, response);
}
@Override
protected void doPost(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
public void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String command = request.getParameter("actionID");
RequestDispatcher view = request.getRequestDispatcher(command);
view.forward(request, response);
}
}import dbFunctions.ITReportDB;
import dbFunctions.ITReport_DBConn;
import java.io.*;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.*;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.swing.JOptionPane;
public class LoginServlet extends HttpServlet {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
try {
ITReportDB reportDB = ITReport_DBConn.getITReportDB();
boolean check = false;
boolean checkStaff = false;
String pwd;
String PwdS = request.getParameter("Password");
char[] Pwd = PwdS.toCharArray();
String Password = "";
for (int i = 0; i < Pwd.length; i++) {
Password += Pwd[i];
}
MessageDigest m = MessageDigest.getInstance("MD5");
m.update(Password.getBytes(), 0, Password.length());
pwd = new BigInteger(1, m.digest()).toString(16);
while (pwd.length() < 32) {
pwd = "0" + pwd;
}
check = reportDB.checkLogin(request.getParameter("Username"), pwd);
checkStaff = reportDB.checkLoginStaff(request.getParameter("Username"), pwd);
if (check) {
//Set the Session
HttpSession session = request.getSession(true);
session.setMaxInactiveInterval(120); //Timeout in seconds
session.setAttribute("Username", request.getParameter("Username")); //User Type
RequestDispatcher view = request.getRequestDispatcher("management_login.jsp");
view.forward(request, response);
} else if (checkStaff) {
HttpSession session = request.getSession(true);
session.setMaxInactiveInterval(180000); //Timeout in seconds
session.setAttribute("Username", request.getParameter("Username")); //User Type
RequestDispatcher view = request.getRequestDispatcher("staff_login.jsp");
view.forward(request, response);
} else {
//out.println("<br/>You have entered wrong user name or password. Click <a href=index>here</a> to try again.<br/><br/>");
JOptionPane.showMessageDialog(null, "Incorrect username or password!");
RequestDispatcher view = request.getRequestDispatcher("index.jsp");
view.forward(request, response);
}
} catch (ClassNotFoundException cnfe) {
System.out.println(cnfe);
} catch (SQLException sqle) {
System.out.println(sqle);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(LoginServlet.class.getName()).log(Level.SEVERE, null, ex);
}
out.close();
}
}public boolean checkLogin(String username, String pwd)
throws ClassNotFoundException, SQLException {
boolean check = false;
try {
Statement myStatement = getConnection();
String writeString = "SELECT * FROM management_login_details WHERE Username ='" + username + "' and Password = '" + pwd + "'";
// System.out.println(writeString);
ResultSet results = myStatement.executeQuery(writeString);
if (results.next()) {
check = true;
}
closeConnection();
} catch (ClassNotFoundException cnfe) {
System.out.println(cnfe);
throw cnfe;
} catch (SQLException sqle) {
System.out.println(sqle);
throw sqle;
}
return check;
}boolean checkLogin(String username, String pwd)
throws ClassNotFoundException, SQLException;This question has already been solved
You
© 2012 DaniWeb® LLC
