Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Login - Comparing user input with database
- if(request.getParameter("username")!=null && request.getParameter("username") !=""
- && request.getParameter("password")!=null && request.getParameter("password")!=""){
- String user = request.getParameter("username").toString();
- String pass = request.getParameter("password").toString();
- String check = "SELECT AccountType FROM Testing WHERE Username='"+user+"' AND Password ='"+pass+"'";
- rs = stmt.executeQuery(check);
- String info = rs.getString(check); // trying to get the AccountType and store it into a string
- while(rs.next()){
- if(info != null && info !=""){ //checks to see if the account exist in the database
- if(info.equals("Admin")){ //checks to see if AccountType is "Admin"
- response.sendRedirect("AdminConsole.jsp");
- }else
- response.sendRedirect("UserConsole.jsp");
- }else
- response.sendRedirect("ErrorPage2.jsp");
- }
- }else
- response.sendRedirect("ErrorPage.jsp");
- connection.close();
- create procedure ValidateUserLogin
- @UserName varchar(30)
- , @Password varchar(30)
- as
- begin
- if exists (select * from UsersTable as ut
- where ut.UserName = @UserName AND ut.Password = @Password)
- select 1;
- else
- select 0;
- end
- private bool IsValidatedUser( string username, string password ) {
- try {
- bool rv = false;
- using ( SqlConnection con = new SqlConnection( connectionString ) ) {
- using ( SqlCommand cmd = new SqlCommand() ) {
- con.Open();
- cmd.Connection = con;
- cmd.CommandType = CommandType.StoredProcedure;
- cmd.CommandText = "ValidateUserLogin";
- cmd.Parameters.Add( "@UserName", SqlDbType.VarChar, 30 ).Value = username;
- cmd.Parameters.Add( "@Password", SqlDbType.VarChar, 30 ).Value = password;
- rv = Convert.ToBoolean( cmd.ExecuteScalar() );
- con.Close();
- }
- }
- return rv;
- }
- catch ( Exception ex ) {
- // Log errors
- throw;
- }
- }
Add Comment
Please, Sign In to add comment