<%@page import="java.sql.*,java.util.*"%><%@page import="java.security.*"%><%@

1. <%@page import="java.sql.*,java.util.*"%>
2. <%@page import="java.security.*"%>
3. <%@page import="javax.crypto.*"%>
4.  
5. <%!
6. private static String algorithm = "DESede";
7. private static Key key = null;
8. private static Cipher cipher = null;
9. //Encryption algorithm
10. private static byte[] encrypt(String input)throws Exception {
11. cipher.init(Cipher.ENCRYPT_MODE, key);
12. byte[] inputBytes = input.getBytes();
13. return cipher.doFinal(inputBytes);
14. }
15. %>
16. <%!
17. //Decryption algorithm
18. private static String decrypt(byte[] encryptionBytes)throws Exception {
19. cipher.init(Cipher.DECRYPT_MODE, key);
20. byte[] recoveredBytes = cipher.doFinal(encryptionBytes);
21. String recovered = new String(recoveredBytes);
22. return recovered;
23. }
24. %>
25.  
26.  
27. <%
28. String action=request.getParameter("action");
29. if (action.equals("Submit")){ //calling page is register.jsp
30. //Data entered in registration
31. String userid=request.getParameter("userid");
32. String fname=request.getParameter("fname");
33. String lname=request.getParameter("lname");
34. String email=request.getParameter("email");
35. String phone=request.getParameter("phone");
36. int nphone=Integer.parseInt(request.getParameter("nphone"));
37. String address=request.getParameter("Address");
38. String password=request.getParameter("password");
39. String ans=request.getParameter("ans");
40. //StringBuffer buffer=new StringBuffer();
41. //Don't know the use of above line,so just commented it and it is working fine.
42. key = KeyGenerator.getInstance(algorithm).generateKey();
43. cipher = Cipher.getInstance(algorithm);
44. String input = password;
45. System.out.println("Entered: " + input);
46. byte[] encryptionBytes = encrypt(input);
47. String pass=new String(encryptionBytes); //encrypted password
48. String connectionURL = "jdbc:mysql://localhost:3306/userlogin";
49. Connection con=null;
50.  
51. try{
52. Class.forName("com.mysql.jdbc.Driver");
53. con = DriverManager.getConnection("jdbc:mysql://localhost:3306/userlogin", "root", "");
54. // int i=st.executeUpdate("insert into userlogin.loginrecord(userid,fname,lname,email,phone,nphone,Address,password)values('"+userid+"','"+fname+"','"+lname+"','"+email+"','"+phone+"','"+nphone+"','"+address+"','"+password+"')");
55. PreparedStatement ps = con.prepareStatement("insert into userlogin.loginrecord(userid,fname,lname,email,phone,nphone,Address,password,ans) values(?,?,?,?,?,?,?,?,?)");
56. ps.setString(1,userid);
57. ps.setString(2,fname);
58. ps.setString(3,lname);
59. ps.setString(4,email);
60. ps.setString(5,phone);
61. ps.setInt(6,nphone);
62. ps.setString(7,address);
63. ps.setString(8,pass);
64. ps.setString(9,ans);
65. int i = ps.executeUpdate();
66. out.println("Data is successfully inserted!");
67. }
68. catch(Exception ex){
69. System.out.println(ex);
70. }
71. }
72.  
73. else if(action.equals("user login")) { //calling page is userlogin.jsp
74. String userid=request.getParameter("userid");
75. String password=request.getParameter("password");
76.  
77. String connectionURL = "jdbc:mysql://localhost:3306/userlogin";
78. Connection con=null;
79.  
80. try{
81. Class.forName("com.mysql.jdbc.Driver");
82. con = DriverManager.getConnection("jdbc:mysql://localhost:3306/userlogin", "root", "");
83. Statement st=con.createStatement();
84. ResultSet rs=st.executeQuery("SELECT * FROM userlogin.loginrecord WHERE (userid='"+userid+"')");
85. String pass = "";
86. if(rs.next()) {
87. pass = rs.getString("password");
88. }
89. //working upto here.
90. byte[] passw = pass.getBytes();
91. //I am not sure, above line is working too imho.
92. if (password.equals(decrypt(passw)))
93. out.println("welcome " + userid);
94. else{
95. response.sendRedirect("userlogin.jsp");
96. }
97.  
98. }
99. catch(Exception e){
100. System.out.println(e);
101. }
102. }
103. %>