Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <%@page import="java.sql.*,java.util.*"%>
- <%@page import="java.security.*"%>
- <%@page import="javax.crypto.*"%>
- <%!
- private static String algorithm = "DESede";
- private static Key key = null;
- private static Cipher cipher = null;
- //Encryption algorithm
- private static byte[] encrypt(String input)throws Exception {
- cipher.init(Cipher.ENCRYPT_MODE, key);
- byte[] inputBytes = input.getBytes();
- return cipher.doFinal(inputBytes);
- }
- %>
- <%!
- //Decryption algorithm
- private static String decrypt(byte[] encryptionBytes)throws Exception {
- cipher.init(Cipher.DECRYPT_MODE, key);
- byte[] recoveredBytes = cipher.doFinal(encryptionBytes);
- String recovered = new String(recoveredBytes);
- return recovered;
- }
- %>
- <%
- String action=request.getParameter("action");
- if (action.equals("Submit")){ //calling page is register.jsp
- //Data entered in registration
- String userid=request.getParameter("userid");
- String fname=request.getParameter("fname");
- String lname=request.getParameter("lname");
- String email=request.getParameter("email");
- String phone=request.getParameter("phone");
- int nphone=Integer.parseInt(request.getParameter("nphone"));
- String address=request.getParameter("Address");
- String password=request.getParameter("password");
- String ans=request.getParameter("ans");
- //StringBuffer buffer=new StringBuffer();
- //Don't know the use of above line,so just commented it and it is working fine.
- key = KeyGenerator.getInstance(algorithm).generateKey();
- cipher = Cipher.getInstance(algorithm);
- String input = password;
- System.out.println("Entered: " + input);
- byte[] encryptionBytes = encrypt(input);
- String pass=new String(encryptionBytes); //encrypted password
- String connectionURL = "jdbc:mysql://localhost:3306/userlogin";
- Connection con=null;
- try{
- Class.forName("com.mysql.jdbc.Driver");
- con = DriverManager.getConnection("jdbc:mysql://localhost:3306/userlogin", "root", "");
- // int i=st.executeUpdate("insert into userlogin.loginrecord(userid,fname,lname,email,phone,nphone,Address,password)values('"+userid+"','"+fname+"','"+lname+"','"+email+"','"+phone+"','"+nphone+"','"+address+"','"+password+"')");
- PreparedStatement ps = con.prepareStatement("insert into userlogin.loginrecord(userid,fname,lname,email,phone,nphone,Address,password,ans) values(?,?,?,?,?,?,?,?,?)");
- ps.setString(1,userid);
- ps.setString(2,fname);
- ps.setString(3,lname);
- ps.setString(4,email);
- ps.setString(5,phone);
- ps.setInt(6,nphone);
- ps.setString(7,address);
- ps.setString(8,pass);
- ps.setString(9,ans);
- int i = ps.executeUpdate();
- out.println("Data is successfully inserted!");
- }
- catch(Exception ex){
- System.out.println(ex);
- }
- }
- else if(action.equals("user login")) { //calling page is userlogin.jsp
- String userid=request.getParameter("userid");
- String password=request.getParameter("password");
- String connectionURL = "jdbc:mysql://localhost:3306/userlogin";
- Connection con=null;
- try{
- Class.forName("com.mysql.jdbc.Driver");
- con = DriverManager.getConnection("jdbc:mysql://localhost:3306/userlogin", "root", "");
- Statement st=con.createStatement();
- ResultSet rs=st.executeQuery("SELECT * FROM userlogin.loginrecord WHERE (userid='"+userid+"')");
- String pass = "";
- if(rs.next()) {
- pass = rs.getString("password");
- }
- //working upto here.
- byte[] passw = pass.getBytes();
- //I am not sure, above line is working too imho.
- if (password.equals(decrypt(passw)))
- out.println("welcome " + userid);
- else{
- response.sendRedirect("userlogin.jsp");
- }
- }
- catch(Exception e){
- System.out.println(e);
- }
- }
- %>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement