I am having a problem on validating email and password, whether it belongs to a registered member or not. I'm using NetBeans, and created a database with table members
. I have set up the connection pool and filled my members table.
我在验证电子邮件和密码时遇到问题,无论它是否属于注册会员。我正在使用NetBeans,并使用表成员创建了一个数据库。我已经设置了连接池并填充了我的成员表。
After having implemented the code, solved errors and watched few videos about NetBeans tutorial, I still can't figure out where I am missing it. I'am Stuck there since 4 days and kinda lost now. Hope you guys could help me with it, thanks in advance.
在实现代码,解决错误并观看了一些关于NetBeans教程的视频之后,我仍然无法弄清楚我在哪里错过它。我坚持了4天,现在有点丢失了。希望你们能帮助我,谢谢你们。
This is my members table data:
这是我的会员表数据:
# | id | email | password | name
------------------------------------------------
1 | 1 | what@what.com | what | Number 1
2 | 2 | fireup@fire.com | fire | Number 2
This is the code for my LoginServlet:
这是我的LoginServlet的代码:
@WebServlet("/login")
public class LoginServlet extends HttpServlet{
@Resource(name = "jdbc/jed")
private DataSource dsMembers;
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String strName = request.getParameter("memberName");
String strPassword = request.getParameter("memberPassword");
String strEmail = request.getParameter("memberEmail");
Connection conn = null;
Statement stmt = null;
ResultSet rs = null;
try {
conn = dsMembers.getConnection();
String sql = "SELECT * FROM members";
stmt = conn.createStatement();
rs = stmt.executeQuery(sql);
while (rs.next()){
if((isValidEmail(strEmail))&& (strEmail.equals(rs.getString("email")))&& (strPassword.equals(rs.getString("password")))&&(strName.equals(rs.getString("name")))){
System.out.println("Success");
HttpSession session = request.getSession();
session.setAttribute("name", strName);
session.setAttribute("email", strEmail);
response.sendRedirect(this.getServletContext().getContextPath() + "/account.jsp");
}
else {
request.getSession().invalidate();
response.sendRedirect(this.getServletContext().getContextPath());
}
}
} catch (SQLException ex) {
System.out.println("SQLException: " + ex.getMessage());
}
}
private boolean isValidEmail(String strEmail){
if(strEmail.matches("^[_A-Za-z0-9-\\+]+(\\.[_A-Za-z0-9-]+)*@" + "[A-Za-z0-9-]+(\\.[A-Za-z0-9-]+)*(\\.[A-Za-z]{2,})$"))
return true;
return false;
}
}
This is the GlassFish Server log I been getting:
这是我得到的GlassFish Server日志:
Info: WEB0671: Loading application [Project] at [/Project]
Info: Project was successfully deployed in 286 milliseconds.
Info: WEB0671: Loading application [Project] at [/Project]
Info: Project was successfully deployed in 247 milliseconds.
Info: Invalid User, Password or Email
Info: Invalid User, Password or Email
Warning: StandardWrapperValve[org.jedlibrary.lola.loan.ValidationServlet]: PWC1406: Servlet.service() for servlet org.jedlibrary.lola.loan.ValidationServlet threw exception java.lang.IllegalStateException at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:524)
at org.jedlibrary.lola.loan.ValidationServlet.doPost(ValidationServlet.java:46) at javax.servlet.http.HttpServlet.service(HttpServlet.java:688) at javax.servlet.http.HttpServlet.service(HttpServlet.java:770) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:655)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:231)
at com.sun.enterprise.v3.services.impl.ContainerMapper$AdapterCallable.call(ContainerMapper.java:317)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)
at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)
at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)
at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)
at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)
at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)
at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)
at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)
at com.sun.grizzly.ContextTask.run(ContextTask.java:71) at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)
at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)
at java.lang.Thread.run(Thread.java:745)信息:WEB0671:在[/ Project]加载应用程序[项目]信息:项目已在286毫秒内成功部署。信息:WEB0671:在[/ Project]加载应用程序[项目]信息:项目已在247毫秒内成功部署。信息:无效的用户,密码或电子邮件信息:无效的用户,密码或电子邮件警告:StandardWrapperValve [org.jedlibrary.lola.loan.ValidationServlet]:PWC1406:Servlet的Servlet.service()org.jedlibrary.lola.loan.ValidationServlet扔了org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:524)中的异常java.lang.IllegalStateException,位于org.jedlibrary.lola.loan.ValidationServlet.doPost(ValidationServlet.java:46),位于javax.servlet.http .httpServlet.service(HttpServlet.java:688),位于org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1550)的javax.servlet.http.HttpServlet.service(HttpServlet.java:770)。位于org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)的apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:281)位于org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline。 java:655)在org.apach的org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:595) e.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:331)org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter。 java:231)at com.sun.enterprise.v3.services.impl.ContainerMapper $ AdapterCallable.call(ContainerMapper.java:317)at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java: 195)at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)at com.sun.grizzly.http.ProcessorTask .process(ProcessorTask.java:1056)位于com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)的com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)位于com.sun。 grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)at com.sun.grizzly.http.H t.sp.grotocolChain.execute(HttpProtocolChain.java:79)at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)at com.sun.grizzly .ContextTask.run(ContextTask.java:71)at com.sun.grizzly.util.AbstractThreadPool $ Worker.doWork(AbstractThreadPool.java:532)at com.sun.grizzly.util.AbstractThreadPool $ Worker.run(AbstractThreadPool.java) :513)at java.lang.Thread.run(Thread.java:745)
1 个解决方案
#1
0
Of course it does not work, you are checking if the input is the email is email
, the password is password
and the name is name
.
当然它不起作用,你正在检查输入是否是电子邮件是电子邮件,密码是密码,名称是名称。
You should check against the ResultSet
items, not constants. So for example, instead of
您应该检查ResultSet项,而不是常量。例如,而不是
strEmail.equals("email")
you should write
你应该写
strEmail.equals(rs.getString("email"))
Edit:
You have missed something else: you do not check the whole ResultSet
. The first result does not match your provided data, so you invalidate the session at once. You should only invalidate it, when none of the items are matching.
您错过了其他内容:您不检查整个ResultSet。第一个结果与您提供的数据不匹配,因此您可以立即使会话无效。当没有任何项匹配时,您应该只使其无效。
This would solve your problem:
这可以解决您的问题:
while (rs.next()) {
if (isValidEmail(strEmail) && strEmail.equals(rs.getString("email")) && strPassword.equals(rs.getString("password")) && strName.equals(rs.getString("name"))) {
System.out.println("Success");
HttpSession session = request.getSession();
session.setAttribute("name", strName);
session.setAttribute("email", strEmail);
response.sendRedirect(this.getServletContext().getContextPath() + "/account.jsp");
return;
}
}
request.getSession().invalidate();
response.sendRedirect(this.getServletContext().getContextPath());
My final note: you should never implement login this way (even for a homework), selecting the full table, for just one record is simply a waste of resources.
我的最后一点:你永远不应该以这种方式实现登录(即使是作业),选择完整的表格,只需一条记录就是浪费资源。
You should use a PreparedStatement
with the statement like select * from members where name = ?
and check if there is a result and the password and e-mail are appropriate (I assumed here, that name is unique in the database).
你应该使用PreparedStatement和select * from members where = name这样的语句?并检查是否有结果,密码和电子邮件是否合适(我假设这个名称在数据库中是唯一的)。
#1
0
Of course it does not work, you are checking if the input is the email is email
, the password is password
and the name is name
.
当然它不起作用,你正在检查输入是否是电子邮件是电子邮件,密码是密码,名称是名称。
You should check against the ResultSet
items, not constants. So for example, instead of
您应该检查ResultSet项,而不是常量。例如,而不是
strEmail.equals("email")
you should write
你应该写
strEmail.equals(rs.getString("email"))
Edit:
You have missed something else: you do not check the whole ResultSet
. The first result does not match your provided data, so you invalidate the session at once. You should only invalidate it, when none of the items are matching.
您错过了其他内容:您不检查整个ResultSet。第一个结果与您提供的数据不匹配,因此您可以立即使会话无效。当没有任何项匹配时,您应该只使其无效。
This would solve your problem:
这可以解决您的问题:
while (rs.next()) {
if (isValidEmail(strEmail) && strEmail.equals(rs.getString("email")) && strPassword.equals(rs.getString("password")) && strName.equals(rs.getString("name"))) {
System.out.println("Success");
HttpSession session = request.getSession();
session.setAttribute("name", strName);
session.setAttribute("email", strEmail);
response.sendRedirect(this.getServletContext().getContextPath() + "/account.jsp");
return;
}
}
request.getSession().invalidate();
response.sendRedirect(this.getServletContext().getContextPath());
My final note: you should never implement login this way (even for a homework), selecting the full table, for just one record is simply a waste of resources.
我的最后一点:你永远不应该以这种方式实现登录(即使是作业),选择完整的表格,只需一条记录就是浪费资源。
You should use a PreparedStatement
with the statement like select * from members where name = ?
and check if there is a result and the password and e-mail are appropriate (I assumed here, that name is unique in the database).
你应该使用PreparedStatement和select * from members where = name这样的语句?并检查是否有结果,密码和电子邮件是否合适(我假设这个名称在数据库中是唯一的)。