一个处理用户登陆的servlet简单实例

网友投稿 252 2023-08-05


一个处理用户登陆的servlet简单实例

本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下:

Login.java代码如下:

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class Login extends HttpServlet{

    public void doGet(HttpServletRequest req,HttpServletResponse res){

        try{req.setCharacterEncoding("gb2312");

        res.setContentType("text/html;charset=gb2312");

            PrintWriter pw=res.getWriter();

            pw.println("");

            pw.println("

            pw.println("

            pw.println("

            pw.println("用户名:
");

            pw.println("密码:
");

            pw.println("
");

            pw.println("

            pw.println("");

            pw.println("");

        }

        catch(Exception e){

            e.printStackTrace();

        }

    }

   

    public void doPost(HttpServletRequest req,HttpServletRehttp://sponse res){

        this.doGet(req,res);

    }

}

LoginCl.java代码如下:

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

import java.sql.*;

public class LoginCl extends HttpServlet{

    public void doGet(HttpServletRequest req,HttpServletResponse res){

       

        Connection conn=null;

        Statement stmt=null;

        ResultSet rs=null;

     &nbspEWwPotFJ;  String sql = "select username,passwd from users where username = ? and passwd = ?";

        try{//req.setCharacterEncoding("gb2312");

            String user=req.getParameter("username");

            String password=req.getParameter("passwd");

           

            Class.forName("com.mysql.jdbc.Driver");

            conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root");

//            stmt=conn.createStatement();

            PreparedStatement pstmt = conn.prepareStatement(sql);

            pstmt.setString(1, user);

            pstmt.setString(2, password);

            rs = pstmt.executeQuery();

//            rs=stmt.executeQuery("select top 1 * from users where username='"+user

//                +"' and passwd='"+password+"'");

            if(rs.next())

            {

                HttpSession hs=req.getSession(true);

                hs.setMaxInactiveInterval(60);

                hs.setAttribute("name",user);

                res.sendRedirect("welcome?&uname="+user+"&upass="+password);

            }

            else{

                res.sendRedirect("login"); //url

            }

           

        }

        catch(Exception e){

            e.printStackTrace();

        }finally{

            try{

                if(rs!=null){

                rs.close();

                }

                if(stmt!=null){

                    stmt.close();

                }

                if(conn!=null){

                    conn.close();

                }   

            }catch(Exception e){

                e.printStackTrace();

            }       

        }

    }

 &nbhttp://sp; 

    public void doPost(HttpServletRequest req,HttpServletResponse res){

        this.doGet(req,res);

    }

}

其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较

复制代码 代码如下:

sql=select passwd from users where username = ?  limit 1

if(rs.next())

{

    String passwd=rs.getString(1);

    if(passwd.equals(password))

            //密码正确

    else //密码错误

}

Welcome.java代码如下:

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class Welcome extends HttpServlet{

    public void doGet(HttpServletRequest req,HttpServletResponse res){

       

        HttpSession hs=req.getSession();

        String val=(String)hs.getAttribute("pass");

       

        if(val==null){

            try{

                System.out.print(1);

                res.sendRedirect("login");

            }catch(Exception e){

                e.printStackTrace();

            }

           

        }       

           

        String u=req.getParameter("uname");

        String p=req.getParameter("upass");

       

        try{//req.setCharacterEncoding("gb2312");

            PrintWriter pw=res.getWriter();

          &nbEWwPotFJsp; pw.println("welcome! "+u+"&pass="+p);

        }

        catch(Exception e){

            e.printStackTrace();

        }

    }

   

    public void doPost(HttpServletRequest req,HttpServletResponse res){

        this.doGet(req,res);

    }

}

希望本文所述对大家的Java程序设计有所帮助。


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:基于豆瓣API+Angular开发的web App
下一篇:修复bash漏洞的shell脚本分享
相关文章

 发表评论

暂时没有评论,来抢沙发吧~