What I'm trying to do is:
Accept username(uname) and password(passw) as an input from the user.
Using ResultSet, retrieve the only tuple, to which username in the database and username given by user suits. This tuple will contain username and password.
If the password given by user also suits the password in the database, the display the message that both creadentials are correct else one of them is wrong.
Everything works fine except in one case. When the username itself is wrong, the mysql will not find the attribute at all and will give this error: java.sql.SQLException: Illegal operation on empty result set.
The code is:
ok.addActionListener(new ActionListener()
{
public void actionPerformed(ActionEvent ae)
{
String uname=jf1.getText();
String passw=jf2.getText();
String n;
String m;
try
{
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection conn = DriverManager.getConnection("jdbc:mysql://localhost/authentication?" + "user=root&password=letmein");
PreparedStatement stmt=conn.prepareStatement("Select * from admin where id = ?");
stmt.setString(1,uname);
ResultSet rs=stmt.executeQuery();
rs.next();
n=rs.getString("id");
m=rs.getString("pass");
conn.close();
if(n.equalsIgnoreCase(uname) && m.equalsIgnoreCase(passw))
{
JOptionPane.showMessageDialog(null,"Username and password is correct");
}
else
{
JOptionPane.showMessageDialog(null,"Username or password is not correct");
}
}
catch(Exception ex)
{
System.out.println(ex);
}
}//end of actionperformed
});//end of actionlistener
Is there any way I can do both operations at a time (before closing the connection with database)?. If not, what's the alternative method?
You are supposed to use the result of rs.next() :
if (rs.next()) {
n=rs.getString("id");
m=rs.getString("pass");
}
If rs.next() returns false, this means the query returned no rows.
#Eran mentioned the error by which a wrong id would yield an empty result set on which fields were gotten.
I still have small remarks:
Try-with-resources take care of closing even in case of an exception or returning.
For a local database you can send the password to SQL.
Best to store passwords encrypted, when ever your database should get stolen.
Thus:
boolean loggedIn = false;
try (PreparedStatement stmt =
conn.prepareStatement("SELECT 1 FROM admin WHERE id = ? AND pass = PASSWORD(?)")) {
stmt.setString(1, uname);
stmt.setString(2, passw);
try (ResultSet rs = stmt.executeQuery()) {
loggedIn = rs.next();
} // Closes rs.
} // Closes stmt.
Related
I've got users trying to register to a site. before they can register their username of choice is searched for in an SQL database to make sure it doesn't already exist.
the problem is the names are never searched because the ResultSet always returns empty. I think it's the prepared statement.
I think my prepared statement isn't executing. I'm using executeQuery() to execute my statement because that's how I've been inserting the usernames without any problem. I got the search ResultsSet part if (rs.next())... from the method that inserts the usernames. Same with the String SQL and the prepared statement stuff.
String SQL = "SELECT * FROM users WHERE username='" + getUsername() + "'";
System.out.println(SQL);
// prints out SELECT * FROM users WHERE username='whatever I searched'
// so this String is valid
if (db.getConn() != null){
System.out.println("connected to database");
// always prints
}
PreparedStatement preparedStatement = db.getConn().prepareStatement(SQL);
// preparedStatement.setString(1, getUsername());
ResultSet rs = preparedStatement.executeQuery();
// userNameCounter = rs.getString("username");
// putting this here returns an sqlexception. empty set
if (preparedStatement != null){
System.out.println("ps != null");
// prints this
}
if (rs != null){
System.out.println("rs != null");
// prints this
}
if (!rs.next()){
System.out.println("!rs.next");
// prints this
}
if (rs.next()) {
userNameCounter = rs.getString("username");
System.out.println("rs.next()");
// doesn't print
// so the resultset is empty
if (!userNameCounter.equals(getUsername())) {
System.out.println("that username is unique");
return true;
}
}
preparedStatement.close();
incorrectLabels.setText("That username is already taken");
incorrectLabels.setVisible(true);
System.out.println("that username is already there");
// this always prints. it shouldn't
return false;
So executeUpdate() requires an int but I'm not sure what I would put there. And doing just execute() throws an error Requires ResultSet found boolean. I don't think there are any syntax errors since the table is called users. Everything I try just leads me back to an error resulting from an empty set. let me know if you need more code but this is where the error is happening.
Thanks!
You are issuing a query to the database when using the SELECT statement therefore you use the executeQuery() method.
What looks confusing is the userNameCounter variable you're using. Where is it declared and what is it declared as? It looks like it may be a Integer variable which would bring me to ask....what do you think the rs.getString("username") method returns?
As a matter of fact...what's with all the rs.next() conditions for all those if statements?
The whole thing is rather confusing. If you want to see if a User Name already exists within a database table then you might do it something like this:
if (db.getConn() == null){
throw new RuntimeException("Method Error! You Are NOT Connected To Database!");
}
String suppliedUserName = getUsername();
String dbUserName = "";
String SQL = "SELECT username FROM users WHERE username=?";
PreparedStatement preparedStatement = db.getConn().prepareStatement(SQL);
preparedStatement.setString(1, suppliedUserName);
ResultSet rs = preparedStatement.executeQuery();
while (rs.next()) {
dbUserName = rs.getString("username");
}
rs.close()
preparedStatement.close()
/* Below we use the equalsIgnoreCase() method. You
don't want a supplied User Name to be that close
or that similar to another User Name already in
Database. If you do then just use equals() method. */
if (dbUserName.equalsIgnoreCase(suppliedUserName)) {
System.out.println("The User name (" + suppliedUserName +
") is already in use. Try another User Name.");
return false;
}
else {
System.out.println("The User name (" + suppliedUserName + ") is Unique.");
return true;
}
Of course this code isn't tested and I assume you have your try/catch in place to handle any SQLException. I merely provide this code to give you an idea of how it can be accomplished.
I created a login frame where the user has to enter a username or password. The user credentials are stored in an encrypted format (AES) on a MySQL database. For test purposes when the access button is pressed the frame takes the data entered in the txtUsername and txtPassword, encrypts them and sets the encrypted credentials in the txtEncUName and txtEncPword. The application will then compare the encrypted credentials with the encrypted data in the txtEncUName and txtEncPword textfields.
If the credentials are correct the user is granted access and directed to the respective page depending on if they have admin access or not. If their account has been locked, then they will be notified by a jLabel and access will not be granted. When I tested this earlier, it worked perfectly fine but now here's my problem:
When I try login, the application immediately says that the account is inaccessible. I have checked the credentials and they are correct. No errors come up and the stack trace doesn't come up either.
What can I do to get this to check the credentials properly?
Here is the method used for the access button:
public void loginMethod()
{
String user = txtUsername.getText();
String pwd = new String(txtPassword.getPassword());
try
{
String enc1 = LoginFrame.encrypt(user);
String enc2 = LoginFrame.encrypt(pwd);
encUname.setText(enc1);
encPword.setText(enc2);
String aes1 = encUname.getText();
String aes2 = encPword.getText();
String getAccess = "select * from login_db";
Class.forName("com.mysql.jdbc.Driver");
Connection conn = (Connection)
DriverManager.getConnection("jdbc:mysql://localhost:3306/user_db","root","password");
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(getAccess);
if(rs.next())
{
String username = rs.getString("emp_num");
String password = rs.getString("pword");
String access = rs.getString("adminAccess");
String locked = rs.getString("accLocked");
if((aes1.equals(username)) && (aes2.equals(password)) && (access.equals("Yes"))&& ("No".equals(locked)))
{
AdminPage ap = new AdminPage();
ap.setVisible(true);
this.dispose();
}
else if ((aes1.equals(username)) && (aes2.equals(password)) && (access.equals("No"))&& ("No".equals(locked)))
{
EmployeeMainPage emp = new EmployeeMainPage();
emp.setVisible(true);
this.dispose();
}
else if((aes1.equals(username)) && (aes2.equals(password)) && (access.equals("Yes"))&& ("Yes".equals(locked)))
{
lblWrongLogin.setVisible(true);
lblWrongLogin.setText("Account inaccesible, please contact admin for support.");
}
else if((locked.equals("Yes")))
{
lblWrongLogin.setVisible(true);
lblWrongLogin.setText("Account inaccessible, please contact admin for support.");
}
}
}
catch (Exception e)
{
JOptionPane.showMessageDialog(this, e);
}
}
}
String getAccess = "select * from login_db";
The query above selects all rows from the database, but the code...
if(rs.next())
...only checks if the first row matches - there will be issues if there is more than a single row. Consider changing the query to look for matches to username and password
PreparedStatement ps = conn.prepareStatement( "select * from login_db where emp_num=? AND pword=?");
ps.setString(1, aes1);
ps.setString(2, aes2);
ResultSet rs = ps.executeQuery();
if ( rs.next() ){
//logic here
}
I'm trying to make login code in java but there's some problem in my code.
If I enter correct data or wrong one still can't enter the loop to
go to next frame.
This is full code it's already have exception so it's not the problem .
Connection conn = null ;
try
{
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/DB?"+
"user=name&password=pass&characterEncoding=utf8");
String query = ("Select User_Name from user where User_Name = '" + txtUserName + "'
and password = '" + passwordField.getPassword().toString() + "' ; ");
PreparedStatement stmt = conn.prepareStatement(query);
ResultSet rs = stmt.executeQuery();
while (rs.wasNull()) {
System.out.println("true");
frame2.setVisible(true);
frame.setVisible(false);
break;
}
}
catch (SQLException ee)
{
JOptionPane.showMessageDialog(frame2, "Wrong inf ... please try again ");
}
I try this too but still not working.
Connection conn = null ;
try
{
conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/DB?"+
"user=name&password=pass&characterEncoding=utf8");
PreparedStatement stmt = null;
String query = "Select User_Name from user where User_Name =? and password=?";
stmt = conn.prepareStatement(query);
stmt.setString(1, txtUserName.getText());
stmt.setString(2, passwordField.getPassword().toString());
ResultSet rs = stmt.executeQuery();
while (rs.next()) {
System.out.println("true");
frame2.setVisible(true);
frame.setVisible(false);
break;
}
}
catch (SQLException ee)
{
JOptionPane.showMessageDialog(frame2, "Wrong inf ... please try again ");
}
I'm not really a Java programmer but a quick glance at your code and the descriptions of ResultSet::wasNull() ResultSet::next() show me you're misusing or misunderstanding how those work.
wasNull() tells you if the current column contains a null. An empty set is not null!
next() moves the cursor forward one row and returns true if the new current row is valid. False otherwise. In other words, if you have zero or one valid row, next() will immediately return false.
So, let's put things together.
Case 1: Using wasNull():
Enter valid data. ResultSet contains a non-null result. wasNull() returns false, don't enter while loop.
Enter invalid data. ResultSet contains an empty set result. wasNull() returns false, don't enter while loop.
Case 2: Using next():
Enter valid data. ResultSet contains a single non-null result. next() moves to next row [which is invalid] and returns false, don't enter while loop.
Enter invalid data. ResultSet contains a single empty set result. next() moves to next row [which is invalid] and returns false, don't enter while loop.
Might I suggest spending some time reading the ResultSet API documentation: https://docs.oracle.com/javase/7/docs/api/java/sql/ResultSet.html
public int addUsers(int USER_ID,String FIRST_NAME,String LAST_NAME,String PASSWORD,String USERNAME,String USER_PERMISSION) throws SQLException {
Connection conn = null;
conn = getConnectivity(conn) ;
getConnectivity(conn);
String sqlSelect = "SELECT * from USER_DETAILS";
PreparedStatement pres = conn.prepareStatement(sqlSelect);
ResultSet rs1 = pres.executeQuery();
if(rs1.next()){
String Username = rs1.getString(5);
System.out.println("username found "+Username);
System.out.println("username input " + USERNAME);
System.out.println("password input " + PASSWORD);
if (Username.equals(USERNAME)){
System.out.println("Username already exists");
conn.close();
}
else{
System.out.println("FOUND ELSE");
String sql = "INSERT INTO USER_DETAILS VALUES (?,?,?,?,?,?)";
PreparedStatement ps = conn.prepareStatement(sql);
ps.setInt(1, USER_ID);
ps.setString(2, FIRST_NAME);
ps.setString(3,LAST_NAME);
ps.setString(4,PASSWORD);
ps.setString(5,USERNAME);
ps.setString(6,USER_PERMISSION);
int result = ps.executeUpdate();
System.out.println(result);
}
}
conn.close();
return USER_ID;
}
and for login I am using
public boolean login(String USERNAME, String PASSWORD) throws SQLException
{
boolean result = false;
Connection conn = null;
conn = getConnectivity(conn) ;
String sqlSelect = "SELECT * from USER_DETAILS";
PreparedStatement pres = conn.prepareStatement(sqlSelect);
ResultSet rs1 = pres.executeQuery();
if(rs1.next()){
String Username = rs1.getString(5);
String Password = rs1.getString(4);
String UserPermission = rs1.getString(6);
System.out.println("username found "+Username);
System.out.println("username input " + USERNAME);
System.out.println("password input " + PASSWORD);
if (Username.equalsIgnoreCase(USERNAME) && Password.equalsIgnoreCase(PASSWORD) && UserPermission.equalsIgnoreCase("blocked")){
System.out.println("User Logged in");
conn.close();
}
System.out.println("gets out of the code");
}
conn.close();
return result;
}
first of all it is allowing to enter more than one entry, so duplicates occurring regardless of my if statement, and when i add fresh new data and try to see I can log in, it still compares with previously added data and does not work. Can someone see what am i doing wrong here. please thanks
below is the system print out i get ,
Connection Valid
username found kamran (don't know why he is still picking up this column)
username input macbook (these i have already in my database)
password input hello (these i have already in my database)
gets out of the code
Connection Valid
Connection Valid
username found kamran (don't know why he is still picking up this column)
username input macho (these i have already in my database)
password input hello (these i have already in my database)
FOUND ELSE (dont know why it adds data when they already exist in database)
1
Your code doesn't make sense: you are querying for all users and only checking the first returned user if it matches. Of course that is going to fail if the first returned user doesn't match: in addUsers you will try to add the user if the first user returned doesn't match, in login a user can only login if it is the first user.
You need to use a WHERE clause to only request the user you want to check:
// Note: this assumes a case insensitive collation
String sqlSelect = "SELECT * from USER_DETAILS WHERE username = ?";
try (PreparedStatement pres = conn.prepareStatement(sqlSelect)) {
pres.setString(1, USERNAME);
try (ResultSet rs1 = pres.executeQuery()) {
if (!rs1.next) {
// user doesn't exist yet, create...
}
}
}
You need to do something similar for login (but then with if (rs1.next()) instead).
There are more problems with your current code: you are storing plaintext passwords: you should really hash them with a strong password hash like PBKDF2. Also please follow the java naming conventions. Variables and parameters are camelcase so not USERNAME but username (or userName), not UserPermission, but userPermission. This improves the readability for people who are used to the java naming conventions.
I am trying to capture & store user details(name, password etc) & store them in sql database so as to be used by users to login in future.
How do I save the details as a row in the database, yet they are entered as individual strings?
Also, how do I capture &store details like gender(Male,Female) selected from a Combobox? Thanks.
private class achandler implements ActionListener {
#Override
public void actionPerformed(ActionEvent ae) {
//capture user details
String fnamevalue = fnametext.getText();
String lnamevalue = lnametext.getText();
String usernamevalue = usernametext.getText();
char[] pwdvalue = pwdtext.getPassword();
char[] pwdrptvalue = pwdrpttext.getPassword();
if(pwdvalue == pwdrptvalue) {
//add user details to an array
String[] userdetail = {fnamevalue, lnamevalue, usernamevalue, pwdvalue.toString()};
try {
Class.forName("com.mysql.jdbc.Driver");
String Url = "jdbc:mysql://localhost/nsibirwa?" +
"user=root&password=1234";
Connection con = DriverManager.getConnection(Url);
Statement stmt = con.createStatement();
//I am stuck here!!!! i.e. adding 'userdetail' as a tuple in the database
}
catch (SQLException e) {
System.out.println("SQL Exception: "+ e.toString());
}
catch (ClassNotFoundException cE) {
System.out.println("Class Not Found Exception: "+ cE.toString());
}
}
else {
JOptionPane.showMessageDialog(null, "password not matching!",
"Password error", JOptionPane.ERROR_MESSAGE);
}
}
}
adding 'userdetail' as a tuple in the database
Something like:
Connection con = DriverManager.getConnection(Url);
PreparedStatement stmt = con.prepareStatement("insert into user_details (fname, lname, username, pwd) values (?,?,?,?));
stmt.setString(1, fnamevalue);
stmt.setString(2, lnamevalue);
stmt.setString(3, username);
stmt.setString(4, new String (pwdvalue));
stmt.executeUpdate();
Your code has another problem:
if (pwdvalue == pwdrptvalue)
you can not compare objects like that. You need to convert those char[] to Strings and use equals() to compare them. Search for "java string equals" to find out why. This is very basic Java knowledge (and is covered in each and every tutorial I have seen)
This assumes you have a table named user_details with the columns fname, lname, username and pwd. If your table definition is different you need to adjust the insert statement.
Also, how do I capture &store details like gender(Male,Female) selected from a Combobox?
I would suggest you open a second question for that. You should not mix completely different topics (JDBC/SQL vs. plain Swing) in a single question.