欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

一个处理用户登陆的servlet简单实例

程序员文章站 2024-03-01 10:46:04
本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下: login.java代码如下: 复制代码 代码如下: package c...

本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下:

login.java代码如下:

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class login extends httpservlet{
    public void doget(httpservletrequest req,httpservletresponse res){
        try{req.setcharacterencoding("gb2312");
        res.setcontenttype("text/html;charset=gb2312");
            printwriter pw=res.getwriter();
            pw.println("<html>");
            pw.println("<body>");
            pw.println("<h1>登陆界面</h1>");
            pw.println("<form action=logincl method=post>");
            pw.println("用户名:<input type=text name=username><br>");
            pw.println("密码:<input type=password name=passwd><br>");
            pw.println("<input type=submit value=login><br>");
            pw.println("</form>");
            pw.println("</body>");
            pw.println("</html>");
        }
        catch(exception e){
            e.printstacktrace();
        }
    }
   
    public void dopost(httpservletrequest req,httpservletresponse res){
        this.doget(req,res);
    }
}

logincl.java代码如下:

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;
import java.sql.*;

public class logincl extends httpservlet{
    public void doget(httpservletrequest req,httpservletresponse res){
       
        connection conn=null;
        statement stmt=null;
        resultset rs=null;
        string sql = "select username,passwd from users where username = ? and passwd = ?";
        try{//req.setcharacterencoding("gb2312");
            string user=req.getparameter("username");
            string password=req.getparameter("passwd");
           
            class.forname("com.mysql.jdbc.driver");
            conn=drivermanager.getconnection("jdbc:mysql://localhost:3306/sqdb","root","root");
//            stmt=conn.createstatement();
            preparedstatement pstmt = conn.preparestatement(sql);
            pstmt.setstring(1, user);
            pstmt.setstring(2, password);
            rs = pstmt.executequery();
//            rs=stmt.executequery("select top 1 * from users where username='"+user
//                +"' and passwd='"+password+"'");
            if(rs.next())
            {
                httpsession hs=req.getsession(true);
                hs.setmaxinactiveinterval(60);
                hs.setattribute("name",user);
                res.sendredirect("welcome?&uname="+user+"&upass="+password);
            }
            else{
                res.sendredirect("login"); //url
            }
           
        }
        catch(exception e){
            e.printstacktrace();
        }finally{
            try{
                if(rs!=null){
                rs.close();
                }
                if(stmt!=null){
                    stmt.close();
                }
                if(conn!=null){
                    conn.close();
                }   
            }catch(exception e){
                e.printstacktrace();
            }       
        }
    }
   
    public void dopost(httpservletrequest req,httpservletresponse res){
        this.doget(req,res);
    }
}

其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较

复制代码 代码如下:

sql=select passwd from users where username = ?  limit 1

if(rs.next())
{
    string passwd=rs.getstring(1);
    if(passwd.equals(password))
            //密码正确
    else //密码错误
}

welcome.java代码如下:

复制代码 代码如下:

package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class welcome extends httpservlet{
    public void doget(httpservletrequest req,httpservletresponse res){
       
        httpsession hs=req.getsession();
        string val=(string)hs.getattribute("pass");
       
        if(val==null){
            try{
                system.out.print(1);
                res.sendredirect("login");
            }catch(exception e){
                e.printstacktrace();
            }
           
        }       
           
        string u=req.getparameter("uname");
        string p=req.getparameter("upass");
       
        try{//req.setcharacterencoding("gb2312");
            printwriter pw=res.getwriter();
            pw.println("welcome! "+u+"&pass="+p);
        }
        catch(exception e){
            e.printstacktrace();
        }
    }
   
    public void dopost(httpservletrequest req,httpservletresponse res){
        this.doget(req,res);
    }
}

希望本文所述对大家的java程序设计有所帮助。