一个处理用户登陆的servlet简单实例
本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下:
login.java代码如下:
package com.bai;
import javax.servlet.http.*;
import java.io.*;
public class login extends httpservlet{
public void doget(httpservletrequest req,httpservletresponse res){
try{req.setcharacterencoding("gb2312");
res.setcontenttype("text/html;charset=gb2312");
printwriter pw=res.getwriter();
pw.println("<html>");
pw.println("<body>");
pw.println("<h1>登陆界面</h1>");
pw.println("<form action=logincl method=post>");
pw.println("用户名:<input type=text name=username><br>");
pw.println("密码:<input type=password name=passwd><br>");
pw.println("<input type=submit value=login><br>");
pw.println("</form>");
pw.println("</body>");
pw.println("</html>");
}
catch(exception e){
e.printstacktrace();
}
}
public void dopost(httpservletrequest req,httpservletresponse res){
this.doget(req,res);
}
}
logincl.java代码如下:
package com.bai;
import javax.servlet.http.*;
import java.io.*;
import java.sql.*;
public class logincl extends httpservlet{
public void doget(httpservletrequest req,httpservletresponse res){
connection conn=null;
statement stmt=null;
resultset rs=null;
string sql = "select username,passwd from users where username = ? and passwd = ?";
try{//req.setcharacterencoding("gb2312");
string user=req.getparameter("username");
string password=req.getparameter("passwd");
class.forname("com.mysql.jdbc.driver");
conn=drivermanager.getconnection("jdbc:mysql://localhost:3306/sqdb","root","root");
// stmt=conn.createstatement();
preparedstatement pstmt = conn.preparestatement(sql);
pstmt.setstring(1, user);
pstmt.setstring(2, password);
rs = pstmt.executequery();
// rs=stmt.executequery("select top 1 * from users where username='"+user
// +"' and passwd='"+password+"'");
if(rs.next())
{
httpsession hs=req.getsession(true);
hs.setmaxinactiveinterval(60);
hs.setattribute("name",user);
res.sendredirect("welcome?&uname="+user+"&upass="+password);
}
else{
res.sendredirect("login"); //url
}
}
catch(exception e){
e.printstacktrace();
}finally{
try{
if(rs!=null){
rs.close();
}
if(stmt!=null){
stmt.close();
}
if(conn!=null){
conn.close();
}
}catch(exception e){
e.printstacktrace();
}
}
}
public void dopost(httpservletrequest req,httpservletresponse res){
this.doget(req,res);
}
}
其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较
sql=select passwd from users where username = ? limit 1
if(rs.next())
{
string passwd=rs.getstring(1);
if(passwd.equals(password))
//密码正确
else //密码错误
}
welcome.java代码如下:
package com.bai;
import javax.servlet.http.*;
import java.io.*;
public class welcome extends httpservlet{
public void doget(httpservletrequest req,httpservletresponse res){
httpsession hs=req.getsession();
string val=(string)hs.getattribute("pass");
if(val==null){
try{
system.out.print(1);
res.sendredirect("login");
}catch(exception e){
e.printstacktrace();
}
}
string u=req.getparameter("uname");
string p=req.getparameter("upass");
try{//req.setcharacterencoding("gb2312");
printwriter pw=res.getwriter();
pw.println("welcome! "+u+"&pass="+p);
}
catch(exception e){
e.printstacktrace();
}
}
public void dopost(httpservletrequest req,httpservletresponse res){
this.doget(req,res);
}
}
希望本文所述对大家的java程序设计有所帮助。
上一篇: mysql获得60天前unix时间的方法