一个处理用户登陆的servlet简单实例
本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下:
Login.java代码如下:
package com.bai;import javax.servlet.http.*;
import java.io.*;
public class Login extends HttpServlet{ public void doGet(HttpServletRequest req,HttpServletResponse res){ try{req.setCharacterEncoding("gb2312"); res.setContentType("text/html;charset=gb2312"); PrintWriter pw=res.getWriter(); pw.println("<html>"); pw.println("<body>"); pw.println("<h1>登陆界面</h1>"); pw.println("<form action=logincl method=post>"); pw.println("用户名:<input type=text name=username><br>"); pw.println("密码:<input type=password name=passwd><br>"); pw.println("<input type=submit value=login><br>"); pw.println("</form>"); pw.println("</body>"); pw.println("</html>"); } catch(Exception e){ e.printStackTrace(); } } public void doPost(HttpServletRequest req,HttpServletResponse res){ this.doGet(req,res); } }
LoginCl.java代码如下:
package com.bai;import javax.servlet.http.*;
import java.io.*; import java.sql.*;
public class LoginCl extends HttpServlet{ public void doGet(HttpServletRequest req,HttpServletResponse res){ Connection conn=null; Statement stmt=null; ResultSet rs=null; String sql = "select username,passwd from users where username = ? and passwd = ?"; try{//req.setCharacterEncoding("gb2312"); String user=req.getParameter("username"); String password=req.getParameter("passwd"); Class.forName("com.mysql.jdbc.Driver"); conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root"); // stmt=conn.createStatement(); PreparedStatement pstmt = conn.prepareStatement(sql); pstmt.setString(1, user); pstmt.setString(2, password); rs = pstmt.executeQuery(); // rs=stmt.executeQuery("select top 1 * from users where username='"+user // +"' and passwd='"+password+"'"); if(rs.next()) { HttpSession hs=req.getSession(true); hs.setMaxInactiveInterval(60); hs.setAttribute("name",user); res.sendRedirect("welcome?&uname="+user+"&upass="+password); } else{ res.sendRedirect("login"); //url } } catch(Exception e){ e.printStackTrace(); }finally{ try{ if(rs!=null){ rs.close(); } if(stmt!=null){ stmt.close(); } if(conn!=null){ conn.close(); } }catch(Exception e){ e.printStackTrace(); } } } public void doPost(HttpServletRequest req,HttpServletResponse res){ this.doGet(req,res); } }
其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较
sql=select passwd from users where username = ? limit 1if(rs.next()) { String passwd=rs.getString(1); if(passwd.equals(password)) //密码正确 else //密码错误 }
Welcome.java代码如下:
package com.bai;import javax.servlet.http.*;
import java.io.*;
public class Welcome extends HttpServlet{ public void doGet(HttpServletRequest req,HttpServletResponse res){ HttpSession hs=req.getSession(); String val=(String)hs.getAttribute("pass"); if(val==null){ try{ System.out.print(1); res.sendRedirect("login"); }catch(Exception e){ e.printStackTrace(); } } String u=req.getParameter("uname"); String p=req.getParameter("upass"); try{//req.setCharacterEncoding("gb2312"); PrintWriter pw=res.getWriter(); pw.println("welcome! "+u+"&pass="+p); } catch(Exception e){ e.printStackTrace(); } } public void doPost(HttpServletRequest req,HttpServletResponse res){ this.doGet(req,res); } }
希望本文所述对大家的Java程序设计有所帮助。
