一个处理用户登陆的servlet简单实例
本文实例讲述了一个处理用户登陆的servlet实现方法。分享给大家供大家参考。具体分析如下:
Login.java代码如下:
packagecom.bai;
importjavax.servlet.http.*;
importjava.io.*;
publicclassLoginextendsHttpServlet{
publicvoiddoGet(HttpServletRequestreq,HttpServletResponseres){
try{req.setCharacterEncoding("gb2312");
res.setContentType("text/html;charset=gb2312");
PrintWriterpw=res.getWriter();
pw.println("<html>");
pw.println("<body>");
pw.println("<h1>登陆界面</h1>");
pw.println("<formaction=loginclmethod=post>");
pw.println("用户名:<inputtype=textname=username><br>");
pw.println("密码:<inputtype=passwordname=passwd><br>");
pw.println("<inputtype=submitvalue=login><br>");
pw.println("</form>");
pw.println("</body>");
pw.println("</html>");
}
catch(Exceptione){
e.printStackTrace();
}
}
publicvoiddoPost(HttpServletRequestreq,HttpServletResponseres){
this.doGet(req,res);
}
}
LoginCl.java代码如下:
packagecom.bai;
importjavax.servlet.http.*;
importjava.io.*;
importjava.sql.*;
publicclassLoginClextendsHttpServlet{
publicvoiddoGet(HttpServletRequestreq,HttpServletResponseres){
Connectionconn=null;
Statementstmt=null;
ResultSetrs=null;
Stringsql="selectusername,passwdfromuserswhereusername=?andpasswd=?";
try{//req.setCharacterEncoding("gb2312");
Stringuser=req.getParameter("username");
Stringpassword=req.getParameter("passwd");
Class.forName("com.mysql.jdbc.Driver");
conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root");
// stmt=conn.createStatement();
PreparedStatementpstmt=conn.prepareStatement(sql);
pstmt.setString(1,user);
pstmt.setString(2,password);
rs=pstmt.executeQuery();
// rs=stmt.executeQuery("selecttop1*fromuserswhereusername=""+user
// +""andpasswd=""+password+""");
if(rs.next())
{
HttpSessionhs=req.getSession(true);
hs.setMaxInactiveInterval(60);
hs.setAttribute("name",user);
res.sendRedirect("welcome?&uname="+user+"&upass="+password);
}
else{
res.sendRedirect("login");//url
}
}
catch(Exceptione){
e.printStackTrace();
}finally{
try{
if(rs!=null){
rs.close();
}
if(stmt!=null){
stmt.close();
}
if(conn!=null){
conn.close();
}
}catch(Exceptione){
e.printStackTrace();
}
}
}
publicvoiddoPost(HttpServletRequestreq,HttpServletResponseres){
this.doGet(req,res);
}
}
其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较
if(rs.next()) Welcome.java代码如下: importjavax.servlet.http.*; importjava.io.*; publicclassWelcomeextendsHttpServlet{ 希望本文所述对大家的Java程序设计有所帮助。
sql=selectpasswdfromuserswhereusername=? limit1
{
Stringpasswd=rs.getString(1);
if(passwd.equals(password))
//密码正确
else//密码错误
}
packagecom.bai;
publicvoiddoGet(HttpServletRequestreq,HttpServletResponseres){
HttpSessionhs=req.getSession();
Stringval=(String)hs.getAttribute("pass");
if(val==null){
try{
System.out.print(1);
res.sendRedirect("login");
}catch(Exceptione){
e.printStackTrace();
}
}
Stringu=req.getParameter("uname");
Stringp=req.getParameter("upass");
try{//req.setCharacterEncoding("gb2312");
PrintWriterpw=res.getWriter();
pw.println("welcome!"+u+"&pass="+p);
}
catch(Exceptione){
e.printStackTrace();
}
}
publicvoiddoPost(HttpServletRequestreq,HttpServletResponseres){
this.doGet(req,res);
}
}
相关文章