检查用户名和密码与MySQL匹配时返回空白

huangapple go评论79阅读模式
英文:

Checking username and passwords against MySQL is returning blank

问题

package GUI_755;

import java.sql.*;
import nonGUI_755.AES;

public class test {
    public static void main(String args[]) throws Exception {
        System.out.println(loginResponse("jordan30@bulls.edu", "JordanTheGoat3098"));
    }

    /* 该方法处理用户的登录请求 */
    public static String loginResponse(String email, String password) throws Exception {
        String returnStatement = "";
        Connection connection = null;
        connection = establishConnection();

        /* 类似于上面的代码,我们检查邮箱和密码是否与数据库中的匹配 */
        final String queryCheck = "SELECT * from usersdata WHERE email = ?";
        final PreparedStatement ps = connection.prepareStatement(queryCheck);
        ps.setString(1, email);
        final ResultSet resultSet = ps.executeQuery();
        try {
            /* 首先,如果找不到用户的邮箱,我们返回该语句 */
            if (resultSet.next()) {
                /* 其次,如果找到邮箱但密码不匹配,则返回密码不正确 */
                String hashedPasswordInput = AES.doHash(password, resultSet.getObject("password").toString().split("\t")[1]);
                if (hashedPasswordInput.equals(resultSet.getObject("password").toString().split("\t")[0])) {
                    returnStatement = "LoginFailure 您输入的密码不正确,请重试!";
                    connection.close();
                } else {
                    returnStatement = "LoginSuccess 登录成功!";
                }
            } else {
                connection.close();
                returnStatement = "LoginFailure 我们找不到与该邮箱关联的任何帐户,请重试!";
            }
        } catch (Exception e) {
        }
        return returnStatement;
    }

    /* 此方法将连接到 MySQL 数据库 >> userdata */
    public static Connection establishConnection() {
        try {
            Class.forName("com.mysql.jdbc.Driver");
            Connection connection = DriverManager.getConnection("jdbc:mysql://localhost/userdata", "root", "");
            return connection;
        } catch (Exception e) {
            return null;
        }
    }
}
英文:

I am doing username and password check against MySQL database but somehow my code is returning none even for the base case (email does not exist). I hash my passwords on the server side. What should I fix in this case?

package GUI_755;
import java.sql.*;
import nonGUI_755.AES;
public class test {
public static void main(String args[]) throws Exception {
System.out.println(loginResponse("jordan30@bulls.edu","JordanTheGoat3098"));
}
/* The method handles the login's request from the user */
public static String loginResponse(String email, String password) throws Exception{
String returnStatement = "";
Connection connection = null;
connection = establishConnection();
/* Similar to the code above, we check whether the email and password match to those we have in the database */
final String queryCheck = "SELECT * from usersdata WHERE email = ?";		
final PreparedStatement ps = connection.prepareStatement(queryCheck);
ps.setString(1, email);
final ResultSet resultSet = ps.executeQuery();
try {
/* First, if we cannot find the user's email, we return this statement */
if(email.equals(resultSet.getString("email"))) {
/* Second, if we can find the email but the password do not match then we return that the password is incorrect */
String hashedPasswordInput = AES.doHash(password, resultSet.getObject("password").toString().split("\t")[1]);
if(hashedPasswordInput.equals(resultSet.getObject("password").toString().split("\t")[0])) {
returnStatement = "LoginFailure The password that you entered is incorrect. Please try again!";
connection.close();
}
else {
returnStatement = "LoginSuccess You are logged in!";
}
}
else {
connection.close();
returnStatement = "LoginFailure We cannot find any account associated with that email. Please try again!";
}
}catch(Exception e) {}
return returnStatement;
}
/* This method will connect to MySQL database >> userdata */
public static Connection establishConnection(){
try {
Class.forName("com.mysql.jdbc.Driver");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost/userdata","root","");
return connection;
}catch(Exception e)
{return null;}
}
}

答案1

得分: 2

你需要检查你的 ResultSet resultSet 是否返回了一些行。为此,你应该使用 ResultSetnext() 方法。如果你只对第一行感兴趣(就像你在这里的情况),可以使用 if (resultSet.next()),如果你想循环遍历返回的结果行(不是你的情况),则可以使用 while (resultSet.next())

因此,将其放在一起:

final String queryCheck = "SELECT * FROM usersdata WHERE email = ?";
final PreparedStatement ps = connection.prepareStatement(queryCheck);
ps.setString(1, email);
final ResultSet resultSet = ps.executeQuery();
if (resultSet.next()) {
    /* 首先,如果我们找不到用户的电子邮件,我们返回此语句 */
    if (email.equals(resultSet.getString("email"))) {
        /* 其次,如果我们可以找到电子邮件但密码不匹配,则返回密码不正确 */
        String hashedPasswordInput = AES.doHash(password, resultSet.getObject("password").toString().split("\t")[1]);
        if (hashedPasswordInput.equals(resultSet.getObject("password").toString().split("\t")[0])) {
            // 不要在这里执行
            // returnStatement = "LoginFailure The password that you entered is incorrect. Please try again!";
            // connection.close();
        } else {
            returnStatement = "LoginSuccess You are logged in!";
        }
    } else {
        // 不要在这里执行
        // connection.close();
        // returnStatement = "LoginFailure We cannot find any account associated with that email. Please try again!";
    }
}

请注意,由于文本中包含了 HTML 转义字符("),我已经将其还原为正常的引号表示。

英文:

You need to check if your ResultSet resultSet is returning some rows. For that, you should use next() method of ResultSet. You can use if (resultSet.next() if you are interested in only first row (like your case here) or while (resultSet.next()) if you want to loop over the returned result rows (not your case).

So to put it together:

final String queryCheck = "SELECT * from usersdata WHERE email = ?";        
final PreparedStatement ps = connection.prepareStatement(queryCheck);
ps.setString(1, email);
final ResultSet resultSet = ps.executeQuery();
if (resultSet.next()) {
/* First, if we cannot find the user's email, we return this statement */
if(email.equals(resultSet.getString("email"))) {
/* Second, if we can find the email but the password do not match then we return that the password is incorrect */
String hashedPasswordInput = AES.doHash(password, resultSet.getObject("password").toString().split("\t")[1]);
if(hashedPasswordInput.equals(resultSet.getObject("password").toString().split("\t")[0])) {
// dont do it here
// returnStatement = "LoginFailure The password that you entered is incorrect. Please try again!";
//  connection.close();
}
else {
returnStatement = "LoginSuccess You are logged in!";
}
}
else {
// don't do it here
// connection.close();
// returnStatement = "LoginFailure We cannot find any account associated with that email. Please try again!";
}
}

huangapple
  • 本文由 发表于 2020年5月3日 16:02:00
  • 转载请务必保留本文链接:https://go.coder-hub.com/61571327.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定