Osiris93 Osiris93 - 4 months ago 5
Java Question

Application not comparing login data on MySQL database?

I created a login frame where the user has to enter a username or password. The user credentials are stored in an encrypted format (AES) on a MySQL database. For test purposes when the access button is pressed the frame takes the data entered in the

txtUsername
and
txtPassword
, encrypts them and sets the encrypted credentials in the
txtEncUName
and
txtEncPword
. The application will then compare the encrypted credentials with the encrypted data in the
txtEncUName
and
txtEncPword
textfields.

If the credentials are correct the user is granted access and directed to the respective page depending on if they have admin access or not. If their account has been locked, then they will be notified by a jLabel and access will not be granted. When I tested this earlier, it worked perfectly fine but now here's my problem:

When I try login, the application immediately says that the account is inaccessible. I have checked the credentials and they are correct. No errors come up and the stack trace doesn't come up either.

What can I do to get this to check the credentials properly?

Here is the method used for the access button:

public void loginMethod()
{
String user = txtUsername.getText();
String pwd = new String(txtPassword.getPassword());

try
{
String enc1 = LoginFrame.encrypt(user);
String enc2 = LoginFrame.encrypt(pwd);

encUname.setText(enc1);
encPword.setText(enc2);

String aes1 = encUname.getText();
String aes2 = encPword.getText();

String getAccess = "select * from login_db";

Class.forName("com.mysql.jdbc.Driver");
Connection conn = (Connection)
DriverManager.getConnection("jdbc:mysql://localhost:3306/user_db","root","password");
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(getAccess);

if(rs.next())
{
String username = rs.getString("emp_num");
String password = rs.getString("pword");
String access = rs.getString("adminAccess");
String locked = rs.getString("accLocked");

if((aes1.equals(username)) && (aes2.equals(password)) && (access.equals("Yes"))&& ("No".equals(locked)))
{
AdminPage ap = new AdminPage();
ap.setVisible(true);
this.dispose();
}

else if ((aes1.equals(username)) && (aes2.equals(password)) && (access.equals("No"))&& ("No".equals(locked)))
{
EmployeeMainPage emp = new EmployeeMainPage();
emp.setVisible(true);
this.dispose();
}

else if((aes1.equals(username)) && (aes2.equals(password)) && (access.equals("Yes"))&& ("Yes".equals(locked)))
{
lblWrongLogin.setVisible(true);
lblWrongLogin.setText("Account inaccesible, please contact admin for support.");
}
else if((locked.equals("Yes")))
{
lblWrongLogin.setVisible(true);
lblWrongLogin.setText("Account inaccessible, please contact admin for support.");
}
}
}

catch (Exception e)
{
JOptionPane.showMessageDialog(this, e);
}
}
}

Answer
String getAccess = "select * from login_db";    

The query above selects all rows from the database, but the code...

if(rs.next())

...only checks if the first row matches - there will be issues if there is more than a single row. Consider changing the query to look for matches to username and password

PreparedStatement ps = conn.prepareStatement( "select * from login_db where emp_num=? AND pword=?");
ps.setString(1, aes1);
ps.setString(2, aes2); 
ResultSet rs = ps.executeQuery();
if ( rs.next() ){
    //logic here
}
Comments