. Construct an application which verifies the user names and passwords. The foll

Question

. Construct an application which verifies the user names and passwords. The following are the specifics.

A client is an ordinary browser, such as IE, Firefox, etc. A user starts an application by entering your website address or name into the address bar. She is then presented with an initial web page. This is the first kind of login page, which looks like the following.

After the user enters the input into these two fields and then presses the submit button, the data is sent to the server side for verification. If the information is correct, the browser will receive a positive acknowledgement from the server, and display it in its window. This can be a single line of message. If the information is incorrect, however, the server will send another page. This is the second kind of login page, which looks like the one shown below:

(If the user submits the page in which a field has been left blank, the server should take that as the user has entered the incorrect information.) After the user enters information again into the above page, the verification process repeats.

At the server side, when the server receives the initial request, it sends the web page of the first kind to the browser. After it receives the data for the user name and password, it validates them by searching for them on a local database, where the user names and passwords are stored for all the valid users. If it finds them, it sends a positive acknowledgement back to the browser, otherwise it sends the web page of the second kind back to the browser. Whether or not the validation is successful, the server prints the request headers on the screen of the machine.

Once the authentication process is successful, the user does not need to be authenticated again in the same session. This means that the user can freely return to your website without being asked for user name and password again, even if she has navigated over different websites in the meantime, as long as she doesn’t close the browser. To implement this feature, you need to use cookie. (Refer to the lecture notes for how to set up cookies.)

Your server must be implemented in such a way that it can serve multiple clients at the same time. However, since the browser normally closes the connection after each request, do not use thread.

Your program should meet the following structural requirements:

The fields must be included in a form, and have the types of text, password and submit.

The contents are placed at the center of the page.

The fields are properly aligned. (You may want to use a table with hidden border for this purpose.)

Each time when the server receives a request, it prints the request line and headers on the screen.

It is preferred that you use POST as the method for your form. However, for this assignment, GET is also acceptable. (In practice, for security reason, a form with password field always uses a POST method, in which the password will not be shown in the address bar.)

A data file is attached at the course web site that serves as the local database where a list of user login names and passwords is stored. In each entry the first field is the login name and the second is the password for a particular user. Test your program on that file.

Explanation / Answer

Create a table:

CREATE TABLE members (

  `uname` varchar(45) NOT NULL,

  `pass` varchar(45) NOT NULL)

Welcome.jsp:

Please Login Here <a href="index.jsp">Go to Login</a>

index.jsp:

<%@page contentType="text/html" pageEncoding="UTF-8"%>

<!DOCTYPE html>

<html>

    <head>

        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

        <title>Example</title>

    </head>

    <body>

        <form method="post" action="login1.jsp">

            <center>

            <table border="1" width="30%" cellpadding="3">

                <thead>

                    <tr>

                        <th colspan="2">Login Here</th>

                    </tr>

                </thead>

                <tbody>

                    <tr>

                        <td>User Name</td>

                        <td><input type="text" name="uname" value="" /></td>

                    </tr>

                    <tr>

                        <td>Password</td>

                        <td><input type="password" name="pass" value="" /></td>

                    </tr>

                    <tr>

                        <td><input type="submit" value="Login" /></td>

</tr>

  </tbody>

            </table>

            </center>

        </form>

    </body>

</html>

Login1.jsp:

<%@ page import ="java.sql.*" %>

<% String userid = request.getParameter("uname");   

    String pwd = request.getParameter("pass");

    Class.forName("com.mysql.jdbc.Driver");

    Connection con = DriverManager.getConnection("jdbc:mysql://localhost:URL","root", "dbpass");

    Statement st = con.createStatement();

    ResultSet rs;

    rs = st.executeQuery("select * from members where uname='" + userid + "' and pass='" + pwd + "'");

    if (rs.next()) {

        session.setAttribute("userid", userid);

  response.sendRedirect("success.jsp");

    } else {

        out.println("Invalid password <a href="index.jsp">try again</a>");

    }

%>

Success.jsp:

<%

    if ((session.getAttribute("userid") == null) || (session.getAttribute("userid") == "")) {

%>

You are not logged in<br/>

<a href="index.jsp">Please Login</a>

<%} else {

%>

Welcome <%=session.getAttribute("userid")%>

<a href="logout.jsp">Log out</a>

<%

    }

%>

Logout.jsp:

<%

session.setAttribute("userid", null);

session.invalidate();

response.sendRedirect("index.jsp");

%>

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.