BetaArchive Logo
Navigation Home Screenshots Image Uploader Server Info FTP Servers Wiki Forum RSS Feed Rules Please Donate
UP: 22d, 5h, 20m | CPU: 21% | MEM: 5521MB of 12227MB used
{The community for beta collectors}

Forum rules


Any off topic discussions should go in this forum. Post count is not increased by posting here.
FTP Access status is required to post in this forum. Find out how to get it


Post new topic Reply to topic  [ 12 posts ] 
Author Message
 PostPost subject: Java trouble        Posted: Thu Mar 26, 2009 12:43 pm 
Reply with quote
FTP Access
Offline

Joined
Tue Oct 14, 2008 1:37 pm

Posts
29
Hello All :D
i got a little programming trouble and i hoped some of you could help me. I'm currently programming in JAVA. i'm currently working on a project where you have a application connected to the database.

i have soem sort of login box where a user can fill in his or her 3 digit number like 666. but now i came across a big problem. If the user has logged out and wants to login again it does not work. the idea what i'm tryiong to develop is a way that when a user is logged in and logs out, and logs in again he can go further with what is was doing. i hope you understand what i'm trying to explain.

I already came this far with the coding for my button:

Code:
         class InlogHandler implements ActionListener
        {

            public void actionPerformed(ActionEvent e)
            {
                GebruikersCode.setEnabled(false);
                GebruikersCodeInloggen.setVisible(false);
                GebruikersCodeUitloggen.setVisible(true);

                String url = "jdbc:mysql://localhost:3306/";
                String db = "macdonalds";
                String driver = "com.mysql.jdbc.Driver";
                String user = "root";
                String pass = "";
                Connection con = null;
               
                try
                {
                    Class.forName(driver).newInstance();
                    con = DriverManager.getConnection(url+db, user, pass);
                    int bigmac = 0;
                    int cheeseburger = 0;
                    int hamburger = 0;
                   
                    try
                    {

                        Statement st = con.createStatement();
                        //ResultSet res = st.executeQuery("INSERT into verspil(gebruikerscode,bigmac,cheeseburger,hamburger) VALUES("+GebruikersCode.getText()+",'"+"0"+"','"+"0"+"','"+"0"+")");
                       
                        st.executeUpdate("INSERT into verspil(gebruikerscode,bigmac,cheeseburger,hamburger) VALUES("+GebruikersCode.getText()+","+bigmac+","+cheeseburger+","+hamburger+")");

                        con.close();
                    }
                    catch(SQLException s)
                    {
                        GebruikersCode.setText("Error");
                    }
                }
                catch(Exception W)
                {
                    W.printStackTrace();
                }               
            }

        }


so my question is. does some one know how i can make this into that a user logs in, it checks with the database to see if the user exist, if the user does exist the user can go further with what he she or it was doing. or if the user does not exist he she or it will be made into the database and can operate the programm.

Greets Walter


i really hope some one with java knowledge understands what i explained :D

_________________
Hi
when you read this, my post has been posted xD
thank you for reading :)


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Thu Mar 26, 2009 4:11 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
930
I haven't programmed anything in Java in more than 10 years, so any specific Java help I can give may be outdated and flat out wrong. However, I can give you some general pointers:

Firstly, you need to have a separation between the database and your app. By that, I mean, checking a login table if the user exists is BAD. Let me explain why. You would have to log into the database to check said user table. The username and password would have to be in your code. Anyone can pick those strings out of your application and have free reign over your database. Also, since "security" would be implemented in the actual application, anyone could modify a function like IsValidUser() to always return true.

What you would want to do is actually create a database user/password and when the user is logging into the application, the username and password they provided is the username and password used to actually log into the database. This not only keeps security away from the user, but you can also set up permissions to the data on a per user/group basis, so even if they exploit your app, they can't add/change/delete any data that they don't have access to in your application.


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Thu Mar 26, 2009 10:15 pm 
Reply with quote
FTP Access
Offline

Joined
Sat Nov 01, 2008 4:06 pm

Posts
171

Location
Computerland

Favourite OS
Always newest but not this time
ResultSet rst=stmt.executeQuery("select * from login where username='"+ u + "' and password='" +p + "'");
String s;

if(rst.next())
{
s=rst.getString(3); //s=rst.getString("accounttype"); or use s=rst.getLine("accounttype"); .......
if(s.equals("admin"))
{
// redirect him to admin section
}
else if(s.equals("user"))

{
// redirect him to user section
}
}
else
{
// you can put insert query here because if acc not found user is not registered
}


1st set the value in u & p for username & password
you have to commit all changes when user log out & when he come he can edit that easy
i hope this help if not sorry :cry:

_________________
jaidev66


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Thu Mar 26, 2009 11:34 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
930
jaidev66: Seriously man. TERRIBLE.

All I would have to do in the client application is grep/strings for "admin", remove/noop the entire if block, and leave in what was encased in the 'equals("admin")' if bit of the block, and I will always be admin.

ALSO, your method is open for a very very very simple SQL injection attack:

If I enter my password = "' or accounttype = 'admin", without the double quotes, again, admin access gained.

Database security DOES NOT BELONG in the client application.


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Fri Mar 27, 2009 12:58 am 
Reply with quote
FTP Access
User avatar
Offline

Joined
Fri Oct 17, 2008 9:51 pm

Posts
127

Location
Germany
I guess what Walter is trying to do is not a security but a usability login as in Windows 98. Which sucks btw...

_________________
This signature intentionally left blank


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Fri Mar 27, 2009 8:29 am 
Reply with quote
FTP Access
Offline

Joined
Tue Oct 14, 2008 1:37 pm

Posts
29
here i have a screenshot of my app:
Image

what i want is that when the user logs in with his username, it checks with the database if the user is there, if not the insert command will be run, if the user does exist he can use the + or - buttons to update his data.

at the button there will be a save button wich will use a update query to save all data in the database.

_________________
Hi
when you read this, my post has been posted xD
thank you for reading :)


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Fri Mar 27, 2009 4:49 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
930
*sigh*

Don't do it that way. As I explained, the user should be a DATABASE user, not a record in a table.


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Fri Mar 27, 2009 6:18 pm 
Reply with quote
Donator
User avatar
Offline

Joined
Sat May 12, 2007 1:05 pm

Posts
5271

Location
The Collection Book

Favourite OS
Windows & Phone
I think it's for a school project.

_________________
Image
http://www.thecollectionbook.info
Subscribe to our Image for updates and like us on Image.

Reading Mode only, PM's possible.


Top  Profile  WWW
 PostPost subject: Re: Java trouble        Posted: Fri Mar 27, 2009 7:41 pm 
Reply with quote
FTP Access
Offline

Joined
Tue Oct 14, 2008 1:37 pm

Posts
29
DjRob wrote:
I think it's for a school project.

yes it is,
We need to use a Database for our application. Guess i should have mentioned it in my opening post. Sorry.

_________________
Hi
when you read this, my post has been posted xD
thank you for reading :)


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Sat Mar 28, 2009 8:41 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
930
This being a class project doesn't mean you should ignore good practices.

Quote:
We need to use a Database for our application. Guess i should have mentioned it in my opening post. Sorry.


Perfect. This doesn't negate what I said at all.


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Sun Mar 29, 2009 11:51 am 
Reply with quote
FTP Access
Offline

Joined
Tue Oct 14, 2008 1:37 pm

Posts
29
jaidev66 wrote:
ResultSet rst=stmt.executeQuery("select * from login where username='"+ u + "' and password='" +p + "'");
String s;

if(rst.next())
{
s=rst.getString(3); //s=rst.getString("accounttype"); or use s=rst.getLine("accounttype"); .......
if(s.equals("admin"))
{
// redirect him to admin section
}
else if(s.equals("user"))

{
// redirect him to user section
}
}
else
{
// you can put insert query here because if acc not found user is not registered
}


1st set the value in u & p for username & password
you have to commit all changes when user log out & when he come he can edit that easy
i hope this help if not sorry :cry:

I probably overread this peace of code but now that i have a look at it clearly, i think it is what i need =D i will try it in class tomorrow and will post the results here.

_________________
Hi
when you read this, my post has been posted xD
thank you for reading :)


Top  Profile
 PostPost subject: Re: Java trouble        Posted: Sun Mar 29, 2009 5:51 pm 
Reply with quote
Donator
Offline

Joined
Tue Oct 17, 2006 8:26 pm

Posts
930
*facepalm*


Top  Profile
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 




Who is online

Users browsing this forum: Google [Bot] and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Jump to:  

All views expressed in these forums are those of the author and do not necessarily represent the views of the BetaArchive site owner.

Powered by phpBB® Forum Software © phpBB Group

Copyright © 2006-2018

 

Sitemap | XML | RSS