程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 編程語言 >> JAVA編程 >> 關於JAVA >> 一個處置用戶上岸的servlet簡略實例

一個處置用戶上岸的servlet簡略實例

編輯:關於JAVA

一個處置用戶上岸的servlet簡略實例。本站提示廣大學習愛好者:(一個處置用戶上岸的servlet簡略實例)文章只能為提供參考,不一定能成為您想要的結果。以下是一個處置用戶上岸的servlet簡略實例正文


本文實例講述了一個處置用戶上岸的servlet完成辦法。分享給年夜家供年夜家參考。詳細剖析以下:

Login.java代碼以下:


package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class Login extends HttpServlet{
    public void doGet(HttpServletRequest req,HttpServletResponse res){
        try{req.setCharacterEncoding("gb2312");
        res.setContentType("text/html;charset=gb2312");
            PrintWriter pw=res.getWriter();
            pw.println("<html>");
            pw.println("<body>");
            pw.println("<h1>上岸界面</h1>");
            pw.println("<form action=logincl method=post>");
            pw.println("用戶名:<input type=text name=username><br>");
            pw.println("暗碼:<input type=password name=passwd><br>");
            pw.println("<input type=submit value=login><br>");
            pw.println("</form>");
            pw.println("</body>");
            pw.println("</html>");
        }
        catch(Exception e){
            e.printStackTrace();
        }
    }
   
    public void doPost(HttpServletRequest req,HttpServletResponse res){
        this.doGet(req,res);
    }
}

LoginCl.java代碼以下:


package com.bai;

import javax.servlet.http.*;

import java.io.*;
import java.sql.*;

public class LoginCl extends HttpServlet{
    public void doGet(HttpServletRequest req,HttpServletResponse res){
       
        Connection conn=null;
        Statement stmt=null;
        ResultSet rs=null;
        String sql = "select username,passwd from users where username = ? and passwd = ?";
        try{//req.setCharacterEncoding("gb2312");
            String user=req.getParameter("username");
            String password=req.getParameter("passwd");
           
            Class.forName("com.mysql.jdbc.Driver");
            conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root");
//            stmt=conn.createStatement();
            PreparedStatement pstmt = conn.prepareStatement(sql);
            pstmt.setString(1, user);
            pstmt.setString(2, password);
            rs = pstmt.executeQuery();
//            rs=stmt.executeQuery("select top 1 * from users where username='"+user
//                +"' and passwd='"+password+"'");
            if(rs.next())
            {
                HttpSession hs=req.getSession(true);
                hs.setMaxInactiveInterval(60);
                hs.setAttribute("name",user);
                res.sendRedirect("welcome?&uname="+user+"&upass="+password);
            }
            else{
                res.sendRedirect("login"); //url
            }
           
        }
        catch(Exception e){
            e.printStackTrace();
        }finally{
            try{
                if(rs!=null){
                rs.close();
                }
                if(stmt!=null){
                    stmt.close();
                }
                if(conn!=null){
                    conn.close();
                }   
            }catch(Exception e){
                e.printStackTrace();
            }       
        }
    }
   
    public void doPost(HttpServletRequest req,HttpServletResponse res){
        this.doGet(req,res);
    }
}

其實下面這個處置用戶名暗碼帶有顯著注入破綻,可以依據用戶名從數據庫取暗碼,用掏出的暗碼和用戶輸出的暗碼比擬


sql=select passwd from users where username = ?  limit 1

if(rs.next())
{
    String passwd=rs.getString(1);
    if(passwd.equals(password))
            //暗碼准確
    else //暗碼毛病
}

Welcome.java代碼以下:


package com.bai;

import javax.servlet.http.*;

import java.io.*;

public class Welcome extends HttpServlet{
    public void doGet(HttpServletRequest req,HttpServletResponse res){
       
        HttpSession hs=req.getSession();
        String val=(String)hs.getAttribute("pass");
       
        if(val==null){
            try{
                System.out.print(1);
                res.sendRedirect("login");
            }catch(Exception e){
                e.printStackTrace();
            }
           
        }       
           
        String u=req.getParameter("uname");
        String p=req.getParameter("upass");
       
        try{//req.setCharacterEncoding("gb2312");
            PrintWriter pw=res.getWriter();
            pw.println("welcome! "+u+"&pass="+p);
        }
        catch(Exception e){
            e.printStackTrace();
        }
    }
   
    public void doPost(HttpServletRequest req,HttpServletResponse res){
        this.doGet(req,res);
    }
}

願望本文所述對年夜家的Java法式設計有所贊助。

  1. 上一頁:
  2. 下一頁:
Copyright © 程式師世界 All Rights Reserved