首页 > 代码库 > 一个简单的servlet程序(处理用户登陆)

一个简单的servlet程序(处理用户登陆)

Login.java

 1 package com.bai; 2  3 import javax.servlet.http.*; 4  5 import java.io.*; 6  7 public class Login extends HttpServlet{ 8     public void doGet(HttpServletRequest req,HttpServletResponse res){ 9         try{req.setCharacterEncoding("gb2312");10         res.setContentType("text/html;charset=gb2312");11             PrintWriter pw=res.getWriter();12             pw.println("<html>");13             pw.println("<body>");14             pw.println("<h1>登陆界面</h1>");15             pw.println("<form action=logincl method=post>");16             pw.println("用户名:<input type=text name=username><br>");17             pw.println("密码:<input type=password name=passwd><br>");18             pw.println("<input type=submit value=http://www.mamicode.com/login>
");19 pw.println("</form>");20 pw.println("</body>");21 pw.println("</html>");22 }23 catch(Exception e){24 e.printStackTrace();25 }26 }27 28 public void doPost(HttpServletRequest req,HttpServletResponse res){29 this.doGet(req,res);30 }31 }

 

LoginCl.java

 1 package com.bai; 2  3 import javax.servlet.http.*; 4  5 import java.io.*; 6 import java.sql.*; 7  8 public class LoginCl extends HttpServlet{ 9     public void doGet(HttpServletRequest req,HttpServletResponse res){10         11         Connection conn=null;12         Statement stmt=null;13         ResultSet rs=null;14         String sql = "select username,passwd from users where username = ? and passwd = ?";15         try{//req.setCharacterEncoding("gb2312");16             String user=req.getParameter("username");17             String password=req.getParameter("passwd");18             19             Class.forName("com.mysql.jdbc.Driver");20             conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root");21 //            stmt=conn.createStatement();22             PreparedStatement pstmt = conn.prepareStatement(sql);23             pstmt.setString(1, user);24             pstmt.setString(2, password);25             rs = pstmt.executeQuery();26 //            rs=stmt.executeQuery("select top 1 * from users where username=‘"+user27 //                +"‘ and passwd=‘"+password+"‘");28             if(rs.next())29             {30                 HttpSession hs=req.getSession(true);31                 hs.setMaxInactiveInterval(60);32                 hs.setAttribute("name",user);33                 res.sendRedirect("welcome?&uname="+user+"&upass="+password);34             }35             else{36                 res.sendRedirect("login"); //url37             }38             39         }40         catch(Exception e){41             e.printStackTrace();42         }finally{43             try{44                 if(rs!=null){45                 rs.close();46                 }47                 if(stmt!=null){48                     stmt.close();49                 }50                 if(conn!=null){51                     conn.close();52                 }    53             }catch(Exception e){54                 e.printStackTrace();55             }        56         }57     }58     59     public void doPost(HttpServletRequest req,HttpServletResponse res){60         this.doGet(req,res);61     }62 }

其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较

1 sql=select passwd from users where username = ?  limit 12 3 if(rs.next())4 {5     String passwd=rs.getString(1);6     if(passwd.equals(password))7             //密码正确8     else //密码错误9 }

 

Welcome.java

 1 package com.bai; 2  3 import javax.servlet.http.*; 4  5 import java.io.*; 6  7 public class Welcome extends HttpServlet{ 8     public void doGet(HttpServletRequest req,HttpServletResponse res){ 9         10         HttpSession hs=req.getSession();11         String val=(String)hs.getAttribute("pass");12         13         if(val==null){14             try{15                 System.out.print(1);16                 res.sendRedirect("login");17             }catch(Exception e){18                 e.printStackTrace();19             }20             21         }        22             23         String u=req.getParameter("uname");24         String p=req.getParameter("upass");25         26         try{//req.setCharacterEncoding("gb2312");27             PrintWriter pw=res.getWriter();28             pw.println("welcome! "+u+"&pass="+p);29         }30         catch(Exception e){31             e.printStackTrace();32         }33     }34     35     public void doPost(HttpServletRequest req,HttpServletResponse res){36         this.doGet(req,res);37     }38 }

 

一个简单的servlet程序(处理用户登陆)