首页 > 代码库 > 一个简单的servlet程序(处理用户登陆)
一个简单的servlet程序(处理用户登陆)
Login.java
1 package com.bai; 2 3 import javax.servlet.http.*; 4 5 import java.io.*; 6 7 public class Login extends HttpServlet{ 8 public void doGet(HttpServletRequest req,HttpServletResponse res){ 9 try{req.setCharacterEncoding("gb2312");10 res.setContentType("text/html;charset=gb2312");11 PrintWriter pw=res.getWriter();12 pw.println("<html>");13 pw.println("<body>");14 pw.println("<h1>登陆界面</h1>");15 pw.println("<form action=logincl method=post>");16 pw.println("用户名:<input type=text name=username><br>");17 pw.println("密码:<input type=password name=passwd><br>");18 pw.println("<input type=submit value=http://www.mamicode.com/login>
");19 pw.println("</form>");20 pw.println("</body>");21 pw.println("</html>");22 }23 catch(Exception e){24 e.printStackTrace();25 }26 }27 28 public void doPost(HttpServletRequest req,HttpServletResponse res){29 this.doGet(req,res);30 }31 }
LoginCl.java
1 package com.bai; 2 3 import javax.servlet.http.*; 4 5 import java.io.*; 6 import java.sql.*; 7 8 public class LoginCl extends HttpServlet{ 9 public void doGet(HttpServletRequest req,HttpServletResponse res){10 11 Connection conn=null;12 Statement stmt=null;13 ResultSet rs=null;14 String sql = "select username,passwd from users where username = ? and passwd = ?";15 try{//req.setCharacterEncoding("gb2312");16 String user=req.getParameter("username");17 String password=req.getParameter("passwd");18 19 Class.forName("com.mysql.jdbc.Driver");20 conn=DriverManager.getConnection("jdbc:mysql://localhost:3306/sqdb","root","root");21 // stmt=conn.createStatement();22 PreparedStatement pstmt = conn.prepareStatement(sql);23 pstmt.setString(1, user);24 pstmt.setString(2, password);25 rs = pstmt.executeQuery();26 // rs=stmt.executeQuery("select top 1 * from users where username=‘"+user27 // +"‘ and passwd=‘"+password+"‘");28 if(rs.next())29 {30 HttpSession hs=req.getSession(true);31 hs.setMaxInactiveInterval(60);32 hs.setAttribute("name",user);33 res.sendRedirect("welcome?&uname="+user+"&upass="+password);34 }35 else{36 res.sendRedirect("login"); //url37 }38 39 }40 catch(Exception e){41 e.printStackTrace();42 }finally{43 try{44 if(rs!=null){45 rs.close();46 }47 if(stmt!=null){48 stmt.close();49 }50 if(conn!=null){51 conn.close();52 } 53 }catch(Exception e){54 e.printStackTrace();55 } 56 }57 }58 59 public void doPost(HttpServletRequest req,HttpServletResponse res){60 this.doGet(req,res);61 }62 }
其实上面这个处理用户名密码带有明显注入漏洞,可以根据用户名从数据库取密码,用取出的密码和用户输入的密码比较
1 sql=select passwd from users where username = ? limit 12 3 if(rs.next())4 {5 String passwd=rs.getString(1);6 if(passwd.equals(password))7 //密码正确8 else //密码错误9 }
Welcome.java
1 package com.bai; 2 3 import javax.servlet.http.*; 4 5 import java.io.*; 6 7 public class Welcome extends HttpServlet{ 8 public void doGet(HttpServletRequest req,HttpServletResponse res){ 9 10 HttpSession hs=req.getSession();11 String val=(String)hs.getAttribute("pass");12 13 if(val==null){14 try{15 System.out.print(1);16 res.sendRedirect("login");17 }catch(Exception e){18 e.printStackTrace();19 }20 21 } 22 23 String u=req.getParameter("uname");24 String p=req.getParameter("upass");25 26 try{//req.setCharacterEncoding("gb2312");27 PrintWriter pw=res.getWriter();28 pw.println("welcome! "+u+"&pass="+p);29 }30 catch(Exception e){31 e.printStackTrace();32 }33 }34 35 public void doPost(HttpServletRequest req,HttpServletResponse res){36 this.doGet(req,res);37 }38 }
一个简单的servlet程序(处理用户登陆)
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。