Newer
Older
jetty / src / main / java / servlets / DodgyLoginServlet.java
package servlets;

import dao.DbConnection;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(urlPatterns = {"/login"})
public class DodgyLoginServlet extends HttpServlet {

	@Override
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		String username = request.getParameter("username");
		String password = request.getParameter("password");

		String sql = "select name from users where username = '" + username + "' and password = '" + password + "';";

		System.out.println(sql);

		try (
			Connection con = DbConnection.getConnection(getServletContext());
			Statement s = con.createStatement();
			) {

			ResultSet rs = s.executeQuery(sql);

			if (rs.next()) {
				String result = rs.getString("name");
				request.getSession().setAttribute("user", result);
				response.sendRedirect("welcome.jsp");
			} else {
				response.sendRedirect("login.jsp?login=fail");
			}

		} catch (SQLException ex) {
			Logger.getLogger(DodgyLoginServlet.class.getName()).log(Level.SEVERE, null, ex);
		}
	}

}