mark.george / jetty
Transfer to URL with SHA Find file
Newer
Older
jetty / src / main / java / servlets / AwesomeLoginServlet.java
Mark George on 16 Aug 2021 3 KB Recent update
Raw Blame History 
/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package servlets;

import dao.JdbcConnection;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 *
 * This servlet is used to demonstrate SQL injection attacks.
 *
 *
 * @author mark
 */
@WebServlet(name="AwesomeLoginServlet", urlPatterns = {"/awesomelogin"})
public class AwesomeLoginServlet extends HttpServlet {

   /**
    * Processes requests for both HTTP
    * <code>GET</code> and
    * <code>POST</code> methods.
    *
    * @param request servlet request
    * @param response servlet response
    * @throws ServletException if a servlet-specific error occurs
    * @throws IOException if an I/O error occurs
    */
   protected void processRequest(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
      response.setContentType("text/html;charset=UTF-8");

      String username = request.getParameter("username");
      String password = request.getParameter("password");

      String sql = "select name from users where username = '" + username + "' and password = '" + password + "';";
		System.out.println(sql);
		
      try (
         Connection con = JdbcConnection.getConnection(getServletContext());
         Statement s = con.createStatement();
         ResultSet rs = s.executeQuery(sql);
         ) {

         if (rs.next()) {
				String result = rs.getString("name");
				request.getSession().setAttribute("user", result);
				response.sendRedirect("welcome.jsp");
         } else {
				response.sendRedirect("awesome_login.jsp?login=fail");
			}

      } catch (SQLException ex) {
         Logger.getLogger(LoginServlet.class.getName()).log(Level.SEVERE, null, ex);
      }
   }
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
 * Handles the HTTP
 * <code>GET</code> method.
 *
 * @param request servlet request
 * @param response servlet response
 * @throws ServletException if a servlet-specific error occurs
 * @throws IOException if an I/O error occurs
 */
@Override
   protected void doGet(HttpServletRequest request, HttpServletResponse response)
	   throws ServletException, IOException {
		processRequest(request, response);
	}

	/**
	 * Handles the HTTP <code>POST</code> method.
	 * @param request servlet request
	 * @param response servlet response
	 * @throws ServletException if a servlet-specific error occurs
	 * @throws IOException if an I/O error occurs
	 */
	@Override
   protected void doPost(HttpServletRequest request, HttpServletResponse response)
	   throws ServletException, IOException {
		processRequest(request, response);
	}

	/**
	 * Returns a short description of the servlet.
	 * @return a String containing servlet description
	 */
	@Override
   public String getServletInfo() {
		return "Short description";
	}// </editor-fold>
}