mark.george / jetty
Transfer to URL with SHA Find file
Newer
Older
jetty / src / main / java / servlets / DodgyLoginServlet.java
Mark George on 29 Oct 2021 1 KB Various improvements
Raw Blame History 
package servlets;

import dao.DbConnection;
import java.io.IOException;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet(urlPatterns = {"/sign-in"})
public class DodgyLoginServlet extends HttpServlet {

	@Override
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		String ctx = request.getContextPath();

		String username = request.getParameter("username");
		String password = request.getParameter("password");

		String sql = "select name from users where username = '" + username + "' and password = '" + password + "';";

		System.out.println(sql);

		try (
			Connection con = DbConnection.getConnection(getServletContext());
			Statement s = con.createStatement();
			) {

			ResultSet rs = s.executeQuery(sql);

			if (rs.next()) {
				String name = rs.getString("name");
				request.getSession().setAttribute("name", name);
				request.getSession().setAttribute("signedIn",Boolean.TRUE);
				response.sendRedirect(ctx + "/protected/welcome.jsp");
			} else {
				request.getSession().setAttribute("signedIn", Boolean.FALSE);
				response.sendRedirect(ctx + "/sign-in.jsp");
			}

		} catch (SQLException ex) {
			Logger.getLogger(DodgyLoginServlet.class.getName()).log(Level.SEVERE, null, ex);
		}
	}

}