<!DOCTYPE html> <!-- used to demonstrate data theft via SQL injection --> <html> <head> <link rel="stylesheet" type="text/css" href="css/style.css"/> <title>Awesome Web Site - Login</title> </head> <body> <div id="content"> <%@include file="/WEB-INF/jspf/menu.jspf" %> <h1>Welcome to our awesome web site!</h1> <fieldset><legend>Login</legend> <% if ("fail".equals(request.getParameter("login"))) { %> <p>Log in attempt failed. Please try again.</p> <% } %> <form action="awesomelogin" method="POST"> <label>Username: <input type="text" name="username"></label> <label>Password: <input type="password" name="password"></label> <input type="submit" value="Login"> </form> </fieldset> </div> </body> </html>