/* * Code by George Kichukov for SAS 10/27/2002 * Updated 11/24/2002 - added session creation * This class is used to check the username and login * and to create the session and stores the real name for * the user throughout the session. All other classes check * to see if the real name is null. */ package admin; import java.io.*; import java.sql.*; import javax.servlet.*; import javax.servlet.http.*; import utilities.*; public class Login extends HttpServlet { private String target = "/servlet/admin.PresentMenu"; private String errorTarget = "../admin/index.jsp"; public void init(ServletConfig config) throws ServletException { super.init(config); } private String verifyUser(String username, String password) { try { ResultSet rs = Retriever.getUsers(); String dbUsername=null; String dbPassword=""; String dbName=null; while(rs.next()) { dbUsername=rs.getString("UserName"); dbPassword=rs.getString("Password"); dbName=rs.getString("Name"); if((dbUsername.equals(username)) && (dbPassword.equals(password))) { return dbName; } } rs.close(); } catch(SQLException e) {System.err.println("SQLException " + e.getMessage());}; return null; } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // If it is a get request forward to doPost() doPost(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //create the printwriter PrintWriter out = response.getWriter(); response.setContentType("text/html"); // Get the username from the request String username = request.getParameter("username"); // Get the password from the request String password = request.getParameter("password"); String name =verifyUser(username, password); //if the username and password matched => //there is a real name existing for that user if (name!=null) { //check if cookies are enabled if not //print a message and redirect back to login if(request.getCookies() == null) { HTMLUtils.printRedirectPage(out, "You must enable cookies in your browser before using the advisement system.", "../index.jsp"); return; } //create the HTTP Session HttpSession session = request.getSession(true); //write the session variable session.setAttribute("user",name); // Forward the request to the target named ServletContext context = getServletContext(); RequestDispatcher dispatcher = context.getRequestDispatcher(target); dispatcher.forward(request, response); } //the username and password combination were no recognized in the database so //redirect back to login but print a message first else { HTMLUtils.printRedirectPage(out, "Sorry, Username/Password Combination is Incorrect. Please try again!", errorTarget); return; } } }