multi-user login java (admin,user,teacher)
I have three user types in database. http://oi44.tinypic.com/2z8qflw.jpg
And heres my login form http://oi44.tinypic.com/20p5v04.jpg
When i choose admin as usertype, enter the username and password from the database, the admin form shows up. But when i choose teacher and student, and type the username&pass from the database, only the JOptionpane shows up which is the Invalid details.
heres my code for login jframe:
JButton btnLogin = new JButton("Login");
btnLogin.setFont(new Font("Book Antiqua", Font.PLAIN, 18));
btnLogin.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent arg0) {
String sql = "SELECT * FROM useRecords ";
try {
ps = conn.prepareStatement(sql);
rs=ps.executeQuery();
String user = usern.getText();
String pwd = new String (passw.getPassword());
String type =(String)typeUser.getSelectedItem();
while(rs.next()) {
String uname = rs.getString("username");
String pass = rs.getString("password");
if ((user.equals(uname)) && (pwd.equals(pass))) {
if (type.equals("Admin")) { // ... admin
dispose();
aCai aCai = new aCai();
aCai.setVisible(true);
aCai.setExtendedState(Frame.MAXIMIZED_BOTH);
} else if (type.equals("Teacher")) { // ... teacher
dispose();
tCai tCai = new tCai();
tCai.setVisible(true);
tCai.setExtendedState(Frame.MAXIMIZED_BOTH);
} else {
dispose();
sCai sCai = new sCai();
sCai.setVisible(true);
sCai.setExtendedState(Frame.MAXIMIZED_BOTH);
}
} else {
JOptionPane.showMessageDialog(null, "User name and password do"
+ " not match!","ALERT!",
JOptionPane.ERROR_MESSAGE);
break;
}
}
} catch(Exception e) {
JOptionPane.showMessageDialog(null, e);
} finally {
try{
rs.close();
ps.close();
} catch(Exception e) {
}
}
}
});
Answer
The problem is, you are asking for ALL the rows from the useRecord table and looping through the result set. When you fail to find a match for the username or password on the FIRST row, you show the JOptionPane and break out of the loop, preventing any other possible checks
while(rs.next()) {
String uname = rs.getString("username");
String pass = rs.getString("password");
if ((user.equals(uname)) && (pwd.equals(pass))) {
//...
} else {
JOptionPane.showMessageDialog(null, "User name and password do"
+ " not match!","ALERT!",
JOptionPane.ERROR_MESSAGE);
break;
}
}
A better approach might be to ask the database for all the results that match the username and password directly, for example...
String user = usern.getText();
String pwd = new String (passw.getPassword());
String type =(String)typeUser.getSelectedItem();
String sql = "SELECT * FROM useRecords where username=? and password=? and type = ?";
try {
ps = conn.prepareStatement(sql);
ps.bindString(1, user);
ps.bindString(2, pwd);
ps.bindString(3, type);
rs=ps.executeQuery();
ps- As a side note, you should avoid storing passwords using plain text in this manner (in fact you should avoid storing them in String). Personally, I would use some kind of one-way hash algorithm to store password in the database, this way, if the database is compromised, then it won't matter (alot) if they get the passwords - IMHO