问题
I know there's plenty of other questions out there with a similar topic but I can't find one that creates a solution to my specific problem. I have a Java Application that connects via JDBC to Lamp for a Uni project and I'm trying to compare the inputted password to the password related to the login they also entered in the MySQL database. I have a hashing (MD5) method that will hash the users input but it keeps throwing a null pointer exception and I can't fix it!
on button press code:
private void loginButtonActionPerformed(java.awt.event.ActionEvent evt) {
String pass = passTextField.toString();
try {
try {
lModel.checkLogin(loginTextField.getText(), pass);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(MainFrame.class.getName()).log(Level.SEVERE, null, ex);
}
} catch (SQLException se) {
System.out.println(se.toString());
}
}
Hashing method (and related variables):
private Logins l;
private String password;
public String hashPass(String pass) throws NoSuchAlgorithmException {
MessageDigest mdEnc = MessageDigest.getInstance("MD5");
mdEnc.update(password.getBytes(), 0, password.length());
String md5 = new BigInteger(1, mdEnc.digest()).toString(16); // Encrypted
return md5;
}
Check Login method (without connection String for privacy):
public void checkLogin(String login, String pass) throws SQLException, NoSuchAlgorithmException {
Connection con = null;
PreparedStatement stmt= null;
ResultSet rs = null;
l = new Logins();
String passHashed = hashPass(pass);
String username = login;
try {
stmt = con.prepareStatement("SELECT Login, Password from Staff");
rs = stmt.executeQuery();
if (rs.next()) {
if (username.equals(rs.getString("Login"))) {
if (passHashed.equals(rs.getString("Password"))) {
System.out.println("Logged in.");
} else {
System.out.println("Incorrect password - login combination.");
}
} else {
System.out.println("Incorrect log in.");
}
}
} finally {
if (rs != null) try {rs.close();} catch (SQLException se){}
if (stmt != null) try {stmt.close();} catch (SQLException se) {}
if (con != null) try {con.close();} catch (SQLException se) {}
}
}
Edit: It all parses correctly and can check the database but I've found the reason it doesn't log in ever is because the MD5 code generated by the method produces a different output to that of the password stored in the database. Here's the database one:
1274d1c52d7a5a9125bd64f1f9a26dce
and the generated:
1030416151603361603636256577523441305746075
The password is LondonWeight
Any ideas?
回答1:
password is not set to the value of pass pararmeter so password.getBytes() won't work. What about pass.getBytes()
回答2:
con appears to always be null
You need to obtain a connection object before you can do con.prepareStatement("SELECT Login, Password from Staff");
There may be other problems in your code, but it's hard to tell which problem you are hitting without a stacktrace
Has your Staff table got more than one row in it? Seems like unless the user name that you are loking for isd the first one returned by your SQL statement, then you'll get "Incorrect Log in" . Would n't you be better doing
SELECT Login, Password from Staff where Login = UserName
( that isn't syntactically correct in your context but you get the drift ... )
That way, if don;t get a row, then it's an Incorrect Login, and then you just have to compare the hashed values.
来源:https://stackoverflow.com/questions/17213761/check-login-string-against-password-mysql-jdbc