This article is continuation of previous article, So please read the previous article to know how to setup the project. Once user registration done, user's login id and password will be activated by changing user account's status as "active". Here I am using BCrypt algorithm to hash passwords. While user registration, password will be saved in hash form so that database administration team also cant find what exactly the password is. Whenever user enter credentials, system will use same algorithm to hash password, and verifies with hashed password in database.Find below for flow of the program.

Program Flow 

  1. User Enter Required details ( User Id, Password ) and Submit request to server
  2. Generate hash code for User given password Using BCrypt Algorithm
  3. If generated hash code matches with the hash code from database, go to step 4, else go to step 5
  4. Login successful. Put session for the user
  5. Login unsuccessful. Inform the user

HTML Code

Here I have used Bootstrap for easy and good design. Find below for snippet from login page
<div class="form-group">
    <label for="inputEmail" class="control-label">Email</label>
    <input name="inputEmail" type="email" class="form-control" id="inputEmail" placeholder="Enter Email" data-error="Enter valid Email" required>
    <div class="help-block with-errors"></div>
</div>
<div class="form-group">
    <label for="inputPassword" class="control-label">Password</label>
    <input type="password" name="inputPassword" class="form-control" id="inputPassword" placeholder="Enter Password" data-error="Password should not be null" required>
    <div class="help-block with-errors"></div>
</div>

Login Servlet Post Method

This Login servlet will get email and password from user input. It will verify login and gives proper message to user
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    //get mail and password 
    String inputEmail = request.getParameter("inputEmail");
    String inputPassword = BCrypt.hashpw(request.getParameter("inputPassword"), GlobalConstants.SALT);
    StatusPojo sp = new StatusPojo();
    LOGGER.debug(inputEmail);
    try {
        // now get user info based on given email and password
        UserPojo up = UserDAO.verifyLogin(inputEmail, inputPassword);
        if(up != null) {
            if(up.getSTATUS().equals(GlobalConstants.ACTIVE) || up.getSTATUS().equals(GlobalConstants.IN_RESET_PASSWORD)) {
                // if status is active, then put session for user
                request.getSession().setAttribute(GlobalConstants.USER, up.getUSER_ID());
                request.getSession().setAttribute(GlobalConstants.USER_NAME, up.getFIRST_NAME()+" "+up.getLAST_NAME());
                sp.setCode(0);
                sp.setMessage("Success");   
            } else if(up.getSTATUS().equals(GlobalConstants.NEW)){
                sp.setCode(-1);
                sp.setMessage("Account activation is in pending");
            } else {
                sp.setCode(-1);
                sp.setMessage("Unknown error");
            }
            
        } else {
            sp.setCode(-1);
            sp.setMessage("Email or Password is not valid");                
        }
    } catch (DBException e) {
        LOGGER.debug(e.getMessage());
        sp.setCode(-1);
        sp.setMessage(e.getMessage());
    }
    PrintWriter pw = response.getWriter();
    pw.write(Utils.toJson(sp));
    pw.flush();
    pw.close();
}

Database query

To verify user with input email and password
select USER_ID, EMAIL, FIRST_NAME, LAST_NAME, STATUS, CREATED_TIME from DEMO_USER where EMAIL = ? and PASSWORD = ?

0 comments:

Blogroll

Follow this blog by Email

Popular Posts