This article is continuation of previous article, So please read the previous article to know how to setup the project. Once user registration done, user's login id and password will be activated by changing user account's status as "active". Here I am using BCrypt algorithm to hash passwords. While user registration, password will be saved in hash form so that database administration team also cant find what exactly the password is. Whenever user enter credentials, system will use same algorithm to hash password, and verifies with hashed password in database.Find below for flow of the program.
Program Flow
- User Enter Required details ( User Id, Password ) and Submit request to server
- Generate hash code for User given password Using BCrypt Algorithm
- If generated hash code matches with the hash code from database, go to step 4, else go to step 5
- Login successful. Put session for the user
- Login unsuccessful. Inform the user
HTML Code
Here I have used Bootstrap for easy and good design. Find below for snippet from login page
<div class="form-group"> <label for="inputEmail" class="control-label">Email</label> <input name="inputEmail" type="email" class="form-control" id="inputEmail" placeholder="Enter Email" data-error="Enter valid Email" required> <div class="help-block with-errors"></div> </div> <div class="form-group"> <label for="inputPassword" class="control-label">Password</label> <input type="password" name="inputPassword" class="form-control" id="inputPassword" placeholder="Enter Password" data-error="Password should not be null" required> <div class="help-block with-errors"></div> </div>
Login Servlet Post Method
This Login servlet will get email and password from user input. It will verify login and gives proper message to user
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { //get mail and password String inputEmail = request.getParameter("inputEmail"); String inputPassword = BCrypt.hashpw(request.getParameter("inputPassword"), GlobalConstants.SALT); StatusPojo sp = new StatusPojo(); LOGGER.debug(inputEmail); try { // now get user info based on given email and password UserPojo up = UserDAO.verifyLogin(inputEmail, inputPassword); if(up != null) { if(up.getSTATUS().equals(GlobalConstants.ACTIVE) || up.getSTATUS().equals(GlobalConstants.IN_RESET_PASSWORD)) { // if status is active, then put session for user request.getSession().setAttribute(GlobalConstants.USER, up.getUSER_ID()); request.getSession().setAttribute(GlobalConstants.USER_NAME, up.getFIRST_NAME()+" "+up.getLAST_NAME()); sp.setCode(0); sp.setMessage("Success"); } else if(up.getSTATUS().equals(GlobalConstants.NEW)){ sp.setCode(-1); sp.setMessage("Account activation is in pending"); } else { sp.setCode(-1); sp.setMessage("Unknown error"); } } else { sp.setCode(-1); sp.setMessage("Email or Password is not valid"); } } catch (DBException e) { LOGGER.debug(e.getMessage()); sp.setCode(-1); sp.setMessage(e.getMessage()); } PrintWriter pw = response.getWriter(); pw.write(Utils.toJson(sp)); pw.flush(); pw.close(); }
Database query
To verify user with input email and password
select USER_ID, EMAIL, FIRST_NAME, LAST_NAME, STATUS, CREATED_TIME from DEMO_USER where EMAIL = ? and PASSWORD = ?
change password upload in spring mvc
ReplyDeleteYes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks https://sites.google.com/site/hotmailloginonline/
ReplyDeleteThis is my first time visit to your blog and I am very interested in the articles that you serve. Provide enough knowledge for me. Thank you for sharing useful and don't forget, keep sharing useful info: hotmail login
ReplyDelete