1. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    In fact, the code will connect to the database although the user fill the JTextField with a wrong password.
    If the DB does not use a password to permit connection, then please explain what you expect the code to do. The code will connect to the DB with ANY password.
    Code:
     connection = DriverManager.getConnection(uniRL, "usrname", "psswrd");
    The above is the code that connects to the db. I changed the variables to Strings to show that the values of the variables are not used. This statement will always connect to my DB.

    Please explain what you expect the code to do. The current DB does not require a password to connect to, so any value will work for a password.
    Last edited by NormR; June 16th, 2013 at 08:55 AM.
  2. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    Is this what you are trying to do:
    1) check that the user entered userid
    2) check that the user entered a password
    3) check that the userid is in the DB
    4) get password for that userid from the DB
    5) compare the password the user entered with the password from the DB
  3. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    257
    Rep Power
    0
    Originally Posted by NormR
    Is this what you are trying to do:
    1) check that the user entered userid
    2) check that the user entered a password
    3) check that the userid is in the DB
    4) get password for that userid from the DB
    5) compare the password the user entered with the password from the DB

    Yes, correct. That is the reason that make me say that I do not protect the database but I probably will protect the database later because the lecture want me to use the SQL database not an Access database. I only want to make sure that this code will work first before modifying it to work with a SQL database. So, any suggestions about the things that are needed to be done to eliminate this problem?
    Last edited by Tawijakarta; June 16th, 2013 at 09:26 AM.
  4. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    Where does the code do each of the steps I suggested in post#137?
    For example, where does it check that the user has entered a userid?
    And where does it check that the user has entered a password?

    Those checks should be made immediately after the values are gotten from the textfields.

    Is it possible for several users to have the same password?
    How does the following statement say what userid has the selected password:
    Code:
    loginPassword = "select Kata_Kunci from tblDokterAhli where Kata_Kunci = '"+psswrd+"'";
    Last edited by NormR; June 16th, 2013 at 10:09 AM.
  5. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    257
    Rep Power
    0
    Originally Posted by NormR
    Where does the code do each of the steps I suggested in post#137?
    For example, where does it check that the user has entered a userid?
    And where does it check that the user has entered a password?

    Those checks should be made immediately after the values are gotten from the textfields.

    Is it possible for several users to have the same password?
    How does the following statement say what userid has the selected password:
    Code:
    loginPassword = "select Kata_Kunci from tblDokterAhli where Kata_Kunci = '"+psswrd+"'";
    I will not allow any users to have more than a password. How to do that? I do not anticipate several users with a same password, how to anticipate it?

    The checks were made in here:

    Code:
    masuk.addActionListener(new java.awt.event.ActionListener() {  
                String loginName;  
                String loginPassword;    
                String passwrd;
                @Override  
                public void actionPerformed(java.awt.event.ActionEvent evt) {  
                    usrname = txtNama.getText().trim();  
                    psswrd = new String(sandiKata.getPassword());
                    try {  
                        masuklah();  
                    }   
                    catch (SQLException ex) {
                        ex.printStackTrace();
                        Logger.getLogger(ProgramTesisBaru.class.getName()).log(Level.SEVERE, null, ex);  
                    }  
                }  
      
                private void masuklah() throws SQLException {  
                      if (connection == null)  
                      {  
                          masuk.setEnabled(false);  
                          entryPrg();  
                      }  
                      else {
                          entryPrg();  
                      }  
                }  
      
                public void connectToDB() {  
                    //String uniRL = (String)jcboURL.getSelectedItem();  
                    //String driver = (String) jcboDriver.getSelectedItem();  
                    //URL uniRL = (URL)jcboURL.getSelectedItem();  
                    try {  
                        Class.forName(driver);  
                        connection = DriverManager.getConnection(uniRL, usrname, psswrd);  
                        //rowSet.setURL(uniRL);  
                        statusKoneksi.setText("Terhubung ke Paduk Data"); 
                        //statement = connection.createStatement();
                    }  
                    catch (java.lang.Exception ex) { 
                        ex.printStackTrace();
                        statusKoneksi.setText("Gagal Terhubung ke Paduk Data");  
                    }  
                }  
      
                private void entryPrg() {  
                          connectToDB();
                          try {
                          /*//System.out.println("con="+connection.isClosed());*/
                          statement = connection.createStatement();
                          pernyataan = connection.createStatement();
                          loginName = "select Nama_Dokter from tblDokterAhli where Nama_Dokter = '"+usrname+"'";  
                          //System.out.println(loginName);
                          loginPassword = "select Kata_Kunci from tblDokterAhli where Kata_Kunci = '"+psswrd+"'";
                          ResultSet logName = statement.executeQuery(loginName);  
                          //System.out.println(logName);
                          ResultSet logPassword = pernyataan.executeQuery(loginPassword);
                          while (logName.next()) 
                               {  
                               namaPengguna1 = logName.getString("Nama_Dokter");  
                               }  
                          while (logPassword.next()) 
                               {  
                               passwordPengguna1 = logPassword.getString("Kata_Kunci");  
                               }  
                          if (("".equals(usrname)) && ("".equals(psswrd)))   
                                 {  
                                   tombolHubungkankePadukData.setEnabled(false);  
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   tombolUbahPadukData.setEnabled(false);  
                                   tombolBatal.setEnabled(false);  
                                   masuk.setEnabled(true);
                                   statusKoneksi.setText("Tidak Ada Koneksi ke Paduk Data");
                                   connection.close();
                                   keluar.setEnabled(true);  
                                   putuskanKoneksiKePadukData.setEnabled(false); 
                                   statement.close();
                                   pernyataan.close();
                                   JOptionPane.showMessageDialog(null, gx, ix, JOptionPane.INFORMATION_MESSAGE);  
                                 }  
                        else if ((!"".equals(usrname)) && (!"".equals(psswrd)))  
                           {  
                             if ((!"".equals(namaPengguna1)) && (!"".equals(passwordPengguna1)))   
                                {  
                                   tombolHubungkankePadukData.setEnabled(true);  
                                   putuskanKoneksiKePadukData.setEnabled(true);  
                                   tombolUbahPadukData.setEnabled(true);  
                                   tombolBatal.setEnabled(true);  
                                   masuk.setEnabled(false);
                                   statusKoneksi.setText("Terhubung ke Paduk Data");
                                   keluar.setEnabled(true);  
                                   putuskanKoneksiKePadukData.setEnabled(true);  
                                   statement.close();
                                   connection.close();
                                   pernyataan.close();
                                }  
                             else if (("".equals(namaPengguna1)) && (!"".equals(passwordPengguna1)))  
                                {  
                                   tombolHubungkankePadukData.setEnabled(false);  
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   tombolUbahPadukData.setEnabled(false);  
                                   tombolBatal.setEnabled(false);  
                                   keluar.setEnabled(true);
                                   masuk.setEnabled(true);
                                   statusKoneksi.setText("Tidak Ada Koneksi ke Paduk Data");
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   JOptionPane.showMessageDialog(null, ex, ix, JOptionPane.INFORMATION_MESSAGE);  
                                   connection.close();
                                   statement.close();
                                   pernyataan.close();
                               }  
                            else if ((!"".equals(namaPengguna1)) && ("".equals(passwordPengguna1)))  
                               {  
                                   tombolHubungkankePadukData.setEnabled(false);  
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   tombolUbahPadukData.setEnabled(false);  
                                   tombolBatal.setEnabled(false);
                                   masuk.setEnabled(true);
                                   statusKoneksi.setText("Tidak Ada Koneksi ke Paduk Data");
                                   keluar.setEnabled(true);  
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   JOptionPane.showMessageDialog(null, fx, ix, JOptionPane.INFORMATION_MESSAGE);  
                                   connection.close();
                                   pernyataan.close();
                               }
                             else if (("".equals(namaPengguna1)) && ("".equals(passwordPengguna1)))  
                               {  
                                   tombolHubungkankePadukData.setEnabled(false);  
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   tombolUbahPadukData.setEnabled(false);  
                                   tombolBatal.setEnabled(false);
                                   masuk.setEnabled(true);
                                   statusKoneksi.setText("Tidak Ada Koneksi ke Paduk Data");
                                   keluar.setEnabled(true);  
                                   putuskanKoneksiKePadukData.setEnabled(false);  
                                   JOptionPane.showMessageDialog(null, gx, ix, JOptionPane.INFORMATION_MESSAGE);  
                                   connection.close();
                                   pernyataan.close();
                               }
        }  
        else if ((!"".equals(usrname)) && ("".equals(psswrd)))
        {  
              JOptionPane.showMessageDialog(null, cx, ix, JOptionPane.INFORMATION_MESSAGE);  
              tombolHubungkankePadukData.setEnabled(false);  
              putuskanKoneksiKePadukData.setEnabled(false);  
              tombolUbahPadukData.setEnabled(false);  
              tombolBatal.setEnabled(false); 
              masuk.setEnabled(true);
              statusKoneksi.setText("Tidak Ada Koneksi ke Paduk Data");
              keluar.setEnabled(true);  
              putuskanKoneksiKePadukData.setEnabled(false);  
              try {
                   connection.close();                    
                   statement.close();
                   pernyataan.close();
              }
              catch (SQLException ex) 
              {
                  ex.printStackTrace();
                  statusMasuk.setText("Gagal Masuk");
              }
        }  
        else if ((("".equals(usrname)) && (!"".equals(psswrd))))  
        {      
            tombolHubungkankePadukData.setEnabled(false);  
            putuskanKoneksiKePadukData.setEnabled(false);  
            tombolUbahPadukData.setEnabled(false);  
            tombolBatal.setEnabled(false);  
            keluar.setEnabled(true);  
            masuk.setEnabled(true);
            statusKoneksi.setText("Tidak Ada Koneksi ke Paduk Data");
            putuskanKoneksiKePadukData.setEnabled(false);  
            JOptionPane.showMessageDialog(null, dx, ix, JOptionPane.INFORMATION_MESSAGE);                          
            try 
            {
            connection.close(); 
            statement.close();
            pernyataan.close();
            }
            catch (SQLException ex) 
              {
                  ex.printStackTrace();
                  statusMasuk.setText("Gagal Masuk");
              } 
          }       
                          }  
                          catch (java.lang.Exception ex){ 
                              ex.printStackTrace();
                              statusMasuk.setText("Gagal Masuk");  
                          }
                }});
    Last edited by Tawijakarta; June 17th, 2013 at 08:57 AM.
  6. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    I do not anticipate several users with a same password, how to anticipate it?
    I'd think it is possible for several users to have the same password. The Select statement I posted does not associate the userid with the password. The results of the Select statement says that there is one or more users with the password, but does not say which users have that password. The Select should look for the userid AND the password together.

    The checks were made in here:
    Where are any checks made for a valid userid and password in the following code:
    Code:
                public void actionPerformed(java.awt.event.ActionEvent evt) {  
                    usrname = txtNama.getText().trim();  
                    psswrd = new String(sandiKata.getPassword());
                    try {
    The variables get some values from the textfields, but those values are NOT tested.
    They should be tested immediately and an error message issued if they are empty.
  7. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    257
    Rep Power
    0
    Originally Posted by NormR
    I'd think it is possible for several users to have the same password. The Select statement I posted does not associate the userid with the password. The results of the Select statement says that there is one or more users with the password, but does not say which users have that password. The Select should look for the userid AND the password together.


    Where are any checks made for a valid userid and password in the following code:
    Code:
                public void actionPerformed(java.awt.event.ActionEvent evt) {  
                    usrname = txtNama.getText().trim();  
                    psswrd = new String(sandiKata.getPassword());
                    try {
    The variables get some values from the textfields, but those values are NOT tested.
    They should be tested immediately and an error message issued if they are empty.
    I change it but some strange things are happening. Some time, if the password is correct but the userid is not correct, it will show error messages but some time it will let the user to enter. The same thing happen to the userid, how to fix this?
    Last edited by Tawijakarta; June 17th, 2013 at 10:02 AM.
  8. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    Also change the Select so both the username and password are retrieved in one Select statement so that they are found on the same row in the DB.
  9. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    257
    Rep Power
    0
    Originally Posted by NormR
    Also change the Select so both the username and password are retrieved in one Select statement so that they are found on the same row in the DB.
    To what should I change the Select statement?
  10. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    Change the select statement to test that there is a row with the userid and password that were entered by the user. An earlier version of NewMain had that select in it.
  11. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    Some time, if the password is correct but the userid is not correct, it will show error messages but some time it will let the user to enter. The same thing happen to the userid, how to fix this?
    You need to study the logic to see why it allows that to happen.
    One helpful technique is to use println() statements that print out messages as the code executes and shows the values of variables that are used in if statements that control the execution flow.

    When the wrong things happen, the print out will show why the code allowed it to happen.
  12. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    257
    Rep Power
    0
    Originally Posted by NormR
    Change the select statement to test that there is a row with the userid and password that were entered by the user. An earlier version of NewMain had that select in it.
    in which post? What do you suggest to do to solve all of the problems that I have?
  13. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    What do you suggest to do to solve all of the problems that I have?
    Make a list of the problems and work on them one at a time.
    What is the first problem you want to work on?
  14. No Profile Picture
    Permanently Banned
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    257
    Rep Power
    0
    Originally Posted by NormR
    Make a list of the problems and work on them one at a time.
    What is the first problem you want to work on?
    The login problem, what should I do? How to fix it to make the code to stop to allow the user with wrong name or password to login?

    One more, how to access a method in an action listener from other action listeners?
  15. Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Aug 2010
    Location
    Eastern Florida
    Posts
    3,696
    Rep Power
    347
    how to access a method in an action listener from other action listeners?
    Put the actionlistener method in its own named class that other methods can get a reference to.
    The login problem .. How to fix it to make the code to stop to allow the user with wrong name or password to login?
    Change the logic to do something like these three steps:
    1) get userid entered by user and test that it is valid(not empty)
    2) get password entered by user and test that it is valid(not empty)
    3) check that there is a row in the DB that has the userid and password that the user entered.

IMN logo majestic logo threadwatch logo seochat tools logo