多用户登录java (admin,user,teacher)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19343076/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
multi-user login java (admin,user,teacher)
提问by Riri
I have three user types in database. http://oi44.tinypic.com/2z8qflw.jpg
我在数据库中有三种用户类型。 http://oi44.tinypic.com/2z8qflw.jpg
And heres my login form http://oi44.tinypic.com/20p5v04.jpg
这是我的登录表单 http://oi44.tinypic.com/20p5v04.jpg
When i choose admin as usertype, enter the username and password from the database, the admin form shows up. But when i choose teacher and student, and type the username&pass from the database, only the JOptionpane shows up which is the Invalid details.
当我选择 admin 作为用户类型时,输入数据库中的用户名和密码,就会出现管理表单。但是当我选择老师和学生,并从数据库中输入用户名和密码时,只有 JOptionpane 显示,这是无效的详细信息。
heres my code for login jframe:
这是我登录 jframe 的代码:
JButton btnLogin = new JButton("Login");
btnLogin.setFont(new Font("Book Antiqua", Font.PLAIN, 18));
btnLogin.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent arg0) {
String sql = "SELECT * FROM useRecords ";
try {
ps = conn.prepareStatement(sql);
rs=ps.executeQuery();
String user = usern.getText();
String pwd = new String (passw.getPassword());
String type =(String)typeUser.getSelectedItem();
while(rs.next()) {
String uname = rs.getString("username");
String pass = rs.getString("password");
if ((user.equals(uname)) && (pwd.equals(pass))) {
if (type.equals("Admin")) { // ... admin
dispose();
aCai aCai = new aCai();
aCai.setVisible(true);
aCai.setExtendedState(Frame.MAXIMIZED_BOTH);
} else if (type.equals("Teacher")) { // ... teacher
dispose();
tCai tCai = new tCai();
tCai.setVisible(true);
tCai.setExtendedState(Frame.MAXIMIZED_BOTH);
} else {
dispose();
sCai sCai = new sCai();
sCai.setVisible(true);
sCai.setExtendedState(Frame.MAXIMIZED_BOTH);
}
} else {
JOptionPane.showMessageDialog(null, "User name and password do"
+ " not match!","ALERT!",
JOptionPane.ERROR_MESSAGE);
break;
}
}
} catch(Exception e) {
JOptionPane.showMessageDialog(null, e);
} finally {
try{
rs.close();
ps.close();
} catch(Exception e) {
}
}
}
});
回答by MadProgrammer
The problem is, you are asking for ALL the rows from the useRecordtable and looping through the result set. When you fail to find a match for the username or password on the FIRST row, you show the JOptionPaneand breakout of the loop, preventing any other possible checks
问题是,您要求useRecord表中的所有行并循环遍历结果集。当您在第一行中找不到用户名或密码的匹配项时,您将显示循环JOptionPane并break退出循环,从而阻止任何其他可能的检查
while(rs.next()) {
String uname = rs.getString("username");
String pass = rs.getString("password");
if ((user.equals(uname)) && (pwd.equals(pass))) {
//...
} else {
JOptionPane.showMessageDialog(null, "User name and password do"
+ " not match!","ALERT!",
JOptionPane.ERROR_MESSAGE);
break;
}
}
A better approach might be to ask the database for all the results that match the usernameand passworddirectly, for example...
更好的方法可能是向数据库询问与username和password直接匹配的所有结果,例如...
String user = usern.getText();
String pwd = new String (passw.getPassword());
String type =(String)typeUser.getSelectedItem();
String sql = "SELECT * FROM useRecords where username=? and password=? and type = ?";
try {
ps = conn.prepareStatement(sql);
ps.bindString(1, user);
ps.bindString(2, pwd);
ps.bindString(3, type);
rs=ps.executeQuery();
ps- As a side note, you should avoid storing passwords using plain text in this manner (in fact you should avoid storing them in String). Personally, I would use some kind of one-way hash algorithm to store password in the database, this way, if the database is compromised, then it won't matter (alot) if they get the passwords - IMHO
ps- 作为旁注,您应该避免以这种方式使用纯文本存储密码(实际上您应该避免将它们存储在 中String)。就个人而言,我会使用某种单向哈希算法将密码存储在数据库中,这样,如果数据库遭到破坏,那么他们是否获得密码就无关紧要(很多) - 恕我直言
