From d8b678efd74baa9ef910ac195a35524cc805a76e Mon Sep 17 00:00:00 2001 From: skoussa Date: Tue, 5 Nov 2019 12:44:57 -0500 Subject: [PATCH 1/5] fix an sql issue --- .../org/cysecurity/cspf/jvl/controller/LoginValidator.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 2331d13..30d01a5 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -11,6 +11,7 @@ import java.sql.Connection; import java.sql.ResultSet; import java.sql.Statement; +import java.sql.PreparedStatement; import javax.servlet.ServletException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServlet; @@ -48,8 +49,10 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where username='"+user+"' and password='"+pass+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where username= ? and password=?"); + stmt.setString(1, user); + stmt.setString(2, pass); + stmt.executeQuery(); if(rs != null && rs.next()){ HttpSession session=request.getSession(); session.setAttribute("isLoggedIn", "1"); From fd418b0ac9db0cccaa687a91dc0ccf5de0ec0515 Mon Sep 17 00:00:00 2001 From: skoussa Date: Tue, 5 Nov 2019 21:26:57 -0500 Subject: [PATCH 2/5] change --- .../java/org/cysecurity/cspf/jvl/controller/LoginValidator.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 30d01a5..395b072 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -50,6 +50,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re { ResultSet rs=null; PreparedStatement stmt = con.prepareStatement("select * from users where username= ? and password=?"); + stmt.setString(1, user); stmt.setString(2, pass); stmt.executeQuery(); From 7e6b6f71ed9ae23ad53ee11a15313cfefe33da68 Mon Sep 17 00:00:00 2001 From: skoussa Date: Tue, 5 Nov 2019 21:31:36 -0500 Subject: [PATCH 3/5] Code added --- .../java/org/cysecurity/cspf/jvl/controller/LoginValidator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 395b072..4d8ce57 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -52,7 +52,7 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re PreparedStatement stmt = con.prepareStatement("select * from users where username= ? and password=?"); stmt.setString(1, user); - stmt.setString(2, pass); + stmt.setString(2, user); stmt.executeQuery(); if(rs != null && rs.next()){ HttpSession session=request.getSession(); From 9cf240bc4342810a6ff062c2f8169fe91d581aff Mon Sep 17 00:00:00 2001 From: skoussa Date: Wed, 6 Nov 2019 23:22:21 -0500 Subject: [PATCH 4/5] a big fix --- .../org/cysecurity/cspf/jvl/controller/EmailCheck.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java b/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java index c5edb24..4982ae2 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/EmailCheck.java @@ -10,7 +10,7 @@ import java.io.PrintWriter; import java.sql.Connection; import java.sql.ResultSet; -import java.sql.Statement; +import java.sql.PreparedStatement; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -44,8 +44,9 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re if(con!=null && !con.isClosed()) { ResultSet rs=null; - Statement stmt = con.createStatement(); - rs=stmt.executeQuery("select * from users where email='"+email+"'"); + PreparedStatement stmt = con.prepareStatement("select * from users where email=?"); + stmt.setString(1, email); + stmt.executeQuery(); if (rs.next()) { json.put("available", "1"); From 944ab7e6ac8a7fd306bd548763b5d8826313de50 Mon Sep 17 00:00:00 2001 From: skoussa Date: Thu, 7 Nov 2019 15:02:35 -0500 Subject: [PATCH 5/5] this is a change --- .../cysecurity/cspf/jvl/controller/LoginValidator.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java index 4d8ce57..542218a 100644 --- a/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java +++ b/src/main/java/org/cysecurity/cspf/jvl/controller/LoginValidator.java @@ -75,8 +75,13 @@ protected void processRequest(HttpServletRequest request, HttpServletResponse re { response.sendRedirect("ForwardMe?location=/login.jsp&err=Invalid Username or Password"); } - - } + ResultSet rs=null; + Statement stmt = con.createStatement(); + rs=stmt.executeQuery("select * from users where username='"+user+"'"); + if (rs.next()) + { + //do nothing + } } catch(Exception ex) {