根据密码检查登录字符串(MySQL& JDBC) [英] Check login string against password (MySQL & JDBC)
问题描述
我知道还有很多其他类似主题的问题,但是我找不到能为我的特定问题找到解决方案的问题.我有一个Java应用程序,该Java应用程序通过JDBC连接到Uni项目的Lamp,我正在尝试将输入的密码与它们也在MySQL数据库中输入的登录名相关的密码进行比较.我有一个哈希(MD5)方法,该方法将对用户输入进行哈希处理,但会不断抛出空指针异常,我无法解决!
I know there's plenty of other questions out there with a similar topic but I can't find one that creates a solution to my specific problem. I have a Java Application that connects via JDBC to Lamp for a Uni project and I'm trying to compare the inputted password to the password related to the login they also entered in the MySQL database. I have a hashing (MD5) method that will hash the users input but it keeps throwing a null pointer exception and I can't fix it!
在按钮上按下代码:
private void loginButtonActionPerformed(java.awt.event.ActionEvent evt) {
String pass = passTextField.toString();
try {
try {
lModel.checkLogin(loginTextField.getText(), pass);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(MainFrame.class.getName()).log(Level.SEVERE, null, ex);
}
} catch (SQLException se) {
System.out.println(se.toString());
}
}
散列方法(和相关变量):
Hashing method (and related variables):
private Logins l;
private String password;
public String hashPass(String pass) throws NoSuchAlgorithmException {
MessageDigest mdEnc = MessageDigest.getInstance("MD5");
mdEnc.update(password.getBytes(), 0, password.length());
String md5 = new BigInteger(1, mdEnc.digest()).toString(16); // Encrypted
return md5;
}
检查登录方法(不使用连接字符串以保护隐私):
Check Login method (without connection String for privacy):
public void checkLogin(String login, String pass) throws SQLException, NoSuchAlgorithmException {
Connection con = null;
PreparedStatement stmt= null;
ResultSet rs = null;
l = new Logins();
String passHashed = hashPass(pass);
String username = login;
try {
stmt = con.prepareStatement("SELECT Login, Password from Staff");
rs = stmt.executeQuery();
if (rs.next()) {
if (username.equals(rs.getString("Login"))) {
if (passHashed.equals(rs.getString("Password"))) {
System.out.println("Logged in.");
} else {
System.out.println("Incorrect password - login combination.");
}
} else {
System.out.println("Incorrect log in.");
}
}
} finally {
if (rs != null) try {rs.close();} catch (SQLException se){}
if (stmt != null) try {stmt.close();} catch (SQLException se) {}
if (con != null) try {con.close();} catch (SQLException se) {}
}
}
都可以正确解析并且可以检查数据库,但是我发现它从未登录的原因是因为该方法生成的MD5代码产生了与之不同的输出存储在数据库中的密码.这是数据库之一:
It all parses correctly and can check the database but I've found the reason it doesn't log in ever is because the MD5 code generated by the method produces a different output to that of the password stored in the database. Here's the database one:
1274d1c52d7a5a9125bd64f1f9a26dce
和生成的:
1030416151603361603636256577523441305746075
密码为伦敦重量
有什么想法吗?
推荐答案
password未设置为pass参数的值,因此password.getBytes()无法正常工作.那么pass.getBytes()
password is not set to the value of pass pararmeter so password.getBytes() won't work. What about pass.getBytes()
这篇关于根据密码检查登录字符串(MySQL& JDBC)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!