根据密码检查登录字符串(MySQL& JDBC) [英] Check login string against password (MySQL & JDBC)

问题描述

我知道还有很多其他类似主题的问题，但是我找不到能为我的特定问题找到解决方案的问题.我有一个Java应用程序，该Java应用程序通过JDBC连接到Uni项目的Lamp，我正在尝试将输入的密码与它们也在MySQL数据库中输入的登录名相关的密码进行比较.我有一个哈希(MD5)方法，该方法将对用户输入进行哈希处理，但会不断抛出空指针异常，我无法解决！

I know there's plenty of other questions out there with a similar topic but I can't find one that creates a solution to my specific problem. I have a Java Application that connects via JDBC to Lamp for a Uni project and I'm trying to compare the inputted password to the password related to the login they also entered in the MySQL database. I have a hashing (MD5) method that will hash the users input but it keeps throwing a null pointer exception and I can't fix it!

在按钮上按下代码:

private void loginButtonActionPerformed(java.awt.event.ActionEvent evt) {                                            
    String pass = passTextField.toString();
    try {
        try {
            lModel.checkLogin(loginTextField.getText(), pass);
        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(MainFrame.class.getName()).log(Level.SEVERE, null, ex);
        }
    } catch (SQLException se) {
        System.out.println(se.toString());
    }
}            

散列方法(和相关变量):

Hashing method (and related variables):

private Logins l;
private String password;

public String hashPass(String pass) throws NoSuchAlgorithmException {
    MessageDigest mdEnc = MessageDigest.getInstance("MD5"); 
    mdEnc.update(password.getBytes(), 0, password.length());
    String md5 = new BigInteger(1, mdEnc.digest()).toString(16); // Encrypted 
    return md5;
}

检查登录方法(不使用连接字符串以保护隐私):

Check Login method (without connection String for privacy):

public void checkLogin(String login, String pass) throws SQLException, NoSuchAlgorithmException {
    Connection con = null;
    PreparedStatement stmt= null;
    ResultSet rs = null;
    l = new Logins();
    String passHashed = hashPass(pass);
    String username = login;

    try {

        stmt = con.prepareStatement("SELECT Login, Password from Staff");
        rs = stmt.executeQuery();

        if (rs.next()) {
            if (username.equals(rs.getString("Login"))) {
                if (passHashed.equals(rs.getString("Password"))) {
                    System.out.println("Logged in.");
                } else {
                    System.out.println("Incorrect password - login combination.");
                }
            } else {
                System.out.println("Incorrect log in.");
            }
        }

    } finally {
        if (rs != null) try {rs.close();} catch (SQLException se){}
        if (stmt != null) try {stmt.close();} catch (SQLException se) {}
        if (con != null) try {con.close();} catch (SQLException se) {}
    } 
}

都可以正确解析并且可以检查数据库，但是我发现它从未登录的原因是因为该方法生成的MD5代码产生了与之不同的输出存储在数据库中的密码.这是数据库之一:

It all parses correctly and can check the database but I've found the reason it doesn't log in ever is because the MD5 code generated by the method produces a different output to that of the password stored in the database. Here's the database one:

1274d1c52d7a5a9125bd64f1f9a26dce

和生成的:

1030416151603361603636256577523441305746075

密码为伦敦重量

有什么想法吗?

推荐答案

password未设置为pass参数的值，因此password.getBytes()无法正常工作.那么pass.getBytes()

password is not set to the value of pass pararmeter so password.getBytes() won't work. What about pass.getBytes()

这篇关于根据密码检查登录字符串(MySQL& JDBC)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！