SQL 登录验证 - 检查用户类型
SQL Login Verification - Checking user Type
下面的程序当前检查用户的登录详细信息是否正确。然后进入下一部分,检查用户是否是管理员。目前我正在尝试通过所有普通用户在我的数据库中列为 'user_admin' [null] 而管理员将在数据库中列为 1 来解决这个问题。我环顾四周,似乎没有人用我正在做的方法问过与此相关的问题。
如果您查看我的代码,您会发现普通用户应指向 UserPanel,而管理员应指向 AdminPanel。这是因为我的程序设置为人们可以查看那里的帐户,而管理员可以编辑帐户。
这是我正在从事的拼贴项目,因此该程序非常简单。
JLabel lblNewLabel = new JLabel("");
lblNewLabel.setIcon(new ImageIcon(PanelLogin.class.getResource("/image/Login.png")));
lblNewLabel.setBounds(118, 115, 100, 26);
lblNewLabel.addMouseListener(new MouseAdapter() {
@Override
public void mouseEntered(MouseEvent e) {
lblNewLabel.setIcon(new ImageIcon(PanelLogin.class.getResource("/image/Loginv2.png")));
}
@Override
public void mouseExited(MouseEvent e) {
lblNewLabel.setIcon(new ImageIcon(PanelLogin.class.getResource("/image/Login.png")));
}
@Override
public void mouseClicked(MouseEvent e) {
if (LoginAttempts < 3 ) {
try {
String Host = "removed";
String Name = "removed";
String Pass = "removed";
Connection conn = DriverManager.getConnection( Host, Name, Pass );
PreparedStatement pst = conn.prepareStatement("SELECT `user_name`, `user_pass` FROM `table_1` WHERE `user_name` = ? AND `user_pass` = ?");
pst.setString(1, textID.getText());
pst.setString(2, String.valueOf(passwordField.getPassword()));
ResultSet Result = pst.executeQuery();
if (Result.next()) {
String user =Result.getString("user_name");
try {
PreparedStatement pst2 = conn.prepareStatement("SELECT `user_admin` FROM `table_1` WHERE `user_name` = ?");
pst2.setString(1, user);
if (Result.next()) {
frmLotusLogin.dispose();
new UserPanel(user).frame.setVisible(true);
}
else {
frmLotusLogin.dispose();
new AdminPanelMain(user).frmLotusSecurity.setVisible(true);
}
}
catch (Exception exc){
}
}
else {
JOptionPane.showMessageDialog(null, "Incorrect Username/Password");
LoginAttempts = LoginAttempts + 1;
}
}
catch (Exception ex) {
System.out.println(ex);
JOptionPane.showMessageDialog(null, "An error occurred. Your Username/Password could be incorrect, "
+ "If error contiues to appear please contact support! Error Number: L1");
}
}
else {
JOptionPane.showMessageDialog(null, "You Have Entered The Wrong Password Too Many Times, You are now locked out!");
}
}
});
提前感谢发现我做错了什么或需要更改以使其正确验证的任何人。如果有人需要任何进一步的信息,请随时询问。
第一次建议后
try {
String Host = "";
String Name = "";
String Pass = "";
Connection conn = DriverManager.getConnection( Host, Name, Pass );
PreparedStatement pst = conn.prepareStatement("SELECT `user_name`, `user_pass` FROM `table_1` WHERE `user_name` = ? AND `user_pass` = ?");
pst.setString(1, textID.getText());
pst.setString(2, String.valueOf(passwordField.getPassword()));
ResultSet Result = pst.executeQuery();
if (Result.next()) {
String user = Result.getString("user_name");
try {
PreparedStatement pst2 = conn.prepareStatement("SELECT `user_admin` FROM `table_1` WHERE `user_name` = ?");
pst2.setString(1, user);
ResultSet Result2 = pst2.executeQuery(); // added
if (Result2.next()) { // modified
System.out.println("Test");
frmLotusLogin.dispose();
new UserPanel(user).frame.setVisible(true);
} else {
frmLotusLogin.dispose();
new AdminPanelMain(user).frmLotusSecurity.setVisible(true);
}
} catch (Exception exc) {
// do something here !
}
}
else {
JOptionPane.showMessageDialog(null, "Incorrect Username/Password");
LoginAttempts = LoginAttempts + 1;
}
}
catch (Exception ex) {
System.out.println(ex);
JOptionPane.showMessageDialog(null, "An error occurred. Your Username/Password could be incorrect, "
+ "If error contiues to appear please contact support! Error Number: L1");
}
}
else {
JOptionPane.showMessageDialog(null, "You Have Entered The Wrong Password Too Many Times, You are now locked out!");
}
}
});
这就是我的 table 目前的样子你可以看到我正在做什么来说明用户是否是管理员
您永远不会执行第二条语句,当然也不会使用它的结果(因为您仍然使用第一个结果集)。
此外,在捕获异常时永远不要忽略它们,除非您确定它根本不重要。
最后,您应该在完成后关闭 statements/connections(我没有将这部分添加到下面的代码中)。
ResultSet Result = pst.executeQuery();
if (Result.next()) {
String user = Result.getString("user_name");
try {
PreparedStatement pst2 = conn
.prepareStatement("SELECT `user_admin` FROM `table_1` WHERE `user_name` = ? AND `user_admin` = 1");
pst2.setString(1, user);
ResultSet Result2 = pst2.executeQuery(); // added
if (Result2.next()) { // modified
frmLotusLogin.dispose();
new AdminPanel(user).frame.setVisible(true);
} else {
frmLotusLogin.dispose();
new MainUserPanel(user).frmLotusSecurity.setVisible(true);
}
} catch (Exception exc) {
// do something here !
}
下面的程序当前检查用户的登录详细信息是否正确。然后进入下一部分,检查用户是否是管理员。目前我正在尝试通过所有普通用户在我的数据库中列为 'user_admin' [null] 而管理员将在数据库中列为 1 来解决这个问题。我环顾四周,似乎没有人用我正在做的方法问过与此相关的问题。
如果您查看我的代码,您会发现普通用户应指向 UserPanel,而管理员应指向 AdminPanel。这是因为我的程序设置为人们可以查看那里的帐户,而管理员可以编辑帐户。
这是我正在从事的拼贴项目,因此该程序非常简单。
JLabel lblNewLabel = new JLabel("");
lblNewLabel.setIcon(new ImageIcon(PanelLogin.class.getResource("/image/Login.png")));
lblNewLabel.setBounds(118, 115, 100, 26);
lblNewLabel.addMouseListener(new MouseAdapter() {
@Override
public void mouseEntered(MouseEvent e) {
lblNewLabel.setIcon(new ImageIcon(PanelLogin.class.getResource("/image/Loginv2.png")));
}
@Override
public void mouseExited(MouseEvent e) {
lblNewLabel.setIcon(new ImageIcon(PanelLogin.class.getResource("/image/Login.png")));
}
@Override
public void mouseClicked(MouseEvent e) {
if (LoginAttempts < 3 ) {
try {
String Host = "removed";
String Name = "removed";
String Pass = "removed";
Connection conn = DriverManager.getConnection( Host, Name, Pass );
PreparedStatement pst = conn.prepareStatement("SELECT `user_name`, `user_pass` FROM `table_1` WHERE `user_name` = ? AND `user_pass` = ?");
pst.setString(1, textID.getText());
pst.setString(2, String.valueOf(passwordField.getPassword()));
ResultSet Result = pst.executeQuery();
if (Result.next()) {
String user =Result.getString("user_name");
try {
PreparedStatement pst2 = conn.prepareStatement("SELECT `user_admin` FROM `table_1` WHERE `user_name` = ?");
pst2.setString(1, user);
if (Result.next()) {
frmLotusLogin.dispose();
new UserPanel(user).frame.setVisible(true);
}
else {
frmLotusLogin.dispose();
new AdminPanelMain(user).frmLotusSecurity.setVisible(true);
}
}
catch (Exception exc){
}
}
else {
JOptionPane.showMessageDialog(null, "Incorrect Username/Password");
LoginAttempts = LoginAttempts + 1;
}
}
catch (Exception ex) {
System.out.println(ex);
JOptionPane.showMessageDialog(null, "An error occurred. Your Username/Password could be incorrect, "
+ "If error contiues to appear please contact support! Error Number: L1");
}
}
else {
JOptionPane.showMessageDialog(null, "You Have Entered The Wrong Password Too Many Times, You are now locked out!");
}
}
});
提前感谢发现我做错了什么或需要更改以使其正确验证的任何人。如果有人需要任何进一步的信息,请随时询问。
第一次建议后
try {
String Host = "";
String Name = "";
String Pass = "";
Connection conn = DriverManager.getConnection( Host, Name, Pass );
PreparedStatement pst = conn.prepareStatement("SELECT `user_name`, `user_pass` FROM `table_1` WHERE `user_name` = ? AND `user_pass` = ?");
pst.setString(1, textID.getText());
pst.setString(2, String.valueOf(passwordField.getPassword()));
ResultSet Result = pst.executeQuery();
if (Result.next()) {
String user = Result.getString("user_name");
try {
PreparedStatement pst2 = conn.prepareStatement("SELECT `user_admin` FROM `table_1` WHERE `user_name` = ?");
pst2.setString(1, user);
ResultSet Result2 = pst2.executeQuery(); // added
if (Result2.next()) { // modified
System.out.println("Test");
frmLotusLogin.dispose();
new UserPanel(user).frame.setVisible(true);
} else {
frmLotusLogin.dispose();
new AdminPanelMain(user).frmLotusSecurity.setVisible(true);
}
} catch (Exception exc) {
// do something here !
}
}
else {
JOptionPane.showMessageDialog(null, "Incorrect Username/Password");
LoginAttempts = LoginAttempts + 1;
}
}
catch (Exception ex) {
System.out.println(ex);
JOptionPane.showMessageDialog(null, "An error occurred. Your Username/Password could be incorrect, "
+ "If error contiues to appear please contact support! Error Number: L1");
}
}
else {
JOptionPane.showMessageDialog(null, "You Have Entered The Wrong Password Too Many Times, You are now locked out!");
}
}
});
这就是我的 table 目前的样子你可以看到我正在做什么来说明用户是否是管理员
您永远不会执行第二条语句,当然也不会使用它的结果(因为您仍然使用第一个结果集)。
此外,在捕获异常时永远不要忽略它们,除非您确定它根本不重要。
最后,您应该在完成后关闭 statements/connections(我没有将这部分添加到下面的代码中)。
ResultSet Result = pst.executeQuery();
if (Result.next()) {
String user = Result.getString("user_name");
try {
PreparedStatement pst2 = conn
.prepareStatement("SELECT `user_admin` FROM `table_1` WHERE `user_name` = ? AND `user_admin` = 1");
pst2.setString(1, user);
ResultSet Result2 = pst2.executeQuery(); // added
if (Result2.next()) { // modified
frmLotusLogin.dispose();
new AdminPanel(user).frame.setVisible(true);
} else {
frmLotusLogin.dispose();
new MainUserPanel(user).frmLotusSecurity.setVisible(true);
}
} catch (Exception exc) {
// do something here !
}