import java.sql.*;
/**
* An example to show the difference between Statements and PrepareStatements.
*
*
* @author Sofoklis Stouraitis
*/
class LabStaff {
private String errorMessages = "";
private Connection con = null;
private PreparedStatement stmt = null;
private Statement stmt1 = null;
private ResultSet rs = null, rs1 = null;
private String qry_debugger = "";
/**
* A method to get errors.
*
* @return String, representing the error message.
*/
public String getErrorMessages() {
return errorMessages;
}
/**
* A method to get query from outside this class.
*
* @return String, representing the query.
*/
public String getQuery() {
return qry_debugger;
}
/**
* Checks if the username and password are valid using Statement.
*
* @return boolean, true if user is valid, false otherwise.
*/
public boolean isUserValidVulnerable(String username, String password) {
if (con == null) {
errorMessages = "You must establish a connection first!";
return false;
}
try {
String userQuery2 = "SELECT username FROM users WHERE username ='"
+ username + "' AND password ='" + password + "';";
qry_debugger = userQuery2;
stmt1 = con.createStatement();
rs1 = stmt1.executeQuery(userQuery2);
if (rs1.next()) {
rs1.close();
stmt1.close();
return true;
} else {
rs1.close();
stmt1.close();
errorMessages = "<b>Error 4:</b><br>An error occured while trying to authenticate user using: <br>"
+ "username=" + username + " <br>password=" + password;
return false;
}
} catch (Exception e) {
errorMessages = "<b>Error 3:</b> Error while executing authentication query: <br>"
+ e.getMessage();
return false;
}
} // end of isUserValidVulnerable
/**
* Checks if the username and password are valid using PreparedStatement.
*
* @return boolean, true if user is valid, false otherwise.
*/
public boolean isUserValid(String username, String password) {
if (con == null) {
errorMessages = "You must establish a connection first!";
return false;
}
try {
String userQuery = "SELECT username FROM users WHERE username =? and password =?";
stmt = con.prepareStatement(userQuery);
stmt.setString(1, username);
stmt.setString(2, password);
rs = stmt.executeQuery();
if (rs.next()) {
rs.close();
stmt.close();
return true;
} else {
rs.close();
stmt.close();
errorMessages = "<b>Error 1:</b><br>An error occured while trying to authenticate user using: <br> "
+ "username=" + username + " <br>password=" + password;
return false;
}
} catch (Exception e) {
errorMessages = "<b>Error 2:</b> Error while executing authentication query: <br>"
+ e.getMessage();
return false;
}
} // end of isUserValid
/**
* The Constructor.
*
*/
public LabStaff() {
}
/**
* Provides a connection with the Database Server. Initializes JDBC driver
* for MySQL. Establishes a connection with the Database Server.
*
* @throws SQLException
* (with the appropriate message) if any driver or connection
* error occured.
*/
public void open() throws SQLException {
try {
// for JDBC driver to connect to mysql, the .newInstance() method
// can be ommited
Class.forName("com.mysql.jdbc.Driver").newInstance();
} catch (Exception e1) {
errorMessages = "MySQL Driver error: <br>" + e1.getMessage();
throw new SQLException(errorMessages);
}
try {
con = DriverManager.getConnection(
"jdbc:mysql://195.251.249.131:3306/eloi_stuff",
"eloi_stuff", "wr782");
} catch (Exception e2) {
errorMessages = "Could not establish connection with the Database Server: <br>"
+ e2.getMessage();
con = null;
throw new SQLException(errorMessages);
}
} // end of open
/**
* Ends the connection with the database Server. Closes all Statements and
* ResultSets. Finally, closes the connection with the Database Server.
*
* @throws SQLException
* (with the appropriate message) if any error occured.
*/
public void close() throws SQLException {
try {
if (stmt != null)
stmt.close();
if (stmt1 != null)
stmt1.close();
if (rs != null)
rs.close();
if (rs1 != null)
rs1.close();
if (con != null)
con.close();
} catch (Exception e3) {
errorMessages = "Could not close connection with the Database Server: <br>"
+ e3.getMessage();
throw new SQLException(errorMessages);
}
} // end of close
}// end of class
|