- Joined
- Oct 14, 2009
- Messages
- 5,493
- Reaction score
- 2,299
Can anyone help me modify account.jsp so that when you utilize the "CHANGE ACCOUNT PASSWORD" feature it will retain any information in the 'email' field of 'DBO/users' ???
---------- Post added at 07:40 PM ---------- Previous post was at 06:01 PM ----------
This is the section I am working with
---------- Post added at 07:40 PM ---------- Previous post was at 06:01 PM ----------
This is the section I am working with
Code:
if(action.compareTo("passwd") == 0)
{
String getlogin = request.getParameter("getlogin");
String login = getlogin.toLowerCase();
String password_old = request.getParameter("password_old");
String password_new = request.getParameter("password_new");
if(login.length() > 0 && password_old.length() > 0 && password_new.length() > 0)
{
if(password_new.length() < 4 || password_new.length() > 10)
{
message = "<font color=\"ee0000\">Only 4-10 Characters</font>";
}
else
{
String alphabet = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_";
boolean check = true;
char c;
for(int i=0; i<password_new.length(); i++)
{
c = password_new.charAt(i);
if (alphabet.indexOf(c) == -1)
{
check = false;
break;
}
}
if(!check)
{
message = "<font color=\"ee0000\">Forbidden Characters</font>";
}
else
{
try
{
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection connection = DriverManager.getConnection("jdbc:mysql://" + db_host + ":" + db_port + "/" + db_database, db_user, db_password);
Statement statement = connection.createStatement();
ResultSet rs = statement.executeQuery("SELECT ID, passwd FROM users WHERE name='" + login + "'");
String password_stored = "";
String id_stored = "";
int count = 0;
while(rs.next())
{
id_stored = rs.getString("ID");
password_stored = rs.getString("passwd");
count++;
}
if(count <= 0)
{
message = "<font color=\"ee0000\">User Doesn't Exist</font>";
}
else
{
password_old = pw_encode(login + password_old, MessageDigest.getInstance("MD5"));
// Some hard encoding problems requires a strange solution...
// changePasswd -> wrong encoding password destroyed...
// Only a temp entry in database gives us a correct encoded password for comparsion
rs = statement.executeQuery("call adduser('" + login + "_TEMP_USER', " + password_old + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_old + ")");
rs = statement.executeQuery("SELECT passwd FROM users WHERE name='" + login + "_TEMP_USER'");
rs.next();
password_old = rs.getString("passwd");
// Delete temp entry
statement.executeUpdate("DELETE FROM users WHERE name='" + login + "_TEMP_USER'");
if(password_old.compareTo(password_stored) != 0)
{
message = "<font color=\"ee0000\">Old Password Mismatch</font>";
}
else
{
password_new = pw_encode(login + password_new, MessageDigest.getInstance("MD5"));
// LOCK TABLE to ensure that nobody else get the original ID of the user
statement.executeUpdate("LOCK TABLE users WRITE");
// Delete old entry
statement.executeUpdate("DELETE FROM users WHERE name='" + login + "'");
// Add new entry
rs = statement.executeQuery("call adduser('" + login + "', " + password_new + ", '0', '0', '0', '0', '', '0', '0', '0', '0', '0', '0', '0', '', '', " + password_new + ")");
// change new entry ID to original ID - necessary to keep characters of this account
statement.executeUpdate("UPDATE users SET ID='" + id_stored + "' WHERE name='" + login + "'");
// UNLOCK TABLES
statement.executeUpdate("UNLOCK TABLES");
message = "<font color=\"00cc00\">Password Changed</font>";
}
}
connection.close();
rs.close();
}
catch(Exception e)
{
message = "<font color=\"#ee0000\"><b>Connection to MySQL Database Failed</b></font>";
}
}
}
}
}
Last edited: