CODEWITHSUNDEEP
java
Gian7
Gian7

Reputation: 203

How to verify 2 kinds of account?

Is it possible for the program to verify if the account credentials inputted by the user belongs to a certaing kind of account? if yes, how? For example:

Database

username                      password
jake (admin)                   qwerty
anna (student)                 asdf

If the user inputted jake and qwerty as logon credentials then he would be able to access admin menus and when he used student account anna and asdf then he'll be able to access student menus.

Logon Button:

private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {
    // TODO add your handling code here:
    //str = JOptionPane.showInputDialog(this, "Enter id number: ");
    user = jTextField1.getText();
    pass = jPasswordField1.getPassword();
    login();
}

Function

private void login() {

    try {
        if ((user != null)&&(pass != null)) {
            sql = "Select * from users_table Where username='" + user + "' and password='" + pass + "'";
            ResultSet rs = stmt.executeQuery(sql);
            if( rs.next()) {
                JOptionPane.showMessageDialog(null, "A basic JOptionPane message dialog");
            } else {
                //in this case enter when  result size is zero  it means user is invalid
            }
        }
    } catch (SQLException err) {
        JOptionPane.showMessageDialog(this, err.getMessage());
    }
}

Upvotes: 0

Views: 65

Answers (1)

vikingsteve
vikingsteve

Reputation: 40428

Gian, it's typical to have some sort of "role" column in your user database.

For example:

username      password       role
jake          qwerty         admin
anna          asdf           student

When you get a result in your result set, read the "role" field from the table and make differences in functionality based on that.

        ResultSet rs = stmt.executeQuery(sql);
        if( rs.next()) {
            if ("admin".equals(rs.getString("role")) {
                 // ...
            } else { 
                 // ...
            }
            JOptionPane.showMessageDialog(null, "A basic JOptionPane message dialog");
        } else {
            //in this case enter when  result size is zero  it means user is invalid
        }

Good luck!

P.S. be aware of SQL injection attacks!! What could happen if I type username as follows? And how can you protect against it?

'; delete from users_table;

Upvotes: 2

Related Questions