1

I'm running a simple Java login system, using MySQL.

The login works fine, but I want to create an object of the user that has been logged in via get methods. But when outputting these methods they return null:

"Logged in with null and null".

What am I doing wrong?

-- MAIN --

public class Main {


public static void main(String[] args) {

    Scanner input = new Scanner(System.in);
    User u = new User();

    String username;
    String password;

    System.out.println("Enter Username: ");
    username = input.next();

    System.out.println("Enter Password: ");
    password = input.next();

    DatabaseController dc = new DatabaseController();
    dc.login(username, password);

    if(dc.a){
        System.out.print("Logged in with "+ u.getUsername()+ " and " +u.getPassword());
    }
    else{
        System.out.println("mismatch");
    }

}

}

-- DATABASE CONTROLLER ---

public class DatabaseController {

private DatabaseConnection db;
ResultSet rs;
boolean a;
User u = null;

String name;
String pass;

public DatabaseController()
{
    db = new DatabaseConnection();
}

public boolean login(String username, String password)
{

    try
    {
        rs = db.doQuery("SELECT Firstname, Password FROM Users WHERE Firstname ='"+ username+"';");
        while(rs.next())
        {
            name = rs.getString(1);
            pass = rs.getString(2);
            if(pass.equals(password)){
                a = true;
                u = new User();
                u.setPassword(password);
                u.setUsername(username);
            }
        }
    }
    catch(Exception ex)
    {
        ex.printStackTrace();
    }
    return a;
}
 }

--- USER ---

public class User {

private String username;
private String password;

public String getUsername() {
    return username;
}
public void setUsername(String username) {
    this.username = username;
}
public String getPassword() {
    return password;
}
public void setPassword(String password) {
    this.password = password;
}

}
Improve this question

5 Answers 5

Reset to default
4

u is a local variable in main that is allocated but never has its internal data set. The u you are setting lives in DatabaseController. You need dc.u. There are ways to improve best practices on your code itself, which others have pointed out, but that seems to be out of scope for this question. Shoot me a message offline if you would like help improving your design.

Now to the make the world a safer place part. NEVER store passwords in plain text. Compute a hash on the password when you store it (preferably a Salted SHA256), and then compare hashes upon login. You also have a sql injection vulnerability. You should parameterize that query. Try inputing 

' OR 1=1;--

as the username with any arbitrary password and see what happens. You are currently circumventing this by doing the password comparison in your code, but it should still be fixed.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Hey Jonathan, thanks for your answer! I'll be aware of the injection problems, the project is for school purposes and security are not required yet :)
@JesperBaungårdBruunHansen, one of them can be resolved easily by using a parameterized query. It is a one-line change. You can easily find how to do it in the jdbc documentation.
1

You do initialize u, but you do never initilize its attributes username and password. Add this to your code:

u.setUsername(username); 
u.setPassword(password);

Your code then looks like this:

public class Main { 
    public static void main(String[] args) {

        Scanner input = new Scanner(System.in);
        User u = new User();

        String username;
        String password;

        System.out.println("Enter Username: ");
        username = input.next();

        System.out.println("Enter Password: ");
        password = input.next();

        u.setUsername(username); //set u.username
        u.setPassword(password); //set u.password

        DatabaseController dc = new DatabaseController();
        dc.login(username, password);

        if(dc.a){
            System.out.print("Logged in with "+ u.getUsername()+ " and " +u.getPassword());
        }
        else{
            System.out.println("mismatch");
        }

    }
}

edit:

Use either the User u that you define in your DatabaseController OR the one in your main-method. I assume that one of them is not necessary.

Also, if you are trying to implement security-relevant features here, I suggest you declare all attributes in your DatabaseController private (especially the boolean) and access it only through a getter function. That way, no other Class can modify it. Also, you may want to consider to make that class final so that no other class can inherit from it and thus change its functionality!

Improve this answer

2 Comments

Hey Christian, thanks for taking time. This solved the question, but the solutions is not sufficient for my further development of the program (Which you couldn't know ;)).
That's fine :-) Thanks for your response any way and good luck with the further development of your software.
0

Think about why you're expecting u.getUsername() to be non-null. First, you're creating a user instance:

User u = new User();

Then assigning some values to some local username and password variables:

String username;
String password;

System.out.println("Enter Username: ");
username = input.next();

System.out.println("Enter Password: ");
password = input.next();

Then you're calling a login method which only accepts that username and password:

DatabaseController dc = new DatabaseController();
dc.login(username, password);

Finally, you're printing out this message:

System.out.print("Logged in with "+ u.getUsername()+ " and " +u.getPassword());

At this point, u is just a newly-instantiated object - you haven't assigned any values to it, or done any work with it - there's no reason for the getUsername and getPassword methods to return anything but null. Perhaps you want your login method to return a User instance instead of returning a bool?

Improve this answer

1 Comment

Hey Matt, thanks for explaining it to me, in a very decent way. Yes, i wanted the method to return a User instance, instead of the boolean. Thanks :)
0

Don't do any assigning to username and password from your Main class. Set them by calling u.setUserName() andu.getUserName(). You are trying to access a new User object, so it returns null.

Improve this answer

Comments

0

You are returning a boolean variable which tells that login process was successful or not. but to get the user details you should return a user from the login process.

// login method return the user when successful login happens otherwise null
public User login(String username, String password){

return u;
}

// get the user return by login process, if u is null then login fail otherwise login pass and show details
u = dc.login(username, password);
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.