记录

javaweb-登录验证功能

  • 2022-05-02
  • 作者 我爱小小蝶
  • ~3.95K 字

学习记录

MySQL数据库表里,我将管理员跟用户都放一张表里,通过表里的status字段进行权限验证,为1是管理员,0为用户(int)。

1
2
String sql = "select password from user where username=? and status=1;";
String sql = "select password from user where username=? and status=0;";

登录处理LoginController.jsp:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
<%@ page import="java.sql.Connection" %>
<%@ page import="com.lan.utils.JDBCUtil" %>
<%@ page import="java.sql.PreparedStatement" %>
<%@ page import="java.sql.ResultSet" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>登录处理</title>
</head>
<body>
<%
    request.setCharacterEncoding("utf-8");
    String userName = request.getParameter("username");
    String password = request.getParameter("password");
    String status = request.getParameter("status");
    Connection conn = JDBCUtil.getConnection();
    String pwd = null;
    PreparedStatement pstm = null;

	// 不同登录权限执行不同的sql,变的只是status权限字段
    if ("管理员".equals(status)) {
        String sql = "select password from user where username=? and status=1;";
        pstm = conn.prepareStatement(sql);  //预编译sql语句
        pstm.setString(1, userName);
    } else if ("用户".equals(status)){
        String sql = "select password from user where username=? and status=0;";
        pstm = conn.prepareStatement(sql);
        pstm.setString(1, userName);
    } 

    ResultSet resultSet =  pstm.executeQuery(); 	// 获取查询的结果集
    while (resultSet.next()) {
        pwd = resultSet.getString("password");  // 获取查询到的密码
    }
    JDBCUtil.close(resultSet, pstm, conn);	// 释放资源


    // 判断数据库返回的密码是否跟用户输入的一致
    if (pwd.equals(password)) {
        System.out.println("登录成功!");
        session.setAttribute("username", userName);
        session.setAttribute("isLogin", "1"); // 1为已登录, 0为还未登录

        // 跳转相应页面
        if ("管理员".equals(status)) {
            response.sendRedirect(request.getContextPath()+"/manager.html");
        } else if ("用户".equals(status)) {
            response.sendRedirect(request.getContextPath()+"/zhuye_1.html");
        }

    } else {
        System.out.println("登录失败!");
        response.setCharacterEncoding("utf-8");
        session.setAttribute("isLogin", "0"); // 1为已登录, 0为还未登录
        request.setAttribute("msg", "登录失败!请检查账号密码是否正确!");
        request.getRequestDispatcher("/index.jsp").forward(request, response); //跳转登录页面
//        response.sendRedirect(request.getContextPath()+"/index.html");
    }
%>
</body>
</html>

下拉列表(后台获取name里的参数):

1
2
3
4
5
6
7
<p>
   <label for="sel" class="" >权限:</label>
   <select name="status" id="sel">
       <option>用户</option>
       <option>管理员</option>
   </select>
</p>

获取下拉列表的name参数

1
String status = request.getParameter("status");

控制层可以根据下拉列表进行登录验证(选择登录后台或者前台)

1
2
3
4
5
6
7
8
9
10
11
12
if ("管理员".equals(status)) {
       String sql = "select password from user where username=? and status=1;";
       pstm = conn.prepareStatement(sql);
       pstm.setString(1, userName);
   } else if ("用户".equals(status)){
       String sql = "select password from user where username=? and status=0;";
       pstm = conn.prepareStatement(sql);
       pstm.setString(1, userName);
   } else {
       request.setAttribute("msg", "账号或密码出错!请重新输入!");
       request.getRequestDispatcher("/index.jsp").forward(request, response);
   }
最后编辑:2022-05-05