<%-- processLogin.jsp Alan Pinder - April 10th 2005 Reads saved login information and either processes it, or sets up the error variable and shows the form output page Note: This page, as with all other processX pages, does NOT produce any output Classes Used: FormValidation, db, dbUser Attributes Get: loginForwardTo - Page to be forwarded to Attributes Set: isActive - Whether user is logged in/not userName - String user name userObject - Reference to dbUser current user formObject - Holds set of validation errors Parameters Get: userName - password - Parameters Set: None --%> <%-- Standard page declarations --%> <%@ page import="apz.db.*" %> <%@ page session="true" %> <%@ page errorPage="error.jsp" %> <% String forwardTo = null; // Create our validation object // Note we don't have to use the cr*ppy useBean syntax anymore FormValidation formValidation = new FormValidation("Login Failed", "login.jsp", "Please check your username and/or password, then click here"); // See what page (if any) the user wants to be forward to // If they don't specify any, send them to the welcome page if (session.getAttribute("loginForwardTo") == null) forwardTo = "welcome.jsp"; if (session.getAttribute("loginForwardTo") != null) forwardTo = (String)(session.getAttribute("loginForwardTo")); // Parameter validation yawn // Check non-null, throw exception if they are // They SHOULD only be null if user called page directly tsk tsk! String userName = request.getParameter("userName"); String password = request.getParameter("password"); if (userName == null) throw new DbNullPointerException("userName"); if (password == null) throw new DbNullPointerException("password"); // Now do further checking // DON'T throw exceptions as we want to handle the error gr*cefully // Tests we do: // Check username and password are not zero-length // Check user with that username exists // Check password matches // Witness our amazing form validation class at work! if (userName.length() == 0) formValidation.addErrorMessage("userName", "Please enter your username"); if (password.length() == 0) formValidation.addErrorMessage("password", "Please enter your password"); if (formValidation.validatedSuccess("userName") && formValidation.validatedSuccess("password")) { // Check the user exists if (DB.doesUserExist(userName) == false) { formValidation.addErrorMessage("userObject", "No user with that name was found"); } else { // If we get tbis far, get a reference to the user DbUser currentUser = DB.getUser(userName); // Check password... if (!currentUser.checkPassword(password)) { formValidation.addErrorMessage("userPassword", "Incorrect password!"); } else { // Success! // Log this user in session.setAttribute("isActive", "True"); session.setAttribute("userName", userName); session.setAttribute("userObject", currentUser); session.setAttribute("basket", new Basket()); // Remove session attributes we don't need anymore if (session.getAttribute("loginMessage") != null) session.removeAttribute("loginMessage"); if (session.getAttribute("loginForwardTo") != null) session.removeAttribute("loginForwardTo"); } } } // We don't need the username / password values anymore, so clear them from // memory. See notes for why we need to do this. (passing password in URL string from pagecontext forward) // sees welcome page as http://127.0.0.1:8080/processLogin.jsp?userName=alanp&password=April if (formValidation.validatedSuccess()) response.sendRedirect(forwardTo); else { // If we arrive here it's because validation failed // We need to set the validation object up and forward to the formOutput page session.setAttribute("formObject", formValidation); response.sendRedirect("formOutput.jsp"); } %> <%-- No HTML code for 'processXXX' pages! --%> <%-- We should never arrive here --%>