String userName=request.getParameter("user").trim();//userName
String password=request.getParameter("password").trim();//password
if(userName==null&& passwword==null)
{response.sendRedirect("login.jsp");}
String check ="select * from user where userName='"+userName+"' and '"+password+"'";Class.forName("driver");
String useDB="";
String passwordDB="";
Connection conn=DriverManager.getConnection(urt, userDB, password );PreparedStatement ps=conn.prepareStatement(check);
ResultSet rs=ps.executeQuery();
while(rs.next())
{response.sendRedirect("index.jsp");}
....
String password=request.getParameter("password").trim();//password
if(userName==null&& passwword==null)
{response.sendRedirect("login.jsp");}
String check ="select * from user where userName='"+userName+"' and '"+password+"'";Class.forName("driver");
String useDB="";
String passwordDB="";
Connection conn=DriverManager.getConnection(urt, userDB, password );PreparedStatement ps=conn.prepareStatement(check);
ResultSet rs=ps.executeQuery();
while(rs.next())
{response.sendRedirect("index.jsp");}
....
<%@ page import="javax.sql.*"%>
<%@ page import="moonsoft.j2ee.oa.*"%>
<script language="javascript">function f1_submit(){
if(document.f1.username.value=="")
{
alert("請輸入用戶名")
document.f1.username.focus()
return false
} else if(document.f1.password.value=="")
{
alert("請輸入密碼")
document.f1.password.focus()
return false
}
}
</script>
<%
//獲得登錄名
request.setCharacterEncoding("big5");
String username1=request.getParameter("username");
String password2=request.getParameter("password");
String username=FilterSpecial.filter(username1);
String password=FilterSpecial.filter(password2);
out.println(username+"<BR>"+password);
PreparedStatement ps=null;
try{
if((username!=null)&(password!=null))
{
//驗證用戶名String sqlname="select * from oa_userinfo where username='"+username+"' and password='"+password+"' and forbid='n'";
ps=conn.prepareStatement(sqlname);
ResultSet rt=ps.executeQuery();
if (rt.next())
{
if (rt.getString("username")!=""){
session.setAttribute("oaname", rt.getString("name"));
session.setAttribute("oausername", rt.getString("username"));
session.setAttribute("oauserdept", rt.getString("user_dep"));
session.setAttribute("oauserlevel", rt.getString("user_level"));
session.setAttribute("oa_allow_see_all_workrep", rt.getString("allow_see_all_workrep"));
session.setAttribute("oa_allow_see_dep_workrep", rt.getString("allow_see_dep_workrep"));
session.setAttribute("oa_allow_control_dep_user", rt.getString("allow_control_dep_user"));
session.setAttribute("oa_allow_control_all_user", rt.getString("allow_control_all_user"));
session.setAttribute("oa_allow_send_note", rt.getString("allow_send_note"));
session.setAttribute("oa_allow_control_note", rt.getString("allow_control_note"));
session.setAttribute("oa_allow_control_file", rt.getString("allow_control_file"));
session.setAttribute("oa_allow_control_level", rt.getString("allow_control_level"));
//如果有此用戶就登入系統
response.sendRedirect("index.jsp");
}
}
}
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=big5">
<title>登錄系統</title>
<style type="text/css">
<!--
.style1 {color: #FF9933}
-->
</style></head><body><div align="left">
<table width="100%" height="100%" border="0" align="left" cellpadding="0" cellspacing="0">
<tr>
<td height="60" colspan="2"><img src="IMAGE/oa_login_header.jpg" width="800" height="60"></td>
</tr>
<tr>
<td width="418" height="540" rowspan="2" bgcolor="#FFFFFF"><p align="center" class="style1">歡迎使用OA系統:</p>
<p align="center" class="style1">請輸入用戶名,密碼進行登錄</p>
<ul class="style1">
<li>
<div align="justify">測試賬號:Aaron</div>
</li>
<li>
<div align="justify">密碼:test</div>
</li>
</ul>
<p> </p></td>
<td width="383" background="IMAGE/oa_login_body.jpg"><div align="center"></div>
<div align="left">
<form method="post" action="login.jsp" name="f1" LANGUAGE="javascript" onsubmit="return f1_submit()">
<p align="center" class="style1">用戶名:<input type="text" name="username"></p>
<p align="center"><span class="style1">密 碼:</span> <input type="password" name="password"></p>
<p align="center">
<input name="submit" type="submit" id="submit" value="登錄">
<b></p>
</form>
</div></td>
</tr>
</table>
</div>
</body><%
}catch(SQLException se1)
{se1.printStackTrace();}finally{conn.close(); }
%>
<p align="center">Copyright ©moonsoft 2003-2005</p>
</html>