1

I am trying to make login where the entered Password and Username is compared with my Database and if they both match you can login. I just started working with MySQL and BCrypt. Here is my code so far:

@FXML
    void anmeldenButton(ActionEvent event) throws NamingException, ClassNotFoundException {
        String myUrl = "jdbc:mysql://localhost:3306/pwmanager?verifyServerCertificate=false&useSSL=true";
        Connection conn = null;
        username = tfuser1.getText().toString();
        try {
            conn = DriverManager.getConnection(myUrl, "", "");
            query = "SELECT benutzername, passwort FROM nutzer WHERE (benutzername = ? and passwort = ?)";
            PreparedStatement ps = conn.prepareStatement(query);
            ps.setString(1, username);
            ps.setString(2, password);
            ResultSet rs = ps.executeQuery();

            while (rs.isBeforeFirst()) {
                checkUser = rs.getString(1);
                checkPass = rs.getString(3);

                if (BCrypt.checkpw(pf1.getText(), checkPass) && (checkUser.equals(username))) {
                    System.out.println("yay");
                } else {
                    System.out.println("ney");
                }
            }

            conn.close();
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }

Thanks for your help!

Ludwig Bckrt
  • 41
  • 2
  • Missing the question ... ? – Erick Maia Mar 14 '17 at 20:06
  • ahh s*** sorry! I am not getting a result! The if statement is never true or false – Ludwig Bckrt Mar 14 '17 at 20:08
  • You have an if there with two conditions. Did it occur to you to use a debugger and/or additional print statements to hmm maybe get all the details to understand why that if goes for its else branch? – GhostCat Mar 14 '17 at 20:13
  • And beyond that: you are mixing up different layers;your ui code should never directly talk to the database. You put abstractions between those layers to not end up with one class doing everything within a few monster methods. – GhostCat Mar 14 '17 at 20:16

1 Answers1

1

Your code doesn't make much sense.

The entered password can't possibly be equal to the stored password, since the stored password is hashed, and the entered password is not. So you can't use

and passwort = ?

Second, your query selects only two values, but you then use

checkPass = rs.getString(3)

You need to get the stored hashed password from the database thanks to the user name only, and then use Bcrypt to verify that the entered password and the stored hashed password match.

Also, 

while (rs.isBeforeFirst())

doesn't make much sense either, and the query is supposed to return 0 or one row. So just use

if (rs.next())
JB Nizet
  • 678,734
  • 91
  • 1,224
  • 1,255