Forgot password link

Question

0.00/5 (No votes)

See more:

Hi, im trying to code forgot password link, below is the code that i have done but the problem is it still send me to Error page instead of the Pasword page even if the email entered is correct....please assist im new to java

What I have tried:

protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        String email = request.getParameter("email");
        
        PrintWriter out = response.getWriter();
        boolean isEmailValid=false;
        try {
            Class.forName("com.mysql.jdbc.Driver");
            Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/users", "root", "root");
            PreparedStatement pst = conn.prepareStatement("Select user_email from users where user_email=? ");
            pst.setString(1, email);
          
            ResultSet rs = pst.executeQuery();
            HttpSession session = request.getSession(false);
           
            if (rs.next()) {
                if (rs.getString("user_email").equals(email)) {
                    isEmailValid=true;
                                     }
                            }if(isEmailValid){
                session.setAttribute("Email", email);
                response.sendRedirect("Password.jsp");
            
            }else 
              response.sendRedirect("ErrorPage.jsp");

            

        } catch (ClassNotFoundException | SQLException e) {
            Logger.getLogger(Login.class.getName()).log(Level.SEVERE, null, e);
        }

    }

Posted 16-Feb-17 2:36am

Member 13005318

Add a Solution

Comments

[no name] 16-Feb-17 9:33am

Should be easy enough to debug. Looks like your query is not returning any results.

Richard Deeming 16-Feb-17 11:38am

That looks like a very insecure implementation. You're allowing anyone to reset the password by simply guessing the email address of a registered user!

Have a look at Troy Hunt's excellent blog post[^], which covers a lot of the things you need to consider when building a secure password reset facility.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)