Amirul Afiq
Hello, I'm developing a system that requires user to login to enter the system. so I wanted to store encrypted users' password in the database so that I wouldnt know their password. Is there anyway that you could teach me how to encrypt the password and store it in database? and then call back the encrypted password to let the user login??
May 7, 2012 at 12:49 PM
The given allow the user to enter username, password along with other fields in order to submit the details into database. The password is first encrypted and then stored into database. If you want to get this password in decrypted form then you can use the decrypt function, created in the jsp.
1)form.jsp:
<html> <body> <form name="userform" method="post" action="encrypt.jsp"> <table> <tr><td>User Name</td><td><input type="text" name="name"></td></tr> <tr><td>Password</td><td><input type="password" name="pass"></td></tr> <tr><td>Address</td><td><input type="text" name="address"></td></tr> <tr><td>Contact No</td><td><input type="text" name="phone"></td></tr> <tr><td><input type="submit" value="Search"></td></tr> </table> </form> </body> </html>
2)encrypt.jsp:
<%@page import="java.sql.*"%>
<%@page import=" java.security.*"%>
<%@page import="javax.crypto.*"%>
<%!
private static String algorithm = "DESede";
private static Key key = null;
private static Cipher cipher = null;
private static byte[] encrypt(String input)throws Exception {
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] inputBytes = input.getBytes();
return cipher.doFinal(inputBytes);
}
%>
<%!
private static String decrypt(byte[] encryptionBytes)throws Exception {
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] recoveredBytes = cipher.doFinal(encryptionBytes);
String recovered = new String(recoveredBytes);
return recovered;
}
%>
<%
String name=request.getParameter("name");
String password=request.getParameter("pass");
String address=request.getParameter("address");
String phone=request.getParameter("phone");
int ph=Integer.parseInt(phone);
StringBuffer buffer=new StringBuffer();
key = KeyGenerator.getInstance(algorithm).generateKey();
cipher = Cipher.getInstance(algorithm);
String input = password;
System.out.println("Entered: " + input);
byte[] encryptionBytes = encrypt(input);
String passw=new String(encryptionBytes);
String connectionURL = "jdbc:mysql://localhost:3306/test";
Connection con=null;
try{
Class.forName("com.mysql.jdbc.Driver");
con = DriverManager.getConnection(connectionURL, "root", "root");
PreparedStatement ps = con.prepareStatement("INSERT INTO user(name,password,address,telno) VALUES(?,?,?,?)");
ps.setString(1,name);
ps.setString(2,passw);
ps.setString(3,address);
ps.setInt(4,ph);
int i = ps.executeUpdate();
ps.close();
}
catch(Exception ex){
System.out.println(ex);
}
try{
Statement st=con.createStatement();
ResultSet rs=st.executeQuery("Select * from user where id='1'");
String str="";
if(rs.next()){
str=rs.getString("password");
}
out.println("Your password is: "+decrypt(str.getBytes()));
System.out.println("Your password is: "+decrypt(str.getBytes()));
}
catch(Exception e){}
%>
For the above code, we have create a database table:
CREATE TABLE `user` (
`id` bigint(255) NOT NULL auto_increment,
`name` varchar(255) default NULL,
`password` varchar(255) default NULL,
`address` varchar(255) default NULL,
`telno` int(255) default NULL,
PRIMARY KEY (`id`)
);
If you are facing any programming issue, such as compilation errors or not able to find the code you are looking for.
Ask your questions, our development team will try to give answers to your questions.
