0

This is my database creation using jackcess:

try{
                        if(!f.exists()){

                            Database db=DatabaseBuilder.create(Database.FileFormat.V2000,new File(file));
                            Table table=new TableBuilder("Membership Details")
                            .addColumn(new ColumnBuilder("Username",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Full Name",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Email Address",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Password",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Phone number",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Credit/Debit Card No",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Expiry Month",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Expiry Year",DataType.TEXT))
                            .addColumn(new ColumnBuilder("Country of origin",DataType.TEXT))

                            .toTable(db);
                            if(!pw.equals(c_pw)){
                                JOptionPane.showMessageDialog(null, "Password does not match","Password incorrect",JOptionPane.ERROR_MESSAGE);
                            }
                            else{
                            table.addRow(u,n,e,pw,p,c,ex_m,ex_y,city);
                            x++;
                            }
                        }
                        else{
                            Database db=DatabaseBuilder.open(f);
                            Table table=db.getTable("Membership Details");
                            if(!pw.equals(c_pw)){
                                JOptionPane.showMessageDialog(null, "Password does not match","Password incorrect",JOptionPane.ERROR_MESSAGE);
                            }
                            else{
                            table.addRow(u,n,e,pw,p,c,ex_m,ex_y,city);
                            x++;
                            }
                        }


                        if(x>0){
                            JOptionPane.showMessageDialog(null, "Sign up complete","Complete",JOptionPane.INFORMATION_MESSAGE);
                            new MainMenu().start(frame);
                            frame.setMaximized(false);
                            frame.setMaximized(true);


                        }
                    }catch(Exception error){
                        error.printStackTrace();

This is where the username and password checking occurs:

try {
                Table table=DatabaseBuilder.open(file).getTable("Membership Details");

                Row u=CursorBuilder.findRow(table, Collections.singletonMap("Username", user));
                Row p=CursorBuilder.findRow(table, Collections.singletonMap("Password", pw));
                if((file.exists())&&(!file.isDirectory())){
                    if((u!=null)&&(p!=null)){
                        Cursor cursor=CursorBuilder.createCursor(table);
                        boolean found=cursor.findFirstRow(Collections.singletonMap("Username", user));
                        if(found==true)
                            welcome.setText("Welcome "+cursor.getCurrentRowValue(table.getColumn("Full Name"))+" to Xtreme Airlines");
                            FlowPane flow=new FlowPane();
                            flow.getChildren().add(welcome);
                            flow.setAlignment(Pos.TOP_RIGHT);
                            panel.setTop(flow);
                            panel.setRight(logout);
                            status=true;
                    }

                    else
                        JOptionPane.showMessageDialog(null, "Wrong username or password","Incorrect",JOptionPane.ERROR_MESSAGE);
                }
            } catch (IOException e) {
                e.printStackTrace();

Everything works just fine except every username can access every password For example:

Username: Haley123 Password:123 Username: Michael321 Password 123456

In my case, Haley123 could access Michael321's password by using this method. How do I ensure this situation won't happen?

MrBlock2274
  • 19
  • 7
  • 2
    You should be searching for all the rows where the username AND password match your requirements, not searching for each individually – MadProgrammer May 03 '17 at 03:59
  • What should I change then so that other user can only access it's own password given that only two users registered in database as shown in the question's situation? – MrBlock2274 May 03 '17 at 11:29
  • 1
    Look up the row by `Username` only. Then, assuming you find such a row, check the value in the `Password` column of that row to see if it is the value you expect. – Gord Thompson May 03 '17 at 12:02

0 Answers0