Verifying and Changing PasswordsIf an application requires a user to have a password to access information, it will have to verify that the password is correct and also allow the user to change the password. Assuming that passwords are kept in a database table called PasswordTable, the code for verifying and changing passwords is straightforward.To verify a password, the application must have a login page. The following is a page with a login form. Note that the type of the second input statement is password, not text.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head> <title>Logon Page</title> </head><body><h4>Enter your username and password.</h4><form method = "post" action = = "../store/verifyPassword"><br /><input name="username" type="text" value="" size="10" /> Username<br /><input name="password" type="password" value="" size="10" /> Password<p><input type="submit" value="Logon"></p></form></body> </html>A servlet that verifies that this username and password is in the database follows./* VerifyPasswordServlet checks a username and password to see if it is in the database.*/package customers;import java.sql.*;import java.io.*;import javax.servlet.*;import javax.servlet.http.*;/* VerifyPasswordServlet gets the username and password from the request. It then checks to see if the password is correct. If so, it displays the data about the customer. If not, it responds with an error message. */public class VerifyPasswordServlet extends HttpServlet{public void doPost (HttpServletRequest request, HttpServletResponse response) {try{PrintWriter out = response.getWriter ();// Get a jdbc-odbc bridge and connect to addresses.mdb.Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");Connection con = DriverManager.getConnection ("jdbc:odbc:store");Page.createHeader (out, "Customer Password");String username = request.getParameter ("username");String password = request.getParameter ("password");String id = checkPassword (out, con, username, password);if (id != null)out.println ("<h4>Password verified</h4><p>");elseout.println ("<h4>Password error. Click on the Back button and re-enter.</h4>");Page.createFooter (out);con.close ();} catch (ClassNotFoundException e){System.out.println ("Class Not Found exception.");} catch (SQLException e){System.out.println ("SQL Exception");} catch (IOException e) {System.out.println ("IO Exception");}} // doPost/* checkPassword checks the database to see if the username and password match the data in the password table. */private String checkPassword (PrintWriter out, Connection con, String username, String password){try{Statement stmt = con.createStatement ();String query = "Select * From PasswordTable Where Username = '" + username + "'";ResultSet rs = stmt.executeQuery (query);if (rs.next () && rs.getString ("Password").equals (password)) return rs.getString ("ID");} catch (SQLException es) {System.out.println ("SQL Password Exception");}return null;} // checkPassword} // class VerifyPasswordServletUsers should also have the option of changing their passwords. This requires a form that contains boxes for both the old and the new passwords.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"><html><head> <title>Change Password Page</title> </head><body><h4>Enter your username and password.</h4><form method = "get" action = "../store/changePassword"><br /><input name="username" type="text" value="" size="10" /> Username<br /><input name="oldpassword" type="password" value="" size="10" /> Old Password<br /><input name="newpassword" type="password" value="" size="10" /> New Password<p><input type="submit" value="Change Password"></p></form></body></html>Again the servlet has to go into the password table and find the user. But this time it not only has to check that the old password is in the table, but it must also update the table with the new password.// ChangePasswordServlet is used to change a password in the password table.package customers;import java.sql.*;import java.io.*;import javax.servlet.*;import javax.servlet.http.*;/* ChangePasswordServlet allows a user to change his/her password so long as the customer is in the database. */public class ChangePasswordServlet extends HttpServlet{public void doPost (HttpServletRequest request, HttpServletResponse response) {try{PrintWriter out = response.getWriter ();// Get a jdbc-odbc bridge and connect to addresses.mdb.Class.forName ("sun.jdbc.odbc.JdbcOdbcDriver");Connection con = DriverManager.getConnection ("jdbc:odbc:store");Page.createHeader (out, "Change Password");changePassword (out, con, request);Page.createFooter (out);con.close ();} catch (ClassNotFoundException e){System.out.println ("Class Not Found exception.\n");} catch (SQLException e){System.out.println ("SQL Exception\n");} catch (IOException e) {System.out.println ("IO Exception");}} // doPost// changePassword locates a username in the database and changes the password.public void changePassword (PrintWriter out, Connection con, HttpServletRequest request){String username = request.getParameter ("username");String oldpassword = request.getParameter ("oldpassword");String newpassword = request.getParameter ("newpassword");try{Statement stmt = con.createStatement ();String query = "Select * From PasswordTable Where Username = '" + username + "'";ResultSet rs = stmt.executeQuery (query);if (rs.next ()){String id = rs.getString ("ID");if (!oldpassword.equals (rs.getString ("Password")))out.println ("<h4>The old password is incorrect.</h4>");else{stmt = con.createStatement ();query = "Update PasswordTable Set Password = '" + newpassword + "' Where ID = '" + id + "'";int success = stmt.executeUpdate (query);if (success == 0) out.println ("Update error.");else out.println ("<h4>Password Changed.</h4>");stmt.close ();}}else out.println ("The username is not in the table.");} catch (SQLException es) {System.out.println ("SQL Exception");}} // changePassword} // class