1

I am giving input password in normal string 

public JobSeeker validateJobSeeker(String um, String pas) {

    System.out.println("in side jobseek valid dao");
    String hql= "select j from JobSeeker j where j.emailid=:u and j.password = COMPRESS(MD5(:pass))";

    List<JobSeeker> listofjobseeker = (List<JobSeeker>) sf.getCurrentSession()
        .createQuery(hql)
        .setParameter("u", um)
        .setParameter("pass", pas).list();
    return  ( listofjobseeker.size() > 0 ) ? listofjobseeker.get(0)  : null;
}

O/p = List listofjobseeker = null.

This is my table:

 select * from jobseeker;

id | confirmpassword  | emailid  | message | password | phoneno| username | usertype  | address_id |
 +----+----------------------------------+-----------------------+---------+-
    |  1 | 8337da1b34a7b4fec56bc0a418ca6e22 | [email protected] | NULL    | 
 8337da1b34a7b4fec56bc0a418ca6e22 | 123456 | Angad    | jobseeker |          1

I want to validate user for login.I converted user given password into md5 pass format and stored into db at user_registration time.When user come to login with same email_id and password .I am not able to check md5 formatted pass to user pass.

Improve this question
3
  • 1
    Don't use md5 for password hashing. It was hacked 10 years ago and is considered unsafe. If you insist on not changing it, just use a plain password, this offers about the same security Commented Dec 27, 2017 at 14:16
  • i know that ,but it's done with md5.Can u give me solution for this same. Commented Dec 28, 2017 at 5:16
  • Pro-tip: on Stack Overflow, readers appreciate carefully written posts using real English words. Please save the txtspk for Facebook :-). Thanks. Commented Dec 30, 2017 at 2:00

2 Answers 2

Reset to default
1

You can first convert the raw password into a MD5 format before matching it in the database. A method like following should help.

private static String encode(String md5){
       try {
            java.security.MessageDigest md = java.security.MessageDigest.getInstance("MD5");
            byte[] array = md.digest(md5.getBytes());
            StringBuffer sb = new StringBuffer();
            for (int i = 0; i < array.length; ++i) {
              sb.append(Integer.toHexString((array[i] & 0xFF) | 0x100).substring(1,3));
           }
            return sb.toString();
        } catch (java.security.NoSuchAlgorithmException e) {
        }
        return null;

    }

You can change your method as below.

public JobSeeker validateJobSeeker(String um, String pas) {
  String encryptedPass = encode(pas);
  ...
  .setParameter("pass", encryptedPass).list();

}
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks for solution!!, I did this way its working fine , but i want directly check user pass to dbs pass using hql query .Have any idea.
what is a database that you are using?
MySql : Server version: 5.7.19 MySQL Community Server (GPL)
you can try this sql SELECT IF ((SELECT confirmpassword FROM JobSeeker WHERE emailid = :u) = MD5(:pass), 'true', 'false') AS valid in SQLDeveloper. It should work fine.It can then be converted to hql easily
Thanks Man!! Its done working fine , but i use createSQLQuery instead of hql. , it returning string value we have to validate that string.
0

I found solution for my question. I used SQLQUERY instead of SQL because I don't know HQL syntax to match md5 pass to user pass: To validate user using emaild and normal user pass compare with md5 encrypted pass.

Let's checkout below:

String hql =    "SELECT IF ((SELECT password FROM JobSeeker WHERE emailid = :u) = MD5(:pass), 'true', 'false') as r ";

        SQLQuery sql =    (SQLQuery) sf.getCurrentSession()
                                                                 .createSQLQuery(hql)
                                                                   .setParameter("u", um)
                                                                      .setParameter("pass", pas);

         sql.setResultTransformer(Criteria.ALIAS_TO_ENTITY_MAP);
         Object validate = sql.uniqueResult();
         Map map = (Map) validate;
         System.out.println("inside sys.out.print is ========= " + map.get("r"));
         String val = (String) map.get("r");
         System.out.println("val is  = " + val);

         if(val.equals("true"))
         {
             List<JobSeeker> jobSeeker = (List<JobSeeker>) sf.getCurrentSession().createQuery("select j from JobSeeker j where j.emailid =:u ")
                                                          .setParameter("u", um).list();
             return (jobSeeker.size() > 0 ) ? jobSeeker.get(0) : null ;
         }
         else{  System.out.println("Invalid User , plz retry :( ");
             return null;
         }

    }
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.