- // TODO dummy password check if (un.equals(pw)) {
- HttpSession hs = req.getSession();
- hs.setAttribute("loggedin", true);
+ try {
+ PreparedStatement ps = DatabaseConnection.getInstance().prepare(
+ "SELECT `password`, `id` FROM `users` WHERE `email`=?");
+ ps.setString(1, un);
+ ResultSet rs = ps.executeQuery();
+ if (rs.next()) {
+ if (PasswordHash.verifyHash(pw, rs.getString(1))) {
+ HttpSession hs = req.getSession();
+ hs.setAttribute(LOGGEDIN, true);
+ hs.setAttribute(USER, new User(rs.getInt(2)));
+ }
+ }
+ rs.close();
+ } catch (SQLException e) {
+ e.printStackTrace();
+ }