MD5 Hash added for admin passwords

arc12012 · Apr 14, 2017 · ffe983b · ffe983b
1 parent 1d19e52
commit ffe983b
Showing 1 changed file with 20 additions and 2 deletions.
diff --git a/WebContent/adminLogin.jsp b/WebContent/adminLogin.jsp
@@ -2,21 +2,39 @@
 <%@ page language="java" contentType="text/html; charset=ISO-8859-1"
     pageEncoding="ISO-8859-1"%>
 <%@ page import = "java.sql.*" %>
+<%@ page import = "java.security.MessageDigest" %>
+<%@ page import = "java.security.NoSuchAlgorithmException" %>
 <%
 int ssoNum;
 String pass;
 Cookie adminCookie;
+
 ssoNum = Integer.parseInt(request.getParameter("ssoNum2"));
 pass = request.getParameter("pass");
+String generatedPass = null;
+
+try {
+	MessageDigest md = MessageDigest.getInstance("MD5");
+	md.update(pass.getBytes());
+	byte[] bytes = md.digest();
+	StringBuilder sb = new StringBuilder();
+	for(int i = 0; i<bytes.length; i++)
+		sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
+	
+	generatedPass = sb.toString();
+}
+catch (NoSuchAlgorithmException e){
+	
+}
+
 String database = "jdbc:mysql://us-cdbr-iron-east-04.cleardb.net/ad_15a989204c2ff8a?user=b372dfe7409692&password=74f6e317";
 String user = "b372dfe7409692";
 String password = "74f6e317";
-System.getenv("VCAP_SERVICES");
 Class.forName("com.mysql.jdbc.Driver");
 Connection connection = DriverManager.getConnection(database, user, password);
 Statement stmt = connection.createStatement();
 ResultSet result;
-result = stmt.executeQuery("select * FROM admin where Admin_ID='" + ssoNum + "' AND Password='" + pass + "'");
+result = stmt.executeQuery("select * FROM admin where Admin_ID='" + ssoNum + "' AND Password='" + generatedPass + "'");
 
 if (result.next()){
 	request.getSession();