-3
PreparedStatement ps=Database.con.prepareStatement("select * from account where accountno='"+accno+"' and password= '" +pass+ "'");
ResultSet rs=ps.executeQuery();
PreparedStatement ps1=Database.con.prepareStatement("select * from apass where accountno='"+accno+"' and OTP= '" +pass+ "'");
ResultSet rs1=ps1.executeQuery();
PreparedStatement ps2=Database.con.prepareStatement("select * from account where accountno='"+accno+"'");
ResultSet rs2=ps2.executeQuery();
if(rs.next())
{
session.setMaxInactiveInterval(300);
session.setAttribute("name",rs.getString("full_name"));
session.setAttribute("mbno",rs.getString("mobileno"));
session.setAttribute("pass",rs.getString("password"));
session.setAttribute("accno",rs.getString("accountno"));
response.sendRedirect("PBank.jsp");
}
if(rs2.next())
{
String pas=rs2.getString(6);
if(pas==null)
{
response.sendRedirect("login.jsp?messageInactive=You have deactivated your account, kindly activate your account to login!!");
}
}
if(rs1.next())
{
session.setAttribute("accno",rs1.getString("accountno"));
session.setAttribute("pass",rs1.getString("OTP"));
response.sendRedirect("reset.jsp");
}
if(pass.equals(passs) && accno.equals(acc))
{
session.setAttribute("passs",passs);
session.setAttribute("acc",acc);
response.sendRedirect("admin.jsp");
}
else
{
response.sendRedirect("login.jsp?message=Incorrect Account Number or Password!!!");
}