public void login() { Candidate candidate = getCandidateService().findCandidateByEmailService(email); if (null != candidate) { // is this account created with username and password? if (matchOAuthLoginMethod(candidate, "SIMPLE")) { // does password match? // password is md5+random nonce hashed, this is more secure because of sql injection attact if (null != candidate.getPassword() && candidate.getPassword().equals(UserProfile.MD5(password))) { getJobSearchController().setIsUserLoggedIn(true); getJobSearchController().setLoggedInUser(candidate); // redirect to hidden page try { if (null != redirect) { String copyRedirect = redirect; setRedirect(null); FacesContext.getCurrentInstance().getExternalContext().redirect(copyRedirect); } else { FacesContext.getCurrentInstance().getExternalContext().redirect("index.xhtml"); } } catch (IOException e) { e.printStackTrace(); } } else { // display user not found message LabelController lblController = new LabelController(); FacesContext.getCurrentInstance() .addMessage("atsForm", new FacesMessage(lblController.getUserNamePasswordNotMatch())); } } } }