validating JTextField data from result set

I am trying to setup a login system where when a user enters his username and password and presses the login button, his username and password are sent in an SQL statements to be matched with a User in the database. if the username and password are correct(if they are matched in the database) a User object is created with all of the users data from the database and the user is brought to the Admin Dashboard

After doing a lot of research on Result sets etc and going through a lot of code, I still can not make it work in my system. Can anyone show me a good way to do this? Or tell me if there is something obvious wrong with this code?

At the moment when I enter in a username and password and press login I get an error in the console:

java.sql.SQLException: Invalid column index
    at oracle.jdbc.driver.OraclePreparedStatement.setStringInternal(OraclePreparedStatement.java:5321)
    at oracle.jdbc.driver.OraclePreparedStatement.setString(OraclePreparedStatement.java:5309)
    at oracle.jdbc.driver.OraclePreparedStatementWrapper.setString(OraclePreparedStatementWrapper.java:280)
    at database.UserOperations.validateLog(UserOperations.java:45)
    at gui.Login$2.mouseClicked(Login.java:77)

some of the gui code

    JButton btnLogin = new JButton("Login");
    btnLogin.addMouseListener(new MouseAdapter() {
        public void mouseClicked(MouseEvent e) {

            UserOperations userOperations = new UserOperations();

            ResultSet rset = userOperations.validateLog(textFieldUsername.getText(), textFieldPassword.getText());
            User user = null;
            try {
                if (rset.next()) {
                    user = new User(rset.getInt("userID"), rset.getString("userName"), rset.getString("userPassword"), rset.getString("securityQuestion"), rset.getString("securityAnswer"),
                        rset.getInt("adminRights"), rset.getString("email"), rset.getString("fName"), rset.getString("phoneNumber"), rset.getString("department"));

                    dispose();
                    AdminDashboard admin = new AdminDashboard();
                    admin.setVisible(true);

                }
                else{

                    JOptionPane.showMessageDialog(null, "Login fail!", "Error", JOptionPane.WARNING_MESSAGE);
                }
            } catch (SQLException e2) {
                e2.printStackTrace();
            }

        }
    });

validateLogin() method

   public ResultSet validateLog(String username, String userpassword)
{
    try {
        String sql = "SELECT userid, username, userpassword, securityquestion, securityanswer, adminrights, email, fname, phonenumber, department FROM systeuser WHERE username = ? AND userpassword = ?";

        stmt = conn.prepareStatement(sql);
        stmt.setString (2, username);
        stmt.setString (3, userpassword);
        rset = stmt.executeQuery ( );

    }
    catch(Exception e){
        e.printStackTrace ( );
        JOptionPane.showMessageDialog (null, "Login Failed", null, JOptionPane.WARNING_MESSAGE);
    }
    return rset;

}

Solution

Try lowercase:

user = new User(rset.getInt("userid"), rset.getString("username"), 
    rset.getString("userpassword"), rset.getString("securityquestion"), 
    rset.getString("securityanswer"), rset.getInt("adminrights"), 
    rset.getString("email"), rset.getString("fname"),
    rset.getString("phonenumber"), rset.getString("department"));

Instead of mixed case:

user = new User(rset.getInt("userID"), rset.getString("userName"), 
    rset.getString("userPassword"), rset.getString("securityQuestion"), 
    rset.getString("securityAnswer"), rset.getInt("adminRights"), 
    rset.getString("email"), rset.getString("fName"),
    rset.getString("phoneNumber"), rset.getString("department"));

Also, change this:

stmt = conn.prepareStatement(sql);
stmt.setString (2, username);
stmt.setString (3, userpassword);

To this:

stmt = conn.prepareStatement(sql);
stmt.setString (1, username);
stmt.setString (2, userpassword);