Adding maximum amount of login attempts

[Clayhead22]

Hi. I have built a login form that works fine currently with the exception of login attempts. The current features are
1) Checks login is in users table.
2) Ensures the user status is not blocked in the table.
3) Sends the user to the correct page based on their authorisation in the user table.
What i need to do now is
1) Allow the user to enter the incorrect password 3 times and on the 4th time it will say "Too many login attempts. Your user access has been blocked."
2) Update their status as blocked in the users table.

My Current code is below. Please can someone help fix this?

Private Sub LoginButton_Click()

Dim Useraccess As String
Dim Userstatus As String

If IsNull(Me.LoginUsernameText) Then
    MsgBox "Please Enter Username", vbInformation, "Username Required"
    Me.LoginUsernameText.SetFocus
ElseIf IsNull(Me.LoginPasswordText) Then
    MsgBox "Please Enter Password", vbInformation, "Password Required"
    Me.LoginPasswordText.SetFocus
    
    Else
    
    Userstatus = DLookup("Status", "Users", "Username = '" & LoginUsernameText & "'")
    
    If Userstatus = "Blocked" Then
    MsgBox "User access has been blocked. Please contact your system administrator."
    
Else
    If (IsNull(DLookup("[Username]", "Users", "[Username] ='" & Me.LoginUsernameText.Value & "' And password = '" & Me.LoginPasswordText.Value & "'"))) Then
    MsgBox "Incorrect Username or Password"
    
    Else
    MsgBox "Password accepted! Welcome to XRAIC CRM"

    Useraccess = DLookup("Authorisation", "Users", "Username = '" & LoginUsernameText & "'")
    
    If Useraccess = "Admin" Then
    DoCmd.OpenForm "Interface"
    Else
    If Useraccess = "User" Then
    DoCmd.OpenForm "InterfaceL1"
    End If
    End If
    End If
    End If
    End If
End Sub

I have tried 6 different codes to try and add this and i cant get any of them to work. Please help me fix it?

 

[Mile-O]

Look into Static variables.

 

[spikepl]

Think hard about whether you really want to spend effort on this and subject the users to it? IS it just to look "professional"? For me as a user many password protection measures are meaningless in my context, and exist only because the fashion of the day said so.

Restricting attempts is a measure against brute force password crackers - how likely is your application to be subjected to that? If it is, and data must be safeguarded, then perhaps Access is not the right application to hold the data.

 

[tamangspace]

Edit your code like this:

Private Sub LoginButton_Click()

 
Dim intLoginAttempt As Integer 'Add this line here
 
'Your Some Code

    MsgBox "Incorrect Username or Password"
 
    intLoginAttempt = IntLoginAttempt + 1 'Count Login Attempts
 
    Else
  
 'Your some other codes
 
    ' Now check if login attempt = 3 then close application or whatever you want to restrict.
  
 If IntLoginAttempt = 3 then ' Change whatever attempts you can allow.
     MsgBox "Your Messeg here"    
     
     'UserStatus = "Blocked"
  
     'Or
  
      'Application.Quit
 
 End IF
 
End Sub

 

[Mile-O]

Edit your code like this:

Private Sub LoginButton_Click()

 
Dim intLoginAttempt As Integer 'Add this line here
 
'Your Some Code

    MsgBox "Incorrect Username or Password"
 
    intLoginAttempt = IntLoginAttempt + 1 'Count Login Attempts
 
    Else
  
 'Your some other codes
 
    ' Now check if login attempt = 3 then close application or whatever you want to restrict.
  
 If IntLoginAttempt = 3 then ' Change whatever attempts you can allow.
     MsgBox "Your Messeg here"    
     
     'UserStatus = "Blocked"
  
     'Or
  
      'Application.Quit
 
 End IF
 
End Sub

Not going to work, as every time the button is clicked, intLoginAttempt will be redimensioned and will be 0.

Replace Dim with Static, though...

 

[gemma-the-husky]

Think hard about whether you really want to spend effort on this and subject the users to it? IS it just to look "professional"? For me as a user many password protection measures are meaningless in my context, and exist only because the fashion of the day said so.

Restricting attempts is a measure against brute force password crackers - how likely is your application to be subjected to that? If it is, and data must be safeguarded, then perhaps Access is not the right application to hold the data.

I agree with this, within a company environment.

once you block users, you then give yourself (or someone else) the irritation of having to unblock them, as well as having the users do nothing while waiting for you to unblock them.

 

[Mile-O]

I should say that I also echo the needlessness of doing this. Just showing the way, regardless.

 

[gemma-the-husky]

of course, if you go the other way, then in a very secure environment, you will also want to force passwords to expire after a period, force them to be strong, store a history of past passwords to prevent re-use, and so on.

have fun!

 

[tamangspace]

Not going to work, as every time the button is clicked, intLoginAttempt will be redimensioned and will be 0.

Replace Dim with Static, though...

Yes! I agreed to Mile-O.

 Static intLoginAttempt as Integer

Or we can declare on top of the codes in Declarations

Option Compare Database
Option Explicit
  
Private intLoginAttempt as Integer

 

[perpmotion]

Ha! Finally a solution to my problem, as well. I was making the code dynamic (not static) and the "attempts" kept resetting to 1 (I put a text box on the form to test). My password lockout is just to keep nosey nellies out of the menus. I changed that one declaration and it works like a champ. Thanks, guys.