Solved Help with create new record and password (1 Viewer)

[darrenislearning]

Hi, I need some help for my Access form

1) create new user, the password dosent seems tally with the one that i enter
2) how to use sha256 when creating new user
2) if i import a list of password with sha256 value, how do i make the login works

Or is there any other ways to encrypt the password other than set the input value as password?

 

[plog]

1. This is your INSERT command:

  DoCmd.RunSQL "INSERT INTO tbluser (username, password) values (""" & Me.Username.Value & """, """ & Me.Password.Value & """)"

Your password isn't what you expect--so track it back--is Me.Password.Value the input you are typing the desired password into?

2. You need a function to implement the SHA256 hash in VBA. You could read the specs and write the code yourself, but its 2021 and the world is full of coders--start googling.

3. First some vocabulary. 'A Hash' is the output of an encryption method. Let's say you find that code and have a function that converts a password to SHA256. The function 'hashes' the password. You pass it the password string it returns a hash of that password:

Dim str_HashedPassword
str_HashedPassword=SHA256('YourPasswordHere')

So 'c829166dfbbe85995d419b81aaf7af77b390cd4f1a4d23909a2f30554ac7c39e' is now in str_HashPassword. 'YourPasswordHere' should not be in your database, that long string of gibbersh should be stored instead. What you have is wrong--you should be storing the hash and not the actual password.

Now, when you want to compare passwords to verify users--you hash their input and compare it to what's stored. You would change your login strSQL form code to this:

Private Sub login_Click()

..

strSQL = "Select username FROM tbluser WHERE Username = """ & Me.Username.Value & """ AND Password = """ & SHA256(Me.Password.Value) & """"

...

This way, no one can ever break into the database and grab actual passwords--they are never stored--just the hashes are and they don't know what to input into the SHA256() to generate those values.

 

[arnelgp]

sha256/512 is one way Hashing, means
you can generate the encryption but cannot reverse it.
why not use simple encryption/decrpt.

note i also include rc4 encryption.
see string - VB6 encrypt text using password - Stack Overflow

 

[darrenislearning]

1. This is your INSERT command:

  DoCmd.RunSQL "INSERT INTO tbluser (username, password) values (""" & Me.Username.Value & """, """ & Me.Password.Value & """)"

Your password isn't what you expect--so track it back--is Me.Password.Value the input you are typing the desired password into?

2. You need a function to implement the SHA256 hash in VBA. You could read the specs and write the code yourself, but its 2021 and the world is full of coders--start googling.

3. First some vocabulary. 'A Hash' is the output of an encryption method. Let's say you find that code and have a function that converts a password to SHA256. The function 'hashes' the password. You pass it the password string it returns a hash of that password:

Dim str_HashedPassword
str_HashedPassword=SHA256('YourPasswordHere')

So 'c829166dfbbe85995d419b81aaf7af77b390cd4f1a4d23909a2f30554ac7c39e' is now in str_HashPassword. 'YourPasswordHere' should not be in your database, that long string of gibbersh should be stored instead. What you have is wrong--you should be storing the hash and not the actual password.

Now, when you want to compare passwords to verify users--you hash their input and compare it to what's stored. You would change your login strSQL form code to this:

Private Sub login_Click()

..

strSQL = "Select username FROM tbluser WHERE Username = """ & Me.Username.Value & """ AND Password = """ & SHA256(Me.Password.Value) & """"

...

This way, no one can ever break into the database and grab actual passwords--they are never stored--just the hashes are and they don't know what to input into the SHA256() to generate those values.

Thanks, I realised i mistype my sql. Will try to google for the hash function

 

[darrenislearning]

sha256/512 is one way Hashing, means
you can generate the encryption but cannot reverse it.
why not use simple encryption/decrpt.

note i also include rc4 encryption.
see string - VB6 encrypt text using password - Stack Overflow

Thanks. Looks like a lot of function need to be use. Will explore on it. Appreciate it

 

[darrenislearning]

sha256/512 is one way Hashing, means
you can generate the encryption but cannot reverse it.
why not use simple encryption/decrpt.

note i also include rc4 encryption.
see string - VB6 encrypt text using password - Stack Overflow

I have tried your Access file and still trying to digest. But at the same time, I added in security level in create new user form. However, I have some difficulties in saving the combo box value to the table.

And with the security level, I will have a navigation form. How do I allow only Admin user to access create new user form?

 

[isladogs]

Have a look at my example database which uses RC4 encryption: Password Login - Mendip Data Systems
Attached is a slightly newer version of the app than that available from my website

 

[arnelgp]

i change the password for "normal users" same as their username.
except for admin, their password is admin1, admin2, admin3 respectively.

use login form first.
and check navigation form will open.

 

[darrenislearning]

i change the password for "normal users" same as their username.
except for admin, their password is admin1, admin2, admin3 respectively.

use login form first.
and check navigation form will open.

Yes, the form is able to open and when login with normal user, the create new user is greyed out. Is it possible if I create 2 different navigation form (1 for admin and 1 for normal user). If login with admin, it will show the admin navigation form?

I tried to create new user and i have an error. As attached

 

[darrenislearning]

Have a look at my example database which uses RC4 encryption: Password Login - Mendip Data Systems
Attached is a slightly newer version of the app than that available from my website

Thanks. I saw something similar from other thread on this

 

[arnelgp]

you have two navigation form.
you just need to "open" the correct one based on the "security level".

 

[darrenislearning]

you have two navigation form.
you just need to "open" the correct one based on the "security level".

I just managed to resolve the two navigation form.

But still stuck at the error for creating new user with the error above

 

[arnelgp]

change this one on the code:

    With rs
        .AddNew
        !Username = Me.Username
        !Password = Encrypt(Me.newpassword)
        !securitylevel = Me.securitylevel
        .Update
        .Close
    End With

With

    With rs
        .AddNew
        !Username = Me.Username
        !Password = Encrypt(Me.newpassword)
        ![security level] = Me.securitylevel
        .Update
        .Close
    End With

 

[darrenislearning]

change this one on the code:

    With rs
        .AddNew
        !Username = Me.Username
        !Password = Encrypt(Me.newpassword)
        !securitylevel = Me.securitylevel
        .Update
        .Close
    End With

With

    With rs
        .AddNew
        !Username = Me.Username
        !Password = Encrypt(Me.newpassword)
        ![security level] = Me.securitylevel
        .Update
        .Close
    End With

Thanks. Much appreciate it