How i make remember password in form login on my pc only ! (1 Viewer)

[AHMEDRASHED]

Hello evreyone,

How do I prevent other users in internal network To use my username and password if I saved the username and password in the tabel login as remember

My UserName have full accsess , i dont need others user to see it .

Note :- Database was shared internally in internal network 2- Other users 2 only i need simple solution because other users do not have experience on ms access or coding
My PC , and others PC Password shown Automatic same below photo :

Thank you

Option Compare Database
Option Explicit

Private Sub btnChangePassword_Click()
    On Error Resume Next
    DoCmd.OpenForm "frmForgotpassword"
    If Err.Number <> 0 Then
        MsgBox "An error occurred while opening the 'frmForgotpassword' form.", vbExclamation, "Error"
        Err.Clear
    End If
End Sub

Private Sub exit_Click()
    On Error Resume Next
    Dim Response As VbMsgBoxResult
    Response = MsgBox("Do you want to Exit?", vbYesNo, "Confirm")
    
    If Response = vbYes Then
        DoCmd.Quit
        If Err.Number <> 0 Then
            MsgBox "An error occurred while trying to exit the application.", vbExclamation, "Error"
            Err.Clear
        End If
    End If
End Sub

Private Sub Form_Load()
    On Error Resume Next
    DoCmd.Maximize
    If Err.Number <> 0 Then
        MsgBox "An error occurred while maximizing the form.", vbExclamation, "Error"
        Err.Clear
    End If
End Sub
Private Sub Form_Timer()
    On Error Resume Next
    Const IDLESECONDS = 300 ' 300 seconds of idle time
    Static PrevControlName As String, PrevFormName As String, ExpiredTime
    Dim ActiveFormName As String, ActiveControlName As String, ExpiredSeconds
    
    ActiveFormName = Screen.ActiveForm.Name
    If Err Then
        ActiveFormName = "No Active Form"
        Err.Clear
    End If
    
    ActiveControlName = Screen.ActiveControl.Name
    If Err Then
        ActiveControlName = "No Active Control"
        Err.Clear
    End If
    
    If (PrevControlName = "") Or (PrevFormName = "") _
        Or (ActiveFormName <> PrevFormName) _
        Or (ActiveControlName <> PrevControlName) Then
        PrevControlName = ActiveControlName
        PrevFormName = ActiveFormName
        ExpiredTime = 0
    Else
        ExpiredTime = ExpiredTime + Me.TimerInterval
    End If
    
    ExpiredSeconds = ExpiredTime / 1000
    If ExpiredSeconds >= IDLESECONDS Then
        ExpiredTime = 0
        On Error GoTo ErrorHandler
        Application.Quit ' Quit the application after 300 seconds of idle time
        On Error GoTo 0
    End If
    
    Exit Sub

ErrorHandler:
    MsgBox "An error occurred while trying to quit the application.", vbExclamation, "Error"
End Sub

Private Sub cmdLogin_Click()
    If IsNull(userName) Or IsNull(password) Or userName = "" Or password = "" Then
        MsgBox "Please enter your name!"
        Exit Sub
    ElseIf Not password = DLookup("password", "tlogin", "userID = " & txtID) Then
        message = "Wrong password . Please write the correct info..!"
        Exit Sub
    ElseIf password = DLookup("password", "tlogin", "userID = " & txtID) Then
        If IsNull(DLookup("startup", "tstartupForm", "startupID =1")) Then
            DoCmd.CLOSE
            DoCmd.OpenForm "frmSettings"
        Else
            DoCmd.SetWarnings False
            DoCmd.RunSQL "UPDATE tTemp Set userID = " & Me.txtID
            DoCmd.CLOSE
            Dim srt As String
            srt = DLookup("startup", "tstartupForm", "startupID =1")
            DoCmd.OpenForm srt
        End If
    End If
End Sub

Private Sub password_AfterUpdate()
    On Error Resume Next
    Me.Refresh
    If Err.Number <> 0 Then
        MsgBox "An error occurred while refreshing the form.", vbExclamation, "Error"
        Err.Clear
    End If
    On Error GoTo 0
End Sub

Private Sub userName_AfterUpdate()
On Error Resume Next
Dim db As Database
Dim rst As Recordset
Set db = CurrentDb()
Set rst = db.OpenRecordset("Select * from tlogin where userID =" & userName)
   If rst!remember = True Then
        txtID = rst!userID
        Me.password = rst!password
        message = ""
    Else
        txtID = rst!userID
        message = ""
        Me.password = ""
    End If
End Sub

Private Sub userName_NotInList(NewData As String, Response As Integer)
    ' Suppress the default error message
    Response = acDataErrContinue
    ' User not found, display a custom message
    message = "User not found"
End Sub

 

[Gasman]

Show your code as to how that form is populated.
Normally you would start off with an empty form. Even YOU would need to key in your login details.

 

[GaP42]

Not entirely sure of what you require, however I approach this by NOT requiring the username (as the login name of the user) to be entered on the login form itself. The login name is set when the user logs in to the PC. The nickname and password of the user is stored together with the username (loginame) in the "user" table. The login form requests the nickname and password. If the users nickname is found in the table and the password match is correct, then if the login name matches the username stored then access can be granted. The login name can be obtained using a function such as that from Dev Ashish (fOSusername)

This allows the nickname to be changed / reset as needed. The user logging in to the PC must use the login, however opening the db app requires entry of the nickname password combo. If it does not match the PC login name then no go - they must use their db app nickname/passowrd.

A login form like:

 

[KitaYama]

Not entirely sure of what you require, however I approach this by NOT requiring the username (as the login name of the user) to be entered on the login form itself. The login name is set when the user logs in to the PC. The nickname and password of the user is stored together with the username (loginame) in the "user" table. The login form requests the nickname and password. If the users nickname is found in the table and the password match is correct, then if the login name matches the username stored then access can be granted. The login name can be obtained using a function such as that from Dev Ashish (fOSusername)

Your method doesn't work in a multi user environment.
Why do you need three pieces of information (Username - Nickname - Passsword) to allow a login?

I bet you can not find any organization/Hospital/clinic..... that has the same number of PCs and employees. In any company there are a lot of PCs that are used as terminals. Someone logs in to windows, but anybody is allowed to open a database (or any app) to use it. The PC stays logged in and un-attended, until someone needs to use it, opens the database and does his job. Aren't all universities, companies, pharmacies, libraries.... the same?
Your method limits a PC to one user which I find it very un-realistic (or hard to be used in a real system).

This allows the nickname to be changed / reset as needed.

You can still have a Username/Password combination and allow the user to change his/her name. The database works on User PK, not user name.
Why changing username is a problem for you? And makes you need a nickname?

Or am I misunderstanding you?

 

[AHMEDRASHED]

i fixed it with below code : Thanks you all

Private Sub userName_AfterUpdate()
    On Error Resume Next
    Dim db As Database
    Dim rst As Recordset
    Set db = CurrentDb()
    Set rst = db.OpenRecordset("Select * from tlogin where userID =" & userName)

    If rst!remember = True Then
        txtID = rst!userID
        ' Check PC name before remembering the password
        If Environ("COMPUTERNAME") = "AHMED-PC" Then
            ' Remember the password logic here
            ' For example, you might store the password in a variable or a separate table
            ' Note: Storing passwords should be done securely, and this is just a simple example.
            Me.password = rst!password
            message = ""
        Else
            ' PC name doesn't match, so do not remember the password
            message = "Password not remembered for this PC."
            Me.password = ""
        End If
    Else
        txtID = rst!userID
        message = ""
        Me.password = ""
    End If
End Sub

 

[Gasman]

Really?
I would expect UserName to be text and the userID to be numeric?
Either way I would expect you need to enclose the Username with single quotes at least?

 

[GaP42]

Your method doesn't work in a multi user environment.
Why do you need three pieces of information (Username - Nickname - Passsword) to allow a login?

I bet you can not find any organization/Hospital/clinic..... that has the same number of PCs and employees. In any company there are a lot of PCs that are used as terminals. Someone logs in to windows, but anybody is allowed to open a database (or any app) to use it. The PC stays logged in and un-attended, until someone needs to use it, opens the database and does his job. Aren't all universities, companies, pharmacies, libraries.... the same?
Your method limits a PC to one user which I find it very un-realistic (or hard to be used in a real system).


You can still have a Username/Password combination and allow the user to change his/her name. The database works on User PK, not user name.
Why changing username is a problem for you? And makes you need a nickname?

Or am I misunderstanding you?

The method does not limit a PC to one user. The user can use their network login to any PC – it is not governed by the database app. The database application can be accessed by anyone on any PC on which the FE is installed, if they have a legitimate/active database user account/record.

I want to ensure whoever is accessing the database is being logged as the user and has the access rights assigned to specific functionality in the database. I don’t want them using someone else’s database account – the network login does that. (BTW the login username and the nickname may be the same for a user).

When the PC is unattended for a period of time a new user who wakes up the machine must login with their network account. This is important if you think an audit trail is important – how do you ensure that the changes to the database are not performed by someone else masquerading under the username of someone else? A crucial requirement for health records, finances, etc

This solution is not the only one - others may employ active directory for eg to control access to applications etc - but this is a simple “roll your own” style solution.

Not denying that a simple usermane / password combination can be used and can support changing, just that the user has a network login assigned by IT and the app can use that to ensure the user is who they are claiming to be.

EDIT - You could, simply require the user to enter a password to access the application (no username entry), verifying by the login username and password combination Perhaps this is what you suggest.

 

[KitaYama]

The method does not limit a PC to one user. The user can use their network login to any PC

Let me give you an example. Where I work there are 52 employees and 11 PCs in first shop floor. You need to allow anybody being able to use any PC to access your database.
Your method needs each PC having 52 windows login accounts Isn't it so?

I want to ensure whoever is accessing the database is being logged as the user and has the access rights assigned to specific functionality in the database.

If the user has an account in the database, he has the access right to DB and his specific functionality is assigned in DB. How his windows login account concern to assigned functionality of a user in a database.

This is important if you think an audit trail is important

I really don't understand your point. An audit trail can use logged in user account (PK) in db. Why it needs Windows account? You mean someone can bypass your database login system, but not windows login? If so, you may want to recheck your login method.

how do you ensure that the changes to the database are not performed by someone else masquerading under the username of someone else?

Because I have a login system with encrypted password.
How do you know someone doesn't login to windows under another name? If user A gives his database account credentials to his friend to use it, he also may share windows credentials as well.

When the PC is unattended for a period of time a new user who wakes up the machine must login with their network account.

That's another inconvenience. Imagine different users need to use the same PC. Each time they must log out of windows and log in under another account. How many minutes your PC needs to login and finish startup processes? Now multiply it by how many times above 52 employees need to log out, and login. Do you see the wasted time here?

Not denying that a simple usermane / password combination can be used and can support changing, just that the user has a network login assigned by IT and the app can use that to ensure the user is who they are claiming to be.

Again I don't understand. If the IT assigns the credential to windows for login, Database admin can assign login accounts to a Database. What's the difference?

You could, simply require the user to enter a password to access the application (no username entry), verifying by the login username and password combination Perhaps this is what you suggest.

No. I don't suggest it. I suggest a table in database with UserPK, Username and encrypted password. At login, each user types (or selects if you prefer) his username and his password and logins. There's no need to logout/login to windows any time someone needs to use the db.
They logout/login into the database and it's much shorter.