Solved login form (1 Viewer)

mansied

Member
Local time
Today, 04:28
Joined
Oct 15, 2020
Messages
99
HELLO
I have a databse with a table to give access user to login .but it have an error that i can solve it ,anyone can help me to find the issue ?

Private Sub Command1_Click()
If IsNull(Me.txtBnumber) Then
MsgBox "Please enter your Bnumber to proceed."
Me.txtBnumber.SetFocus
Else
'process the job
If (IsNull(DLookup("User Bnumber", "Authorised Users", "User Bnumber = '" & Me.txtBnumber.Value & "'"))) Then
MsgBox "You do not have access to the database."
Else
MsgBox "Login accepted."
End If
End If

End Sub


1633702226749.png
 

Attachments

  • CEF database updated.accdb
    656 KB · Views: 318

theDBguy

I’m here to help
Staff member
Local time
Today, 01:28
Joined
Oct 29, 2018
Messages
21,358
Hi. For those of us who can't download your file right now, what was the error message?
 

Gasman

Enthusiastic Amateur
Local time
Today, 08:28
Joined
Sep 21, 2011
Messages
14,050
Don't have spaces in fields,controls and table names :-(
Code:
Private Sub Command1_Click()
If IsNull(Me.txtBnumber) Then
    MsgBox "Please enter your Bnumber to proceed."
    Me.txtBnumber.SetFocus
Else
    'process the job
    If IsNull(DLookup("[User Bnumber]", "[Authorised Users]", "[User Bnumber] = '" & Me.txtBnumber & "'")) Then
        MsgBox "You do not have access to the database."
    Else
        MsgBox "Login accepted."
    End If
End If

End Sub
 

MarkK

bit cruncher
Local time
Today, 01:28
Joined
Mar 17, 2004
Messages
8,178
Don't bother the user with this line of code...
Code:
MsgBox "Login accepted."
You're just adding a valueless click to their workflow.
 

cheekybuddha

AWF VIP
Local time
Today, 08:28
Joined
Jul 21, 2014
Messages
2,237
Be careful with this authorisation technique.

Once you have made the corrections suggested by Gasman, it will be possible to log in to your application by typing as Bnumber:
' OR '1' = '1

😲
 

cheekybuddha

AWF VIP
Local time
Today, 08:28
Joined
Jul 21, 2014
Messages
2,237
Mitigate the issue by:
Code:
' ...
    'process the job
    If (IsNull(DLookup("[User Bnumber]", "[Authorised Users]", "[User Bnumber] = '" & Replace(Me.txtBnumber.Value, "'", "''") & "'"))) Then
' ...
 

Users who are viewing this thread

Top Bottom