Security Coding

[shariefoo]

Hi,

I am required to create a form which asks the user for a password and a username. The pass and the uname are supposed to be created and stored in the table withing the local Database.

All that is easy. The only problem is that i have no idea how to retreive the data from the table and compare it with the one the user entered it.

Sounds complicated right ?

I would be more than thankful for any tip on how to do such thing.

Thank you very much

 

[dcx693]

First, have you considered using Access' built-in security model?

If that doesn't work for you, then consider the following options, in order of ease:

1- Use a query that references the form entry. The query would include your table of uname and pass fields. The would reference the form fields in the criteria line like this: Forms!yourformname!yourfieldname

2- Use a Dlookup function on the form like this:
Dlookup("uname","yourtablename","[uname]=" & Forms!yourformname!yourfieldname

3- run a SQL query from code. This is just a variation on (1).

4- use DAO or ADO (depending on your version of Access) to programatically access the contents of the table of unames and passwords.

 

[shariefoo]

Hi , i am sorry to bother you but can you please explain in more details.. Sorry

Here is the situation.

I have a table called varification and it has two fields "pass" and "uname".. They contain data

I have a for which has two text boxes called "txtuname" and "txtpass" and an enter button..

My target is as following.

When a user enter his/her uname and pass in the text boxes the system should varify check for the uname and pass in the varification table before allowing or denying the user to enter to the other page.

Thanx. Really appriciate it..
And again i am too sorry to bother you.

Yours,
Mohammed S Faraidooni

 

[Cosmos75]

Might help as a starting point

tblUsers
- UName (Text) - Username
- PWord (Text) - Password

frmPWord
2 textboxes
- txtUName (for user to enter username)
- txtPWord (for user to enter password)
1 button
- cmdCheckPWord (for user to enter username)

Private Sub cmdCheckPWord_Click()

' create database and recordset objects'
Dim db As DAO.Database
Dim rs As DAO.Recordset
Dim NumUsers As Integer

' set database object to current database'
Set db = CurrentDb()

' set recordset object to your query'
Set rs = db.OpenRecordset("tblUsers")

If IsNull(Me.txtUName) Then
    MsgBox "Please enter a username!", vbCritical, "No username entered..."
    Me.txtUName.SetFocus
    GoTo OuttaHere:
End If

If IsNull(Me.txtPWord) Then
    MsgBox "Please enter a password!", vbCritical, "No password entered..."
    Me.txtPWord.SetFocus
    GoTo OuttaHere:
End If

' Count number if users in tblUsers'
NumUsers = rs.RecordCount

'go to first user'
rs.MoveFirst

For i = 1 To NumUsers

If rs.Fields("Uname") = Forms![frmPWord]![txtUName] Then

    If rs.Fields("PWord") = Forms![frmPWord]![txtPWord] Then
        MsgBox "Password OK"
        'Insert code you want to run if password matches'
        DoCmd.Close
        GoTo OuttaHere:
        Exit Sub
    Else
        MsgBox "Password FAILED"
        'Insert code you want to run if password does not match'
        GoTo OuttaHere:
    End If

Else

rs.MoveNext

End If

Next i

MsgBox "Username not found!", vbCritical, "No such user..."

OuttaHere:
' close the recordset object (connection to the query)'
rs.Close

' clear the defined objects'
Set rs = Nothing
Set db = Nothing

End Sub

Probably not the best code in the world but it may give you some ideas... plus you'll need to turn off the default close button on the form, set the form to modal=yes and pop-up=yes. But users can still see design of the form and close it unless you are using an MDE file or disabled some of the toolbars and right-click. Like I said, probably needs more work!

This code uses DAO so remember to set the DAO reference.

Hope this helps!