By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,678 Members | 2,403 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,678 IT Pros & Developers. It's quick & easy.

How to require a password change in Microsoft Access 2007?

P: 51
I am using Access 2007 and I am a complete ignoramus with this stuff.


I have designed a modal login form for my database that is working perfectly. I did this by placing an invisible dlookup that finds the correct password for the employee id that was entered as the username. This lookup is compared to the password the user entered and, if they are equal, the form closes.

Here is the code that I used:

Expand|Select|Wrap|Line Numbers
  1. Private Sub cmmndLogIn_Click()
  2.  
  3. 'Check to see if data is entered into UsernameSelect
  4.  
  5.     If IsNull(Me.UsernameSelect) Or Me.UsernameSelect = "" Then
  6.         MsgBox "You must select the name of a current call center employee.", vbOKOnly, "Required Data"
  7.             Me.UsernameSelect.SetFocus
  8.         Exit Sub
  9.     End If
  10.     'Coded in by Jesse Jones on 1/21/10
  11.  
  12. 'Check to see if data is entered into PasswordEnter
  13.  
  14.     If IsNull(Me.PasswordEnter) Or Me.PasswordEnter = "" Then
  15.         MsgBox "You must provide a password.", vbOKOnly, "Required Data"
  16.             Me.PasswordEnter.SetFocus
  17.         Exit Sub
  18.     End If
  19.     'Coded in by Jesse Jones on 1/21/10
  20.  
  21. 'Lookup correct password for value entered in UsernameSelect
  22.  
  23.     Me.EmpPasswordLookup.Value = DLookup("[EmpPassword]", "Employees", "[EID] ='" & Me.UsernameSelect & "'")
  24.     'Coded in by Jesse Jones on 1/21/10
  25.  
  26. 'Compare value of PasswordEnter to EmpPasswordLookup
  27.  
  28.     If Me.PasswordEnter.Value = Me.EmpPasswordLookup.Value Then
  29.  
  30.  
  31.         'Close logon form
  32.  
  33.         DoCmd.Close acForm, "formLogOn", acSaveNo
  34.  
  35.     Else
  36.             MsgBox "Invalid Username/Password. Please try again.", vbOKOnly, "Invalid Entry!"
  37.         Me.PasswordEnter.SetFocus
  38.         Exit Sub
  39.     End If
  40.     'Coded in by Jesse Jones on 1/21/10
  41.  
  42.  
  43. End Sub
  44.     'Coded in by Jesse Jones on 1/21/10
  45.  
What I would like to do is require a password change if the user's password is the default password assigned to all new employees ("setup1").

So, if the password is "setup1" I want to require it to be changed automatically through a form. If it is any other password, I simply want it to be authenticated.

Can anyone please help me with this? This is the first design work I have ever done.

Thank you!
Jan 22 '11 #1

✓ answered by beacon

Hi Jesse,

Welcome to Bytes!

It looks like you've basically got the problem solved. You just need to add a couple of lines of code before line #28. Type in:

Expand|Select|Wrap|Line Numbers
  1. If Me.EmpPasswordLookup.Value = "setup1" Then
  2.      Msgbox "You must change your password"
  3.      Exit Sub
  4. End If
  5.  
Instead of using the Exit Sub line, you could use...

Expand|Select|Wrap|Line Numbers
  1. DoCmd.Close Me.Name
  2. DoCmd.OpenForm "YourPasswordChangeForm"
  3.  
...to close the current form and open the password change form.

Hope this helps and good luck,
beacon

Share this Question
Share on Google+
8 Replies


beacon
100+
P: 579
Hi Jesse,

Welcome to Bytes!

It looks like you've basically got the problem solved. You just need to add a couple of lines of code before line #28. Type in:

Expand|Select|Wrap|Line Numbers
  1. If Me.EmpPasswordLookup.Value = "setup1" Then
  2.      Msgbox "You must change your password"
  3.      Exit Sub
  4. End If
  5.  
Instead of using the Exit Sub line, you could use...

Expand|Select|Wrap|Line Numbers
  1. DoCmd.Close Me.Name
  2. DoCmd.OpenForm "YourPasswordChangeForm"
  3.  
...to close the current form and open the password change form.

Hope this helps and good luck,
beacon
Jan 22 '11 #2

Rabbit
Expert Mod 10K+
P: 12,327
Can't the users edit the table directly and change their password and see other people's passwords?
Jan 23 '11 #3

P: 51
Perfect. Thanks for your help, Beacon. I knew it was simple, but I didn't know what it was.

They can right now, rabbit, but I'm writing user-level permissions. When this goes live, they won't even know that table exists.
Jan 23 '11 #4

Rabbit
Expert Mod 10K+
P: 12,327
Access 2007 right? Didn't they remove user level security? Or are you implementing user level security through VBA? That's not very secure since you can just stop code from running.

Anyways, you should probably read this article before you decide to store everything as plaintext. http://www.codinghorror.com/blog/200...correctly.html

Either way, if security is a real concern, using Access to implement it is not the best choice.
Jan 23 '11 #5

P: 51
Rabbit, thanks for the tips and the link. You're right, storing passwords is always a security concern. However, this is in internal database which will never be open to public. Security is not my highest priority on this database. I can admit that. My goals are 1. basic security to keep honest users and those who aren't grasping their training quickly from destroying this database and 2) to auto enter user information into various forms and datasheets.

Having said that, I am aware of the shift bypass key (I assume this is to what you are referring, but as I said, I am below a novice on this stuff) but also understand that there is a way to disable this.

Thank you for the advice. If I am totally missing the boat, please feel free to let me know. I appreciate the tips and insight.
Jan 23 '11 #6

Rabbit
Expert Mod 10K+
P: 12,327
As long as you're aware of the implications and the risk is not a concern then it shouldn't be a problem.
Jan 23 '11 #7

beacon
100+
P: 579
@Jesse - I'm glad it worked for what you're doing Jesse. Good luck with the rest of the project.

@Rabbit - Not to hijack Jesse's post, but what other methods would you suggest to secure a database? Is it possible to encrypt passwords using hash values instead of as plain text?
Jan 23 '11 #8

Rabbit
Expert Mod 10K+
P: 12,327
Yes, you can encrypt a password using a hash. A hash is a one way encryption. Towards the bottom of this thread, we discuss password hashing. http://bytes.com/topic/access/answer...ption-password

If you want to discuss other options, please create a new thread and we can go over it there.
Jan 23 '11 #9

Post your reply

Sign in to post your reply or Sign up for a free account.