First of all, this is my first post so I am hoping not to screw it up too bad. I am working on setting up a simple login for an access database. The database is retained on a secure internal server, the login is just to help keep other employees from tampering with the data in the database. Through research and testing it out, I was able to get it working. However, when it processes the password change, a prompt appears to re-type in the username. I have a function setup (UserNameWindows) to get the Windows Username of the employee and am using that as their login ID. My question is, is there something wrong with my SQL statement causing it to verify; or am I simply missing something? My assumption is my 'WHERE' section of the SQL statement is incomplete or incorrect. - Private Sub Command0_Click()
-
Dim strSQL As String
-
strSQL = "UPDATE tblUser SET Password = '" & Me.txtNewPW.Value & "' WHERE [UserName] = " & Me.txtLoginID.Value
-
-
If IsNull(Me.txtLoginID.Value) Then
-
MsgBox "Please enter LoginID", vbInformation, "LoginID Required"
-
Me.txtLoginID.SetFocus
-
ElseIf IsNull(Me.txtOldPassword.Value) Then
-
MsgBox "Please enter password", vbInformation, "Password Required"
-
Me.txtOldPassword.SetFocus
-
Else
-
If (IsNull(DLookup("[UserName]", "tblUser", "[UserName] ='" & UserNameWindows & "' And password = '" & Me.txtOldPassword.Value & "'"))) Then
-
MsgBox "Old password incorrect", vbOKOnly, "INCORRECT PASSWORD"
-
Else
-
If IsNull(Me.txtNewPW.Value) Then
-
MsgBox "Please enter a new password", vbOKOnly, "New Password"
-
Else
-
If IsNull(Me.txtNewPW2.Value) Then
-
MsgBox "Please confirm your new password", vbOKOnly, "Confirm New Password"
-
Else
-
If Me.txtNewPW.Value = Me.txtOldPassword.Value Then
-
MsgBox "New Password Cannot Be The Same As Old Password", vbCritical, "Password Violation"
-
Else
-
If Me.txtNewPW.Value <> Me.txtNewPW2.Value Then
-
MsgBox "New passwords does not match", vbOKOnly, "Verify New Password"
-
Else
-
If Me.txtNewPW.Value = Me.txtNewPW2.Value Then
-
Me.txtLoginID.SetFocus
-
DoCmd.RunSQL strSQL
-
MsgBox "Password Change Successful!", vbOKOnly, "Password Changed"
-
DoCmd.Close
-
DoCmd.OpenForm "Login"
-
-
End If
-
End If
-
End If
-
End If
-
End If
-
End If
-
End If
-
End Sub
I'm also confused why you would want to do all this, but I have a feeling your error is being caused by missing quotes around the value of Me.txtLoginID.Value - strSQL = "UPDATE tblUser SET Password = '" & Me.txtNewPW.Value & "' WHERE [UserName] = '" & Me.txtLoginID.Value & "'"
If that's not it, we'll need more to go on.
If you are still in the process of adding the password to the Database, instead you may want to consider adding flags or an integer to the User Table indicating to what parts of the program they have access. Then, on the database startup, lookup the user Record based on the Windows User and load those security flags into global variables. Then you can use those global variables to hide/show/enable/disable buttons, fields and forms. The result is no login form and no passwords.
10 1761 NeoPa 32,556
Expert Mod 16PB
I'm struggling to see why you need account or password information in the data when you are already using the Windows domain account and allowing it to maintain the password.
However, if your code is failing to do what you require, regardless of why you have that requirement, it would help us to help you if you can explain whereabouts in the code it gives this prompt and why you feel it's not what it should be doing.
I'm also confused why you would want to do all this, but I have a feeling your error is being caused by missing quotes around the value of Me.txtLoginID.Value - strSQL = "UPDATE tblUser SET Password = '" & Me.txtNewPW.Value & "' WHERE [UserName] = '" & Me.txtLoginID.Value & "'"
If that's not it, we'll need more to go on.
If you are still in the process of adding the password to the Database, instead you may want to consider adding flags or an integer to the User Table indicating to what parts of the program they have access. Then, on the database startup, lookup the user Record based on the Windows User and load those security flags into global variables. Then you can use those global variables to hide/show/enable/disable buttons, fields and forms. The result is no login form and no passwords.
First of all, thank you for the responses. The reason for the need to "login" would be because everyone who has access to the shared network drive has access to the database; however only about 20 people need to use it or even look at it. I was trying to be proactive before something happened by stopping some of the employees that may wonder into the database out of boredom and start changing information. I have an audit trail setup, so I will be able to tell who is making changes; but would rather avoid that if possible. I realize this may not be the most secure. I am fairly novice with Access VBA and read on some threads adding a password login is a simple route to take. It is not "live" right now, still in development and working on more viable options.
jforbes, I added those quotes and that resolved my issue and am no longer prompted to verify the UserName. I am interested in the addition of flags or integer to the User Table. I will do some research and attempt to build that into the database, it seems like a better option. Thanks for that piece of information. - strSQL = "UPDATE tblUser SET Password = '" & Me.txtNewPW.Value & "' WHERE [UserName] = '" & Me.txtLoginID.Value & "'"
Glad it's working for you.
The following is some information to help you get started in using the Windows User to enable/disable resources in your database...
There are quite a few versions of this code floating around the Internet to get the currently logged in Windows User: https://bytes.com/topic/access/insig...n-current-user
So using the above code, the first thing that should be done in the database is to load the User Name into a Global Variable. Then use the Global variable to lookup any permissions that you want to track. The following is a snippet of some code I use to set some flags that are used as permissions (the user name has already been placed in the gUserID Global Variable): - Dim rst As DAO.Recordset
-
Dim sSQL As String
-
' Load Preferences
-
sSQL = ""
-
sSQL = sSQL & "SELECT TOP 1 * FROM Employees "
-
sSQL = sSQL & "WHERE UserID='" & gUserID & "'"
-
Set rst = CurrentDB.OpenRecordset(sSQL, dbOpenDynaset, dbForwardOnly + dbSeeChanges)
-
If rst.RecordCount > 0 Then
-
gAdmin = Nz(rst![Admin], False)
-
gEngr = Nz(rst![Engr], False)
-
gManagment = Nz(rst![Managment], False)
-
Else
-
gAdmin = False
-
gEngr = False
-
gManagment = False
-
Call MsgBox ("You do not currently have permissions to " & gLongAppName & ". Please see your System Administrator to gain access.")
-
End If
-
rst.Close
-
Set rst = Nothing
Then some code like the following enables/disables buttons based on the permissions: - Private Sub Form_Load()
-
Me.cmdEmployeeMaintenance.Enabled = gAdmin
-
Me.cmdPartsMaintenance.Enabled = gAdmin
-
Me.cmdAttachmentMaintenance.Enabled = (gAdmin Or gEngr)
-
Me.cmdSchedule.Enabled = (gAdmin Or gManagment)
-
End Sub
On last thing to note, if for some reason Access errors and resets the Global Variables, the Boolean values will reset to false, which will disable everything, which is better than enabling everything.
Thanks a ton jforbes. When I get some time, I will read over that thread you linked, as well read through the code you posted. Again, I greatly appreciate your time and the information you provided to get me going on a better solution. I will be sure to credit you in the coding, once I get this up and running :)
NeoPa 32,556
Expert Mod 16PB
Let me just clarify for emphasis. I know this has already been said but it may not have registered fully. - The linked thread provides a pre-written function that returns the Windows account of the current user to the project.
- The Windows account has already been logged on to Windows so no password holding, or even validating, is required.
- With JForbes' example code you can build this security across your whole system without the user needing to re-qualify as such. It's linked into the Windows account but the user doesn't need to do anything to indicate which that is of course.
Thanks NeoPa. Hopefully this thread will inform others of that method, before they spent so much time creating yet another login environment for their users like I planned on doing.
You should be aware that storing your permissions like this in Access makes it very easy to bypass. Anyone can open up the permissions table and change what they have access to.
Thanks Rabbit. I did know this, which is why I am happy to dump this project for the alternate method suggested by JForbes.I was unaware of that method, probably because I was using the wrong key words in my searches...
The same issues apply to jforbes method. It requires storing permissions in a table in a simple format.
Sign in to post your reply or Sign up for a free account.
Similar topics
by: Lou |
last post by:
Please can someone put me out my misery!
Im trying to find a multiple user/password protection script that will
redirect the specific user to a specific directory.
At the moment I have set up...
|
by: yabba |
last post by:
Is there a way to supply a nt/windows user/password combo in a url for an
automatic login to a nt user/password secured site?
Something like
http://mysite.comuser=mepassword=mypassword
=...
|
by: Bright |
last post by:
Dear All
I'm after a multi-User password database so that I can centrally store
system passwords and give granular access to individuals based on
their own unique authentication (possibly a...
|
by: Robert Kattke |
last post by:
Subject: Can you retrieve/restore a MySQL user Password ?
I'm working on my own, local WXP, MySQL, version: 3.23.38-nt
and I have the "root" password, and normally use the root account.
I have...
|
by: NWx |
last post by:
Hi,
I'm an old developer, but didn't used SQL Server or MSDE to much before.
I have NetSDK instance of MSDE installed on my PC by Net Framework SDK.
All quickstart samples access it using...
|
by: Yannick Béot |
last post by:
Hi,
I'm trying to make an application that allow a user, through a web form
to change its password
On a click event, here is the code
DirectoryEntry usr = new DirectoryEntry(
theUserDN,...
|
by: Nerrad |
last post by:
Hi, i am currently working on a project which requires me to create a
form to allow the user to change their password.
I know there is a user-level security login which is easier and safer
but...
|
by: webrod |
last post by:
Hi all,
how can I check a user/password in a LDAP ?
I don't want to connect with this user, I would like to connect to LDAP
with a ADMIN_LOG/ADMIN_PWD, then do a query to find the user and...
|
by: geoharish |
last post by:
Dear All,
I started using Python just a few days back and there was a requirement of an assigned project to change the user Password through script without user interaction. I could write the...
|
by: Erick Otieni |
last post by:
Hi all,
Does anyone have an idea to solve this problem in asp? I have tried to look everywhere for the last week but no one seems to have the answer.
The issue is that I have the script below...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
| |