Password Check on Secure DB

[Shaun E via AccessMonster.com]

Right I have spent the whole of today looking for this. I would like my
database to check if the user currently logging in has a password, if not i
would like a form to open which prompts the user to enter and verify a
password. I know how to create an unbound form where passwords can be changed.
The problems I am experiencing is trying to check if the user has a password
it not. I have created a form which loads at startup where the user can add a
password to their logon details. This form loads when the DB is started up.
This is the code I have in the form on open action:
Private Sub Form_Open(Cancel As Integer)
Dim U As User
If U.Password = "" Then
MsgBox "To ensure this database is secure you are required to enter a
password in the following form" & vbCrLf & " " & vbCrLf & "Please enter a
secure password", vbCritical, "Total Building Response"
Me.txtNew.SetFocus
Else
DoCmd.Close acForm, "PassCheck", acSaveNo
End Sub
The error I am getting is that I am using the password function incorrectly.
Any help would be very much appreciated!!!

 

[Tim Ferguson]

Private Sub Form_Open(Cancel As Integer)
Dim U As User
If U.Password = "" Then
MsgBox "To ensure this database is secure you are required " & _
"to enter a password in the following form" & vbCrLf & _
" " & vbCrLf & "Please enter a secure password", _
vbCritical, _
"Total Building Response"

Me.txtNew.SetFocus

Else
DoCmd.Close acForm, "PassCheck", acSaveNo

End Sub

For a start, the variable U is never actually set to anything. Do you
need something like a

Set U = Users(Application.CurrentUser)

first? Secondly, you cannot set the password property of an existing User
object; you need to use the .NewPassword method of the User object. Check
help files for details.

Another point to make is that the way to abort a Form_Load event is to
set the Cancel argument to True, rather than call the DoCmd.Close method
(assuming that the current form is PassCheck).

Hope that helps


Tim F

 

[Shaun E via AccessMonster.com]

Thanks for your response Tim
All I need to do is check if the user logging in has a password or not. It's
just what on earth is the code for seeing if the password IsNull.

I already have a form which allows the user to change their password, using
the .NewPassword method.

Thanks for your last note, will bear this in mind when I get finally get the
code right!!

I have checked in VB help and there doesn't seem to be any method to verify
if a user does indeed have a password or not.

 

['69 Camaro]

Hi, Shaun.

All I need to do is check if the user logging in has a password or not.

Don't wait for them to log in to find out whether or not they have a
password. Since you already have the code for changing a user's password,
create a function that loops through each User in the Users Group, and
changes the old password from a zero-length string, "", to something
hideous, like "mWp3vOcyLb7Aiq" (something difficult to remember and
difficult to type). Save to a table every User ID that successfully has the
password changed.

Sign in as a member of the Admins Group and run the function. Any user who
actually had a password will not have his password changed, since you are
offering the wrong password, the zero-length string, "", as the old password
to change. Those who had no password now have a hideous password, and you
have the User ID's of these people saved to a table. You can now contact
these people and tell them that for security reasons, all user accounts must
have a password and the computer assigned a computer-generated password to
all accounts that didn't have passwords. They'll have to contact you to get
their new password or request that the password be cleared so that they can
choose a new password (that they can easily remember).

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)
Beware to those who use munged addresses: known newsgroup E-mail harvesters
for spammers are (e-mail address removed) and (e-mail address removed)

 

[Tim Ferguson]

All I need to do is check if the user logging in has a password or
not. It's just what on earth is the code for seeing if the password
IsNull.

It's a string value, so an empty password is "" and never null.

If Len(U.Password)=0 Then...

(hint Len(a)=0 is quicker and uses fewer resources than a="")


In the meantime, I'm with Gunny: take control of the whole password
setting business. If you have a form for changing it, then check at that
level that it's non-zero. I was under the impression that there was a
property that prevented zero lenght passwords at the db engine level, but
I can't find it. Must have been thinking of SQL server or something else.


Hope that helps


Tim F

 

[Shaun E via AccessMonster.com]

Right well I have managed to sort the problem using code in forms that allow
users to change thier passwords as well as a form where users can be added
and simply placing a rule that blocks either form from closing if the user
tries to go with no password.

thanks Tim & Gunny for your help.

I have another question regarding security but will put it in a new posting...

 

[Tim Ferguson]

I have another question regarding security but will put it in a new
posting...

Glad you got it working in the end. Good choice to start a new thread for a
new question: you'll get more readers.

B Wishes


Tim F