Setting up a custom login (without using built-in Access options)

[Aaron S via AccessMonster.com]

Hey guys... need a little help with my project..
I've got my db set up ALMOST how i want it... the only part that's giving me
problems is the login for my users...What I have so far is:
Pop-up form for users to enter their loginID and Password, that gets compared
to a "Users" table via a query... Query to add a "Logged-In" value (via
checkbox) into that "Users" table if the password matches, and a query to
take the "Logged-In" value out when the "Logout" button is pressed...
What I WANT to do, is make the logged in UserID automatically populate a spot
in some of my forms, (and NOT be changable by the user)...(Currently my users
have to manually choose their LoginID from a combo box on these forms, which
could allow for some falsification that I don't want to happen)
Additionally, I would like to have all the other options on the Main Menu
form (opens on startup) locked out, until the user uses the login feature..
(hence another use of the checkbox i created)...

What I need to know is, am I on the right track here in how I'm going about
this? Will my train of thought on this work the way I want it to, or am I
going about it all wrong? What type of code do I need to keep those menu
options locked out until the login is confirmed?

Any help would be appreciated...

 

[Guest]

Create a global variable currUser or something (just put it in a standalone
module). Then, in your login form, after authentication, do this:

currUser = loginID

where loginIDis the user ID as it exists on your login form.

Now you can use it in any control on any form. I would use a hidden (or at
least locked/disabled) text box so the user cannot change it, and set the
default value of the text box to =[currUser]

 

[TC]

If you are storing usernames & passwords in an unprotected database,
how do you plan to stop people reading them out of the table directly,
to get other peoples' passwords?

TC

 

[Guest]

Good point. In my case, I have been using the apps principally on a terminal
server with a forced-run app (my front end) on the TS logon, so it is
impossible for the users to access the data except through my front end. I
can see where a Password input mask on the table becomes irrelevant to the
clever user who simply creates a new Access db and creates a link to the
table!

 

[TC]

Brian wrote:

(snip)

I can see where a Password input mask on the table becomes irrelevant to the
clever user who simply creates a new Access db and creates a link to the
table!

Precisely.

One solution is to store password hashes instead of the passwords
themselves. Look up "MD5 hash" or "SHA hash" if you don't know what a
password hash is.

Cheers,
TC