form incorrect password interating question

L

Leon

why intLogonAttempts never become greater than 3... all other code works
great, but intLogonAttempts sets itself back to 1 after every button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the recordset
'Check value of password to see if this matches value chosen in combo box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
 
D

Douglas J Steele

If that's an actual copy-and-paste, it would appear that you have a typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset to 1. I would
expect it to alternative between 0 (False) and -1 (True)
 
L

Leon

i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still noy working
any ideas...thanks.
 
D

Douglas J Steele

You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that refers to
intLogonAttempts?
 
L

Leon

all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
 
D

Douglas J Steele

I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each time the
routine's called.

You should use Option Explicit at the beginning of the code to ensure that
you've declared all variables. (To automatically get Option Explicit in your
modules, select the Module tab under Tools | Options, and check the "Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module, or else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

Douglas J Steele said:
You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that refers to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


combo
box
Click to expand...
Click to expand...
 
L

Leon

Thanks the following code works, but is this the best way it could be
done.....this subroutine is not in a module but behind a command button
within the form. And if two people are using the database @ the same
time...do this static declared variable works independently within a user
sessions?

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
**Static intLogonAttempts As Integer**
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts = 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

Douglas J Steele said:
I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each time
the
routine's called.

You should use Option Explicit at the beginning of the code to ensure that
you've declared all variables. (To automatically get Option Explicit in
your
modules, select the Module tab under Tools | Options, and check the
"Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module, or
else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

Douglas J Steele said:
You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that refers to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still noy
working
any ideas...thanks.

message
If that's an actual copy-and-paste, it would appear that you have a
typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset to 1. I
would
expect it to alternative between 0 (False) and -1 (True)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


why intLogonAttempts never become greater than 3... all other code
works
great, but intLogonAttempts sets itself back to 1 after every
button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the recordset
'Check value of password to see if this matches value chosen in combo
box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Click to expand...
Click to expand...
Click to expand...
 
D

Douglas J Steele

Yes, users don't share variables. However, you shouldn't have multiple users
in the database at the same time.

Your application should be split into a front-end (containing the queries,
forms, reports, macros and modules), linked to the a back-end (containing
the tables). Only the back-end should be on the server: each user should
have his/her own copy of the front-end, preferably on their hard drive.

Not only that, but I hope you realize that your code doesn't offer any
security at all, as it's trivial to bypass.

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
Thanks the following code works, but is this the best way it could be
done.....this subroutine is not in a module but behind a command button
within the form. And if two people are using the database @ the same
time...do this static declared variable works independently within a user
sessions?

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
**Static intLogonAttempts As Integer**
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts = 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

Douglas J Steele said:
I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each time
the
routine's called.

You should use Option Explicit at the beginning of the code to ensure that
you've declared all variables. (To automatically get Option Explicit in
your
modules, select the Module tab under Tools | Options, and check the
"Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module, or
else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that
Click to expand...
refers
to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still noy
working
any ideas...thanks.

message
If that's an actual copy-and-paste, it would appear that you have a
typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset to
Click to expand...
1.
I
would
expect it to alternative between 0 (False) and -1 (True)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


why intLogonAttempts never become greater than 3... all other code
works
great, but intLogonAttempts sets itself back to 1 after every
button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the recordset
'Check value of password to see if this matches value chosen in combo
box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Click to expand...
Click to expand...
Click to expand...
 
L

Leon

what do you mean by bypass...are you talking about bypass keys...if so how
can you bypass my form code? Thanks again....
and if you don't mind I would love for you to tell me how could I secure the
database on the server that contain just the tables and the database
on the user computer that holds all the forms and queries.

Douglas J Steele said:
Yes, users don't share variables. However, you shouldn't have multiple
users
in the database at the same time.

Your application should be split into a front-end (containing the queries,
forms, reports, macros and modules), linked to the a back-end (containing
the tables). Only the back-end should be on the server: each user should
have his/her own copy of the front-end, preferably on their hard drive.

Not only that, but I hope you realize that your code doesn't offer any
security at all, as it's trivial to bypass.

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
Thanks the following code works, but is this the best way it could be
done.....this subroutine is not in a module but behind a command button
within the form. And if two people are using the database @ the same
time...do this static declared variable works independently within a user
sessions?

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
**Static intLogonAttempts As Integer**
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts = 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

Douglas J Steele said:
I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each time
the
routine's called.

You should use Option Explicit at the beginning of the code to ensure that
you've declared all variables. (To automatically get Option Explicit in
your
modules, select the Module tab under Tools | Options, and check the
"Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module, or
else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2",
"[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid
Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

message
You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that refers
to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still noy
working
any ideas...thanks.

message
If that's an actual copy-and-paste, it would appear that you have a
typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset to 1.
I
would
expect it to alternative between 0 (False) and -1 (True)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


why intLogonAttempts never become greater than 3... all other code
works
great, but intLogonAttempts sets itself back to 1 after every
button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the
recordset
'Check value of password to see if this matches value chosen in
combo
box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will
shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Click to expand...
Click to expand...
Click to expand...
 
D

Douglas J. Steele

See http://support.microsoft.com/support/access/content/secfaq.asp for how
to secure properly.

(Note: Access User-Level Security isn't a trivial undertaking. Make sure you
read the document thoroughly several times before starting, work on a copy
of your database, and make sure you don't skip any steps)

Are you distributing an MDB or an MDE? If it's an MDB, the user simply has
to change your code. Even it it's an MDE, they'll still be able to get to
the data (although not through your form)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)



Leon said:
what do you mean by bypass...are you talking about bypass keys...if so how
can you bypass my form code? Thanks again....
and if you don't mind I would love for you to tell me how could I secure
the database on the server that contain just the tables and the database
on the user computer that holds all the forms and queries.

Douglas J Steele said:
Yes, users don't share variables. However, you shouldn't have multiple
users
in the database at the same time.

Your application should be split into a front-end (containing the
queries,
forms, reports, macros and modules), linked to the a back-end (containing
the tables). Only the back-end should be on the server: each user should
have his/her own copy of the front-end, preferably on their hard drive.

Not only that, but I hope you realize that your code doesn't offer any
security at all, as it's trivial to bypass.

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
Thanks the following code works, but is this the best way it could be
done.....this subroutine is not in a module but behind a command button
within the form. And if two people are using the database @ the same
time...do this static declared variable works independently within a
user
sessions?

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo
box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2", "[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
**Static intLogonAttempts As Integer**
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts = 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each
time
the
routine's called.

You should use Option Explicit at the beginning of the code to ensure that
you've declared all variables. (To automatically get Option Explicit
in
your
modules, select the Module tab under Tools | Options, and check the
"Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module, or
else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2",
"[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid
Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

message
You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that refers
to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still noy
working
any ideas...thanks.

message
If that's an actual copy-and-paste, it would appear that you
have a
typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset
to 1.
I
would
expect it to alternative between 0 (False) and -1 (True)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


why intLogonAttempts never become greater than 3... all other code
works
great, but intLogonAttempts sets itself back to 1 after every
button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the
recordset
'Check value of password to see if this matches value chosen in
combo
box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will
shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Click to expand...
Click to expand...
Click to expand...
 
L

Leon

I will distribute a .MDB file......but I will have some from of security in
place and was wondering could I setup a password on the database on the
server and the database on the client machine...

Douglas J. Steele said:
See http://support.microsoft.com/support/access/content/secfaq.asp for how
to secure properly.

(Note: Access User-Level Security isn't a trivial undertaking. Make sure
you read the document thoroughly several times before starting, work on a
copy of your database, and make sure you don't skip any steps)

Are you distributing an MDB or an MDE? If it's an MDB, the user simply has
to change your code. Even it it's an MDE, they'll still be able to get to
the data (although not through your form)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)



Leon said:
what do you mean by bypass...are you talking about bypass keys...if so
how can you bypass my form code? Thanks again....
and if you don't mind I would love for you to tell me how could I secure
the database on the server that contain just the tables and the database
on the user computer that holds all the forms and queries.

Douglas J Steele said:
Yes, users don't share variables. However, you shouldn't have multiple
users
in the database at the same time.

Your application should be split into a front-end (containing the
queries,
forms, reports, macros and modules), linked to the a back-end
(containing
the tables). Only the back-end should be on the server: each user should
have his/her own copy of the front-end, preferably on their hard drive.

Not only that, but I hope you realize that your code doesn't offer any
security at all, as it's trivial to bypass.

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Thanks the following code works, but is this the best way it could be
done.....this subroutine is not in a module but behind a command button
within the form. And if two people are using the database @ the same
time...do this static declared variable works independently within a
user
sessions?

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo
box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2",
"[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
**Static intLogonAttempts As Integer**
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts = 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each
time
the
routine's called.

You should use Option Explicit at the beginning of the code to ensure
that
you've declared all variables. (To automatically get Option Explicit
in
your
modules, select the Module tab under Tools | Options, and check the
"Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module,
or
else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in
combo
box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2",
"[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid
Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

message
You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that
refers
to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still
noy
working
any ideas...thanks.

message
If that's an actual copy-and-paste, it would appear that you
have
a
typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset
to
1.
I
would
expect it to alternative between 0 (False) and -1 (True)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


why intLogonAttempts never become greater than 3... all other
code
works
great, but intLogonAttempts sets itself back to 1 after every
button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the
recordset
'Check value of password to see if this matches value chosen
in
combo
box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will
shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Click to expand...
Click to expand...
Click to expand...
 
D

Douglas J Steele

There are lots of password crackers available on the web. To be honest, even
Access User-Level Security can be cracked without too much difficulty.

I guess the issue is how secure do you want to make it?

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Leon said:
I will distribute a .MDB file......but I will have some from of security in
place and was wondering could I setup a password on the database on the
server and the database on the client machine...

Douglas J. Steele said:
See http://support.microsoft.com/support/access/content/secfaq.asp for how
to secure properly.

(Note: Access User-Level Security isn't a trivial undertaking. Make sure
you read the document thoroughly several times before starting, work on a
copy of your database, and make sure you don't skip any steps)

Are you distributing an MDB or an MDE? If it's an MDB, the user simply has
to change your code. Even it it's an MDE, they'll still be able to get to
the data (although not through your form)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)



Leon said:
what do you mean by bypass...are you talking about bypass keys...if so
how can you bypass my form code? Thanks again....
and if you don't mind I would love for you to tell me how could I secure
the database on the server that contain just the tables and the database
on the user computer that holds all the forms and queries.

Yes, users don't share variables. However, you shouldn't have multiple
users
in the database at the same time.

Your application should be split into a front-end (containing the
queries,
forms, reports, macros and modules), linked to the a back-end
(containing
the tables). Only the back-end should be on the server: each user should
have his/her own copy of the front-end, preferably on their hard drive.

Not only that, but I hope you realize that your code doesn't offer any
security at all, as it's trivial to bypass.

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


Thanks the following code works, but is this the best way it could be
done.....this subroutine is not in a module but behind a command button
within the form. And if two people are using the database @ the same
time...do this static declared variable works independently within a
user
sessions?

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in combo
box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2",
"[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
**Static intLogonAttempts As Integer**
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts = 3 Then
MsgBox "You do not have access to this database.Please contact admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

I don't see

Dim intLogonAttempts As Integer

anywhere.

That means it's local to Login_Click, and will get reset to 0 each
time
the
routine's called.

You should use Option Explicit at the beginning of the code to ensure
that
you've declared all variables. (To automatically get Option Explicit
in
your
modules, select the Module tab under Tools | Options, and check the
"Require
Variable Declaration" box)

intLogonAttempts either needs to be declared outside of the module,
or
else
as Static inside the module:

Static intLogonAttempts As Integer



--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


all code
Option Compare Database

Private Sub UName_AfterUpdate()
'After selecting username set focus to password field
Me.PWord.SetFocus
End Sub

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
If IsNull(Me.UName) Or Me.UName = "" Then
MsgBox "You must select a username.", vbOKOnly, "Required Data"
Me.UName.SetFocus
Exit Sub
End If

'Check to see if data is entered into the password box
If IsNull(Me.PWord) Or Me.PWord = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.PWord.SetFocus
Exit Sub
End If

' Open the table that contains the password.


'Declare and instantiate a Recordset Object
Dim rst As ADODB.Recordset
Set rst = New ADODB.Recordset

'Establish the connection and cursor type, and open the recordset
rst.ActiveConnection = CurrentProject.Connection
rst.CursorType = adOpenStatic
rst.Open "Select * FROM Password2 WHERE UserID = " & Me.UName.Value

'Check value of password to see if this matches value chosen in
combo
box
'Test Code: If Me.PWord.Value = DLookup("Password", "Password2",
"[UserID]="
& Me.UName.Value) Then
If Me.PWord.Value = rst("Password") Then
MyUserID = Me.UName.Value

'Close logon form and open main switchboard
DoCmd.Close acForm, "Login2", acSaveNo
DoCmd.OpenForm "Main Switchboard"

Else
MsgBox "Password Invalid. Please Try Again", vbOKOnly, "Invalid
Entry!"
Me.PWord.SetFocus
End If

rst.Close
Set rst = Nothing

'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub

message
You haven't shown enough code then.

Where is intLogonAttempts defined? Is there any other code that
refers
to
intLogonAttempts?


--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


i'm sorry it intLogonAttempts = intLogonAttempts + 1 and still
noy
working
any ideas...thanks.

message
If that's an actual copy-and-paste, it would appear that you
have
a
typo.

intLogonAttempts = intLogonAttempts = 1

should be

intLogonAttempts = intLogonAttempts + 1

Of course, I wouldn't expect intLogonAttempts ever to be reset
to
1.
I
would
expect it to alternative between 0 (False) and -1 (True)

--
Doug Steele, Microsoft Access MVP

(no e-mails, please!)


why intLogonAttempts never become greater than 3... all other
code
works
great, but intLogonAttempts sets itself back to 1 after every
button
click...

Private Sub Login_Click()
'Check to see if data is entered into the UserName combo box
'Check to see if data is entered into the password box
' Open the table that contains the password.
'Declare and instantiate a Recordset Object
'Establish the connection and cursor type, and open the
recordset
'Check value of password to see if this matches value chosen
in
combo
box
'Close logon form and open main switchboard

'If User Enters incorrect password 3 times database will
shutdown
intLogonAttempts = intLogonAttempts = 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database.Please contact
admin.",
vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

username and password form 3
Filtering a form based on selection from combo box in another form 1
Problems with Code 1
Syntax error 6
password form not working need help 2
Filter Based on Log On 1
help with this code does not work urgent!!!!!!!!!!! 1
Parameter error box 3

Top