User Password Verification Help

[Guest]

I currently have a simple pop-up form with an unbound combo field with row
source of (table: UserInformation) UserName, an unbound text box for a
password, and a command button reading "Log On."

What would be the simplest way I could set my "Log On" button to verify that
the typed in password matches the password listed in the UserInformation
table for that particular UserName?

And, if possible, display an error message if it does not match; or run a
macro if it does match.

I am running Access 2000, and cannot use Access Workgroup security functions
because the database will be used by several people on the same computer with
the same computer login.

Thank you,
Lea

 

[John Conklin]

Lea,

I am running Access 2000, and cannot use Access Workgroup security functions
because the database will be used by several people on the same computer with
the same computer login.

You should still be able to use the Access Workgroup security function. Just
create accounts for each different user and assign them to the appropriate
group. The application uses the password you set in the security manager,
not their computer login password.

~John

 

[Rick B]

Why are you recreating the wheeel and trying to "fake" security? Use the
built-n User-Level security that comes with Access. Your method can be
gotten around SOOOO easily.

Rick B

 

[Rick B]

Hit "send" too soon.

The access security features have nothing to do with one or more computers,
windows logon, etc. When one user is finished, close the database. When
the next one sits down, open it.

 

[Guest]

My purpose for password verification is not only about security - in fact, I
have no desire to limit access to any database objects. I am, however,
creating an automatic "stamp" of each users name on any action they take, and
I want to make sure one person does not log on with another person's stamp.
Additionally, I run several databases for different groups of people, and
this is the only one that needs any sort of password/security system.

I assume that password verification is possible because:
1. The Access format of "Password," and
2. Several people here have refenced their own user password problems -
wanting to allow users to change their passwords, etc.

Some method of in-database password-protection would be greatly welcomed.

Thanks!

 

[Guest]

Also forgot to mention, last time I tried to use the Access Security
mangement features, I somehow managed to severely corrupt not only my
original database, but also the backup copy I created beforehand just in case
I locked myself out. Copy-pasting individual tables, forms, reports, and
macros (that, for some reason, Access would not allow to be exported), was
not fun.

Lea

 

[George Nicholson]

Any chance the current users Network ID would be a sufficient paper trail?
(as opposed to letting them "choose" an identity)
http://www.mvps.org/access/api/api0008.htm

If there really a chance that person A is going to sit down at a computer
that Person B logged into and try to pretend they are person B, then I guess
you might need passwords. If so, I'll answer the question you originally
asked

What would be the simplest way I could set my "Log On" button to verify
that the typed in password matches the password listed in the
UserInformation
table for that particular UserName?

Private Sub LogOn_Click()
If Len(Me.txtUserName) = 0 Or Len(Me.txtPassword) = 0 Then Exit Sub

strPassword = dLookup("[Password]","tblUserInformation","[UserName] = '"
& Me.txtUserName & "'")
If strPassword = Me.txtPassword then
' Password matches:
(Do this: Insert "UserLogon" record into activity log, close popup,
open main form?)
Else
' Password DOES NOT match:
(Do this: do nothing/leave popup on screen?)
End If

'ErrorTrapping not shown
End Sub

HTH,

 

['69 Camaro]

Hi, Lea.

Also forgot to mention, last time I tried to use the Access Security
mangement features, I somehow managed to severely corrupt not only my
original database, but also the backup copy I created beforehand just
in case I locked myself out.

There are many causes of corruption of Access databases. Applying
user-level security is not one of them. If this is your only excuse for not
implementing user-level security to capture the user's name for
record-keeping purposes, then it's a poor one.

Copy-pasting individual tables, forms, reports, and
macros (that, for some reason, Access would not allow to be
exported), was not fun.

You needed to create a new database while joined to the secure workgroup as
a member of the Admins group, then import these objects as separate groups
(tables first, then queries, et cetera) from the secured database. You may
not have been able to get all of the objects (corrupted objects are often
difficult to export or import), but you likely would have gotten the vast
majority of the objects.

And wouldn't it be easier to use the simple CurrentUser method to stamp the
user's name on the record being created or altered than it is to write and
debug all the code necessary to implement and use your home grown security?

Me!LastUpdatedBy = CurrentUser

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)

 

[Guest]

Any chance the current users Network ID would be a sufficient paper trail?
(as opposed to letting them "choose" an identity)
http://www.mvps.org/access/api/api0008.htm

In my particular situation, I have been denied permission to create any
workgroups/user/administrative anything on the networks or computers. I'm
dealing with several people using the same computer, same computer login, etc.

If so, I'll answer the question you originally asked

Thank you -very- much.


I implemented the code you gave, which looks like it will meet my need very
well.My code currently reads:
Private Sub Logon_Click()
If Len(Me.txtUserName) = 0 Or Len(Me.txtPassword) = 0 Then Exit Sub
strPassword = DLookup("[Password]", "tblUserInformation", "[UserName] = '" &
Me.txtUserName & "'")
If strPassword = Me.txtPassword Then ' Password matches: (Do this: Insert
"UserLogon" record into activity log, close popup, open main form?)
Else ' Password DOES NOT match: (Do this: do nothing/leave popup on screen?)
End If
'ErrorTrapping not shown End Sub

Exit Sub

Access VB seems to insert a few spaces, or change case of letters. I don't
know if that's important or not.

So far, when I try the button, it pops up a Microsoft Visual Basic dialogue
box reading:
“Compile error: Method or data member not foundâ€
Visual Basic also opens and I see the code, with the following:
Highlighted in yellow - “Private Sub Logon_Click()
Highlighted in blue - “.txtUserName)†from line “If Len (Me.txtUserName) =
0 ....etc...â€

Any idea what the problem is and how to fix it?


Also, the code references a “UserLogon.†Is this an object I should have
somewhere else in my database?


Thank you so much for your help!

Lea

 

[Guest]

And wouldn't it be easier to use the simple CurrentUser method to stamp the
user's name on the record being created or altered than it is to write and
debug all the code necessary to implement and use your home grown security?

Me!LastUpdatedBy = CurrentUser

This tool seems very promising now, and particularly for possible future
projects. My only question is:
How do I determine who the current user is?

As mentioned in another post, I do not have the ability to create seperate
computer logins, and my Access Security Management attempts have been less
than stellar

Thank you for your advice.

Lea

 

[George Nicholson]

My code had the following assumptions, which you should change to fit your
form setup:
-Logon is the name of the command button (and the supplied code is meant to
be it's Click event)
-txtUserName & txtPassword are the names of textboxes on your form, from
which values are being read.

My code had the following assumptions, which you should change to fit your
Table/Field setup:
-tblUserInformation is the name of a table
-Password & UserName are the names of a field in that table

Regarding "UserLogon", no, it isn't something you should have. I didn't know
what exactly you wanted to do if the password matches. It was just an "idea"
placeholder.
--
George Nicholson

Remove 'Junk' from return address.

Any chance the current users Network ID would be a sufficient paper
trail?
(as opposed to letting them "choose" an identity)
http://www.mvps.org/access/api/api0008.htm

In my particular situation, I have been denied permission to create any
workgroups/user/administrative anything on the networks or computers. I'm
dealing with several people using the same computer, same computer login,
etc.

If so, I'll answer the question you originally asked

Thank you -very- much.


I implemented the code you gave, which looks like it will meet my need
very
well.My code currently reads:
Private Sub Logon_Click()
If Len(Me.txtUserName) = 0 Or Len(Me.txtPassword) = 0 Then Exit Sub
strPassword = DLookup("[Password]", "tblUserInformation", "[UserName] = '"
&
Me.txtUserName & "'")
If strPassword = Me.txtPassword Then ' Password matches: (Do this: Insert
"UserLogon" record into activity log, close popup, open main form?)
Else ' Password DOES NOT match: (Do this: do nothing/leave popup on
screen?)
End If
'ErrorTrapping not shown End Sub

Exit Sub

Access VB seems to insert a few spaces, or change case of letters. I don't
know if that's important or not.

So far, when I try the button, it pops up a Microsoft Visual Basic
dialogue
box reading:
"Compile error: Method or data member not found"
Visual Basic also opens and I see the code, with the following:
Highlighted in yellow - "Private Sub Logon_Click()
Highlighted in blue - ".txtUserName)" from line "If Len (Me.txtUserName)
=
0 ....etc..."

Any idea what the problem is and how to fix it?


Also, the code references a "UserLogon." Is this an object I should have
somewhere else in my database?


Thank you so much for your help!

Lea

 

['69 Camaro]

Hi, Lea.

How do I determine who the current user is?

The built-in Access function CurrentUser returns the UserID that was used to
log into the database. When the default workgroup is used, this is Admin.
When a secured workgroup is used, it will be the name typed into the "Name:"
text box in the Logon dialog window.

As mentioned in another post, I do not have the ability to create seperate
computer logins

So everybody is using the same computer and computer login ID, but your
application needs to be able to differentiate who is operating the computer
when each record is manipulated. A login with a password will accomplish
this.

If your goal is to become a proficient VBA programmer, then start by
creating a new text box on your form and name it txtUserName so that the
code George gave you will compile. Continue writing and debugging the rest
of the code needed to implement home grown security.

If you are using Access 2002 or 2003, and your goal is to make the
application as simple to write and maintain as possible, then:

1.) Add the LastUpdatedBy field to your table and the query used as the
recordset for your form; and
2.) Create a bound text box to this field on your form and name it
txtLastUpdatedBy; and
3.) Implement user-level security with the Security Wizard; and
4.) Place the following code in the module of each form that needs a name
stamp from whomever logged into your database application:

' * * * * * Code Start * * * * *

Private Sub Form_AfterUpdate()

On Error GoTo ErrHandler

Me!txtLastUpdatedBy = CurrentUser

Exit Sub

ErrHandler:

MsgBox "Error in Form_AfterUpdate( ) in" & vbCrLf & Me.Name & _
" form." & vbCrLf & vbCrLf & _
"Error #" & Err.Number & vbCrLf & Err.Description
Err.Clear

End Sub

' * * * * * Code End * * * * *

Whenever a new user needs to use the database application, all he needs to
do is double-click on the shortcut icon (created by the Security Wizard or
by you) on the desktop, type his name and password in the Logon dialog
window, then operate the application. Each updated record or new record
will have the UserID of the person who logged into the application placed in
the LastUpdatedBy field of the table. When the next user needs to use the
application, he closes Access, then the next user double-clicks on the
shortcut icon on the desktop, types his name and password in the Logon
dialog window, then operates the application, too.

my Access Security Management attempts have been less
than stellar

Excellent! This means you've had practice with user-level security and you
already know plenty of things _not_ to do. You also know how frustrating it
can be when things go wrong, so you practice on a copy of your database,
instead of the original. Most people who use Access are complete novices
when it comes to user-level security, so you are way ahead of them.

User-level security is not simple, but the important things to remember are:

1.) Follow all of the steps, in order. Don't skip any.

2.) Make sure that the user is joined to the default workgroup, but uses a
shortcut to open the secure database, which temporarily joins the user to
the secure workgroup while the database is open. This way the user will
only be prompted for UserID and password for the secured databases, not the
unsecure ones.

3.) Practice on a copy first, then implement security on the production
version.

For #1, the best set of instructions I've seen is Joan Wild's (Access MVP)
step-by-step instructions on this Web page:

http://www.JMWild.com/AccessSecurity.htm

(You still need to read the SecFAQ on this Web page for background
information and troubleshooting

http://support.microsoft.com/default.aspx?scid=/support/access/content/secfaq.asp

For #2, please see the tip "How to open databases and only be prompted for
User ID and password for the secure databases" for instructions on how to
create the shortcut on the following Web page:

http://www.Access.QBuilt.com/html/security.html

HTH.

Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips.

(Please remove ZERO_SPAM from my reply E-mail address, so that a message
will be forwarded to me.)