Error message needed upon duplicate username and password 3

[BvCF]

Have code below that I am trying to modify so that a error message will result if the same username and password is used by more than one person upon login.

So far, I have not been able to get this to work.

Any suggestions?


Private Sub cmdLogin_Click()
'************************ login sequence
'On Error GoTo local_err
DoCmd.RunCommand acCmdSaveRecord
'
GBL_Access_Level = "X"
GBL_Access_Level = Nz(DLookup("Access_Level", "Employees", "Username='" & Nz(Me.UserName, " ") & "' and password='" & Nz(Me.Password, " ") & "'"), "X")
'
If GBL_Access_Level = "X" Then
MsgBox "Invalid Username or Password... try again."
Exit Sub
End If
'
GBL_Employee_ID = Nz(DLookup("Employee_ID", "Employees", "Username='" & Nz(Me.UserName, " ") & "' and password='" & Nz(Me.Password, " ") & "'"), "X")
'
Me.TabCtl0.Pages.Item(0).Caption = "Welcome " & Nz(DLookup("Username", "L_Employees", "Employee_ID=" & get_global("Employee_ID")), "Invalid Login")

' setup privs based on employee or manager

' call subroutine to set access to forms
'
Call set_privs
'
' reset login screen fields
'
Forms!frmTabbed.Requery
Me.UserName = ""
Me.Password = ""
Me.TabCtl0.Pages.Item(2).SetFocus
Exit Sub
'
'local_err:
' MsgBox "unexpected error= " & Err.Description
' Resume ok_exit
'ok_exit:
'Exit Sub

End Sub

Public Sub set_privs()

Forms!frmTabbed.AllowAdditions = False
Forms!frmTabbed.AllowDeletions = False
Forms!frmTabbed.AllowEdits = False
Forms!frmTabbed.AllowFilters = False

Me!Contract.Enabled = False
Me!AccountID.Enabled = False

Select Case GBL_Access_Level
Case "M" ' manager
Me.TabCtl0.Pages.Item(1).Visible = True
Me.TabCtl0.Pages.Item(2).Visible = True
Me.TabCtl0.Pages.Item(3).Visible = True
Me.TabCtl0.Pages.Item(4).Visible = True

Forms!frmTabbed.AllowAdditions = True
Forms!frmTabbed.AllowDeletions = True
Forms!frmTabbed.AllowEdits = True
Forms!frmTabbed.Requery


Case "E" ' employee

Me.TabCtl0.Pages.Item(2).Visible = True
Me.TabCtl0.Pages.Item(4).Visible = True
Forms!frmTabbed.AllowAdditions = True
Forms!frmTabbed.AllowEdits = True

'frmTabbed.Requery Initially, this line did not work

Forms!frmTabbed.Requery

End Select
End Sub

 

[Zion7]

I believe you have no choice but, to store all login
values in a table?
Every time someone logs in, store the ID & Date, in a Table.
When new user logs in, use
DLookUp("","","Date = Date()AND ID = ID)

But, what if the same user wants to log in as himself,
Is this permissable?
Are you just trying to check if someone logs in as
someone else?

 

[TheAceMan1]

How are ya BvCF . . .

Just think about it for a second . . .

[blue]There's no way for access to know who's typing in username & password![/blue]

[purple]This is the door to hacking![/purple] . . . I'm not you . . . but if I find out . . . I can type in your username & password and gain access!

[blue]So your question is ambiguous! . . .[/blue]

See Ya! . . . . . .

 

[BvCF]

Well,

The usernames and passwords are currently stored in the database. What I am doing before putting the database in production is to think of all possible scenarios of security breaches.

Therefore, the following scenario;

If I have "SheilaB" and "today14" stored in the database as the username and password, respectively for Sheila Brown and Sheila signs in at 8:30 a.m. Now, if someone else tries to sign in at 9:00 a.m. with the same username and password that Sheila Brown uses, I would like the error message to display something like, "Invalid Login 'Computer name' - Each and every user should sign in with his/her own username and password. Your computer name has been identified..."

Ideally I would like to display the computer name of the person who is trying to login in with Sheila's username.

Is this possible?

 

[CaptainD]

If the users are logged into a network you can use an api to get their login name. I found this one for MS Access.

http://www.databasedev.co.uk/network_user.html

 

[Zion7]

Or, even some of these VBA functions,

strUser = Trim$(CurrentUser())
strComputer = Environ("COMPUTERNAME") '6
strLogOn = Replace(Environ("LOGONSERVER"), "\", "") '14
strUserName = Environ("UserName")

 

[BvCF]

Thanks for the insight.

Basically, I was looking for an IF statement on the login that will determine if a individual is trying to access the database with a username that is already logged in?

Pseudocode like the following
If Username already logged in
MsgBox "Invalid Login 'Username - Username already
something like, "Invalid Login 'strUser' - Each and every user should sign in with his/her own username and password. Your computer name has been identified..."
Exit Sub
End If

I am having difficulty trying to construct the logic to check for someone who is trying to use a username that is already logged in.

Maybe, this cannot be done.

Just trying to cover the scenario whereby a employee might have received knowledge of someone else's username and password. Although the possibility of this happening may exceed the probability of it actually occurring, I just wanted to cover all possible opportunites for security breach.

 

[TheAceMan1]

[blue]Just trying to cover the scenario whereby a employee might have received knowledge of someone else's username and password.[/blue]

As of december last year and as a matter of never being satisified with security, I've been researching [blue]FingerPrint Scanners![/blue] . . . Boy would this bring a vote of confidence for all admins!

However I've found one big problem with all readers I've reviewed (USB types only and average $30):

[blue]Data from the reader to the system is not encrypted and easily hacked as a result.[/blue]

In any case my point is . . . while your busy brainstorming pluging up all the security holes do a little research on these readers and be ready when someone releases a reader thats encrypted!

[blue]Your Thoughts? . . .[/blue]

See Ya! . . . . . .

 

[Zion7]

Outside of the thoroughness, that AceMan was ssuggesting,
An If statement would be something like,

Once a User logs on succesfully,
You insert data into "LogOn" table. Then check after subsequent logons,

CHECK FOR VALID USER
GBL_Access_Level = Nz(DLookup("Access_Level", "Employees", "Username='" & Nz(Me.UserName, " ") & "' and password='" & Nz(Me.Password, " ") & "'"), "X")

varReLog = DLookUp("pkLogOnID","tblLogOn","Date = Date()AND ID = " & Me.txtUserID)

'
If GBL_Access_Level = "X" Then
MsgBox "Invalid Username or Password... try again."
Exit Sub
ElseIF IsNull(varReLog) Then
MsgBox "Invalid Login 'Username - Username already
something like, "Invalid Login 'strUser' - Each and every user should sign in with his/her own username and password. Your computer name has been identified..."
Exit Sub

Else
CurrentProject.Connection.Execute _
"INSERT INTO tblLogOn(txtUserID,txtPassword,txtDate)" & _
" VALUES(" & Me.txtUserID & ",'" & txtPassword & "',#" & _
Me.txtDate & "#)
End If

 

[BvCF]

Bingo!

It appears that a tblLogOn is the way to go. Almost like an audit trail!

To follow up on this, I assume that the fields within tblLogOn will be "Username", "Password", "Date." Is this correct?

Then, each time a particular user logs into the database, his/her username, password, and date will be recorded in the tblLogOn. My understanding is that if someone else tries to login with the same username and password, they will not be able to because of the DLookUp on tblLogOn.

What if the "valid" user exits the database and wants to gain access later in the day?

This raises some interesting options.

It definitely appears that the use of the computer name and Environ username is preferable to the user of username and passwords that are stored within a local table in Access.

thanks for the insight.

 

[Zion7]

No, I would think ALL, would be necessary.
So that your DLookUp, would be more like...

varReLog = DLookUp("pkLogOnID","tblLogOn", _
"Date = Date()AND ID = " & Me.txtUserID) & _
" AND txtComputerName ='" & Environ(6) & "'" & _
" AND txtUserName ='" & Environ("UserName") & "'")

And your login table...

...
Else
CurrentProject.Connection.Execute _
"INSERT INTO tblLogOn(txtUserID,txtPassword,txtDate, txtComputerName, txtUserName)" & _
" VALUES(" & Me.txtUserID & ",'" & txtPassword & "',#" & _
Now & "#,'" & Environ(6) & "','" & _
Environ("UserName") & "'")
End If

And fields in your tblLogOn, according to what I
suggested (so you follow the code), are,
txtUserID, txtPassword, txtDate,txtComputerName, txtUserName


and whatever else you feel necessary to determine,
who, what & how are logging on.
...I like including the version, of my app, which I keep
in a Revision table(...yes, where I keep a record of all the revisions I make).

 

[BvCF]

I will try this within the next few minutes and post back.