login form 1

[OCM]

Greetings,
We’ve a login form that was created by former employee. After noticing that one can access the DB by simply clicking login button (without entering username and password), I made some modification to prompt users enter username and password to access the DB, which seems to work partially. I’ve attached a document to show the test result and the area I still need to modify.
Below is part of the code used:

Option Compare Database
Public gblUserNm As String
Private Sub cmdClose_Click()
'Close The Login and Close Database Once Cancel It Clicked
On Error GoTo err_cmdClose_Click
DoCmd.Quit
Exit_cmdClose_Click:
    Exit Sub
    err_cmdClose_Click:
    MsgBox Err.Description
    Resume Exit_cmdClose_Click
   End Sub
Private Sub cmdLOGIN_Click()
'Check to see if data is entered into the UserName combo box
    If IsNull(Me.txtUserNm) Or Me.txtUserNm = "" Then
      MsgBox "You must enter a User Name.", vbOKOnly, "Required Data"
      Me.txtUserNm.SetFocus
        Exit Sub
    End If

    'Check to see if data is entered into the password box
    If IsNull(Me.txtPWD) Or Me.txtPWD = "" Then
      MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
        Me.txtPWD.SetFocus
        Exit Sub
    End If
  
End Sub
Private Sub Form_Open(Cancel As Integer)
'Once Form Is Open Enable Everything and Set Focus To User Name Field
    Application.SetOption "Confirm Action Queries", False
    Me.txtAttempts = 0
    Me.txtUserNm.SetFocus
End Sub
    MsgBox "Password Is Invalid - Try Again!", vbCritical + vbOKOnly, "INVALID PASSWORD"
    Me.txtInvalidPW = "Y"
    Me.txtAttempts = Me.txtAttempts + 1
    If Me.txtAttempts = 3 Then
        MsgBox "Check Password And Try Again" & vbCrLf & "       GOOD-BYE", vbCritical + vbOKOnly, "TRY 
        AGAIN LATER"
                DoCmd.Quit
          Else
         Me.txtPWD.SetFocus
        Me.cmdLOGIN.Enabled = False
        ' Me.cmdLOGIN.Enabled = True
    End If
End If

End Sub
Private Sub txtUserNm_BeforeUpdate(Cancel As Integer)
'Check To See If User Are Valid. Look Into The Table To Get User Status
  Dim strStatus As String
  Dim strSQL    As String
  Dim db        As DAO.Database
  Dim rstStatus As DAO.Recordset
  Set db = OpenDatabase("location of DB")
  Set rstStatus = db.OpenRecordset("tblLOGIN", dbOpenTable)
  rstStatus.Index = "USERNM"
  rstStatus.Seek "=", Me.txtUserNm
  
  If rstStatus.NoMatch Then  '*** User Name not found! ***
  MsgBox " Invalid User Name - Try Again!", vbCritical + vbOKOnly, "INVALID USER NAME"
  Me.txtValidUser = "N"
  Me.txtAttempts = Me.txtAttempts + 1

 If Me.txtAttempts = 3 Then
  MsgBox "Check User Name And Try Again" & vbCrLf & "       GOOD-BYE", vbCritical + vbOKOnly, "TRY AGAIN LATER"
        DoCmd.Quit
           Else
        ' Me.cmdLOGIN.Enabled = False
        Me.cmdLOGIN.Enabled = True
    End If
       End If
      rstStatus.Close  '*** Clean Up ***
End Sub
Private Sub txtUserNm_GotFocus()
'Check Users Information If Valid Then Set Focus To Password Otherwise Close
    If Me.txtValidUser = "Y" And Me.txtInvalidPW = "Y" Then
        Me.txtPWD.SetFocus
    End If
    End Sub

Can you please assist?

TIA
Regards,


OCM

 

[Andrzejek]

Looks like this piece of code - some verification of a password - does not belong to any Sub (procedure) and it should give you an error while compiling.
Also, you should have an [tt]Option Explicit[/tt] at the top of your code.

...
    MsgBox "Password Is Invalid - Try Again!", vbCritical + vbOKOnly, "INVALID PASSWORD"
    Me.txtInvalidPW = "Y"
    Me.txtAttempts = Me.txtAttempts + 1
    If Me.txtAttempts = 3 Then
        MsgBox "Check Password And Try Again" & vbCrLf & "       GOOD-BYE", vbCritical + vbOKOnly, "TRY 
        AGAIN LATER"
                DoCmd.Quit
          Else
         Me.txtPWD.SetFocus
        Me.cmdLOGIN.Enabled = False
        ' Me.cmdLOGIN.Enabled = True
    End If
End If

End Sub
...

---- Andy

There is a great need for a sarcasm font.

 

[OCM]

Andy, thank you for your feedback.
Do I need to enter Option Explicit only once at the top of my code?
The code you mentioned does not belong to any sub…etc. was part of the after-update event of password button (below)

Private Sub txtPWD_AfterUpdate()
'Password validation
Dim db As DAO.Database
Dim rstUser As DAO.Recordset
Dim strUserNm As String
Dim intNum As Integer

'Set db = CurrentDb     'set db to DB folder
Set db = OpenDatabase("DB folder path")
Set rstUser = db.OpenRecordset("tblLOGIN")
strUserNm = txtUserNm
rstUser.Index = "USERNM"
rstUser.Seek "=", strUserNm

If rstUser!EncryptPWD = Me.txtPWD Then
    'Enable certain options on the main menu screen depending on access levels
    If Me.txtPWD = "S900" Then
        DoCmd.OpenForm "frmMainMenu"
        Forms!frmMainMenu!optMaintenance.Enabled = False
        Forms!frm#1.Enabled = True
        DoCmd.Close acForm, "frmLogin"
    Else
        If Me.txtPWD Like "S500" Then
….

TIA

Regards,



OCM

 

[Andrzejek]

Do I need to enter Option Explicit only once at the top of my code?"
You should have [tt]Option Explicit[/tt] at the top of your code in every form, module, etc. That ensures you have all your variables declared before you use them. That prevents a lot of problems in coding.

You can have it happen auto-magically
In Access, go to Tools - Options... Editor tab, and check "Require Variable Declaration" check box.
This way you will get [tt]Option Explicit[/tt] for any new coding.

BTW, this:

If IsNull(Me.txtPWD) Or Me.txtPWD = "" Then

you may have just this way:

If Trim(Me.txtPWD & "") = "" Then

---- Andy

There is a great need for a sarcasm font.

 

[OCM]

Andy, thank you.

Right now, if I do not enter a valid user name & password and click login button, I get a message saying: you must enter a user name”
I entered a wrong user name and clicked login button.
I got “Invalid user name – try again!” and
I got “you must enter a password”
I entered a wrong password and clicked login
I got Run-time error ‘3021’ no current record.
I clicked “End” which allows me to access the DB (not good)

Is it possible to modify the code so that I do not get the run-time error prompt? Instead, display a message and exit the DB after the 3rd unsuccessful attempt?

TIA

Regards


OCM

 

[Andrzejek]

You should put some break points in your code and step thru your code to see where the problem is.


---- Andy

There is a great need for a sarcasm font.

 

[combo]

You need to analyse the logic of verification. Error just closes the form. IMHO you need something like (in pseudocode):

If UserName & "" = "" Then
    Info_UserName_Required
Else
    Check_UserName_IsInDatabase
    If UserName_IsInDatabase = False Then
        Info_UserName_Invalid
        Exit Sub
    Else
        Check_IsPassword
        If IsPassword = False Then
            Info_Password_Required
            End Sub
        Else
            Check_UserNameValidPassword
            If UserNameValidPassword = False Then
                WrongPasswordCounter = WrongPasswordCounter + 1
                If WrongPasswordCounter = 3 Then
                    Info_ByeBye
                    Action_CloseDatabase
                Else
                    Info_TryNewPassword
                End If
            Else
                Action_UserAndPasswordOK
            End If
        End If
    End If
End If

combo

 

[OCM]

Thanks,

I did put something together and seems to work partially. I’ve included the code and below is my test and the result:

1. Input a wrong username, click “Login”
Result: 1st prompt: Invalid User Name – Try Again!
2nd prompt: Please enter Password
I would like to limit the attempts to 3 and prompt users to contact administrator. Please enter Password should appear ONLY after a
valid username is entered

2. Leave username blank, input wrong password, click “Login”
Result: Run-time error’94” Invalid use of Null
I clicked “End” and I was prompted to “Please enter UserName”

a. I would like to avoid getting run-time error
b. Instead, I would like users to receive “Invalid Username or Password” and “Please contact your administrator” after the 3rd attempts.

Private Sub cmdClose_Click()
'Close The Login and Close Database Once Cancel It Clicked
On Error GoTo err_cmdClose_Click

DoCmd.Quit

Exit_cmdClose_Click:
    Exit Sub
    
err_cmdClose_Click:
    MsgBox Err.Description
    Resume Exit_cmdClose_Click
    
End Sub

Private Sub cmdLOGIN_Click()

''Check to see if data is entered into the UserName and password box
    If IsNull(Me.txtUserNm) Then
      MsgBox "Please enter UserName", vbOKOnly, "Required Data"
      Me.txtUserNm.SetFocus
       
   ElseIf IsNull(Me.txtPWD) Then
   MsgBox "Please enter Password", vbOKOnly, "Required Data"
        Me.txtPWD.SetFocus
      Else
  'Check to see if data entered into the UserName and Password box matches to tblLOGIN
  If (IsNull(DLookup("USERNM", "tblLOGIN", "USERNM = '" & Me.txtUserNm.Value & "' And PWD = '" & Me.txtPWD.Value & "'"))) Then
   MsgBox "Invalid Username or Password!"
  
      Exit Sub
'Else
MsgBox "Password Is Invalid - Try Again!", vbCritical + vbOKOnly, "INVALID PASSWORD"
Me.txtInvalidPW = "Y"
Me.txtAttempts = Me.txtAttempts + 1
If Me.txtAttempts = 3 Then
MsgBox "Check Password And Try Again" & vbCrLf & "       GOOD-BYE", vbCritical + vbOKOnly, "TRY AGAIN LATER"
        
 DoCmd.Quit
       
Else
 Me.txtPWD.SetFocus
 Me.cmdLOGIN.Enabled = False
 Me.cmdLOGIN.Enabled = True
 End If

Private Sub txtUserNm_BeforeUpdate(Cancel As Integer)
'Check To See If User Are Valid. Look Into The Table To Get User Status

  Dim strStatus As String
  Dim strSQL    As String
  Dim db        As DAO.Database
  Dim rstStatus As DAO.Recordset
  Set db = OpenDatabase("path")
  Set rstStatus = db.OpenRecordset("tblLOGIN", dbOpenTable)
  rstStatus.Index = "USERNM"
  rstStatus.Seek "=", Me.txtUserNm
  
  If rstStatus.NoMatch Then  '*** User Name not found! ***
  MsgBox " Invalid User Name - Try Again!", vbCritical + vbOKOnly, "INVALID USER NAME"
  Me.txtValidUser = "N"
  Me.txtAttempts = Me.txtAttempts + 1

 If Me.txtAttempts = 3 Then
  MsgBox "Check User Name And Try Again" & vbCrLf & "       GOOD-BYE", vbCritical + vbOKOnly, "TRY AGAIN LATER"
        DoCmd.Quit
           Else
        ' Me.cmdLOGIN.Enabled = False
        Me.cmdLOGIN.Enabled = True
    End If
      
  End If
  
    rstStatus.Close  '*** Clean Up ***
End Sub

TIA
Regards,


OCM

 

[Andrzejek]

I would like to limit the attempts to 3 and prompt users to contact administrator. Please enter Password should appear ONLY after a
valid username is entered"

I would have a different approach, and I tell you why.
If you validate username separately, and only after valid user name you allow to enter the password, if I would hack into your system I have better change to figure out valid user name first, and then I would concentrate on hacking the password.

I would have on my login form:
txtLoginName text box
txtPassword text box
cmdLogIn command button, Enabled = False
cmdCancel command button (optional)

cmdLogIn would be 'grayed out' (not Enabled) until there is some text in both text boxes: Login Name and Password

I use something like this:
[tt]cmdLogIn.Enabled = Len(Trim(txtLoginName)) * Len(Trim(txtPassword))
[/tt]
and I would ask for UserName and Pasword and THEN validate both at the same time in cmdLogIn giving the user 3 attempts with the message: "Invalid Username or Password”


---- Andy

There is a great need for a sarcasm font.

 

[OCM]

Andy, thanks. Your suggestions make sense.
On my form, I already have txtloginNM, txtPWD, cmdLogin etc.
Based on your suggestions, and looking at my code (previous post) can you please point me where I need to modify my code?

TIA
Regard,


OCM

 

[Andrzejek]

I would have something like this (kind-of pseudo code):

Option Explicit

Private Sub txtloginNM_Change()
    Call EnableLogin
End Sub

Private Sub txtPWD_Change()
    Call EnableLogin
End Sub

Private sub EnableLogin()
    cmdLogin.Enabled = Len(Trim(txtloginNM)) * Len(Trim(txtPWD))
End Sub

Private Sub cmdLOGIN_Click()
Static intAttempt As Integer
[green]
'Check to see if data entered into the UserName and Password box matches to tblLOGIN[/green]
If (IsNull(DLookup("USERNM", "tblLOGIN", "USERNM = '" & _
    Me.txtUserNm.Value & "' And PWD = '" & Me.txtPWD.Value & "'"))) Then

    intAttempt = intAttempt + 1
    txtloginNM.SetFocus
    cmdLOGIN.Enabled = False

    MsgBox "Invalid Username or Password!" 
Else[green]
    'BINGO - all is OK, let them in  :-)[/green][red]
    'Allow User access to your DB here[/red]
End If

If intAttempt = 3 Then
    MsgBox "Check Password And Try Again" & vbCrLf & _
            "       GOOD-BYE", vbCritical + vbOKOnly, "TRY AGAIN LATER"
    DoCmd.Quit
End If
   
End Sub

---- Andy

There is a great need for a sarcasm font.

 

[OCM]

Andy,
Thanks, this seems to work for now (users can not access the DB without a valid username/password). But, I suggested to the management to redesign the user access to make it more secure.

I appreciate all your help.

Regards,

OCM

 

[Andrzejek]

If their Login Name is the one they log into Windows, you may want to pre-populate the [tt]txtloginNM[/tt] text box with their login this way:

txtloginNM = UCase(Environ$("USERNAME"))

---- Andy

There is a great need for a sarcasm font.

 

[OCM]

Andy, thanks.
Correct, their login name is the same as their windows login. Where in my code do I incorporate your suggestion (syntax)?

TIA
Regards,

OCM

 

[Andrzejek]

Somewhere at the beginning of the life of your login form, like a Form Load, Initialize, etc.


---- Andy

There is a great need for a sarcasm font.

 

[OCM]

Okay, thanks.

I'll try it and post back if I've any questions.

Regards,

OCM