I have a login form which actually checks username , password and user access level before it grants a user access to the system.
Upon debugging these few days, i noticed something strange.
Lets say i have these three login details:
Username: Colins
access_level: Administrator
Password : system
Username: Alfred
access_level: Administrator
Password : monitor
Username: Cobblod
access_level: Secretary
Password : freedom
For one reason or the other, i can pick colins' username and Alfred's password and the system still logs me in and give me administrator access.
Also, I can picK Alfred's username and Cobblod's password and the system will log me in with secretary access.
I have checked through my code and seem not to find out which line went wrong. Will be glad if the house could run a check for me.
Below are my codes for your checking.
Code:
Dim FIRST_NAME As Variant, access_level As Variant
If Trim(Me.txt_username.Value & vbNullString) = vbNullString Then
MsgBox prompt:="Username should not be left blank.", buttons:=vbExclamation, title:="SYSTEM"
Me.txt_username.SetFocus
Exit Sub
End If
If Trim(Me.txt_password.Value & vbNullString) = vbNullString Then
MsgBox prompt:="Password should not be left blank.", buttons:=vbExclamation, title:="SYSTEM"
Me.txt_password.SetFocus
Exit Sub
End If
' RETREIVE FROM SAVED QUERY
' ASSUMES EVERY USER GIVEN A NON-NULL ACCESS LEVEL
FIRST_NAME = DLookup("FirstName", "tbl_login", "StrComp(username, '" & Me.txt_username.Value & "', " & vbBinaryCompare & ") = 0")
access_level = DLookup("access_level", "tbl_login", "StrComp(password, '" & Me.txt_password.Value & "', " & vbBinaryCompare & ") = 0")
If IsNull(FIRST_NAME) = True Then
MsgBox prompt:="Incorrect username/password. Try again.", buttons:=vbCritical, title:="SYSTEM"
Me.txt_username.SetFocus
Exit Sub
End If
If access_level = DLookup("access_level", "tbl_login", "StrComp(password, '" & Me.txt_password.Value & "', " & vbBinaryCompare & ") = 0") Then
MsgBox prompt:="Welcome, " & FIRST_NAME & ".", buttons:=vbOKOnly, title:="SYSTEM"
Else
MsgBox prompt:="Incorrect username/password. Try again.", buttons:=vbCritical, title:="SYSTEM"
Exit Sub
End If
'arnelgp
'save the first_name and access_level to Tempvars
TempVars("First_Name") = FIRST_NAME
TempVars("Access_Level") = access_level
TempVars("user") = Me.txt_username.Value
' CONDITIONALLY OPEN FORMS
Select Case access_level
Case "Administrator"
DoCmd.OpenForm "A"
Case "Accounts"
DoCmd.OpenForm "B"
Case "Secretary"
DoCmd.OpenForm "C"
End Select