Results 1 to 5 of 5
  1. 08-11-2023, 04:38 PM #1
    Emmanuel
    Emmanuel is offline Competent Performer
    Windows 11 Access 2016
    Join Date
    Jan 2020
    Posts
    272

    Unsual login details issues

    I have a login form which actually checks username , password and user access level before it grants a user access to the system.
    Upon debugging these few days, i noticed something strange.

    Lets say i have these three login details:

    Username: Colins
    access_level: Administrator
    Password : system

    Username: Alfred
    access_level: Administrator
    Password : monitor




    Username: Cobblod
    access_level: Secretary
    Password : freedom


    For one reason or the other, i can pick colins' username and Alfred's password and the system still logs me in and give me administrator access.
    Also, I can picK Alfred's username and Cobblod's password and the system will log me in with secretary access.

    I have checked through my code and seem not to find out which line went wrong. Will be glad if the house could run a check for me.


    Below are my codes for your checking.

    Code:
    Dim FIRST_NAME As Variant, access_level As Variant

If Trim(Me.txt_username.Value & vbNullString) = vbNullString Then
    MsgBox prompt:="Username should not be left blank.", buttons:=vbExclamation, title:="SYSTEM"
    Me.txt_username.SetFocus
    Exit Sub
End If


If Trim(Me.txt_password.Value & vbNullString) = vbNullString Then
    MsgBox prompt:="Password should not be left blank.", buttons:=vbExclamation, title:="SYSTEM"
    Me.txt_password.SetFocus
    Exit Sub
End If


' RETREIVE FROM SAVED QUERY
' ASSUMES EVERY USER GIVEN A NON-NULL ACCESS LEVEL
FIRST_NAME = DLookup("FirstName", "tbl_login", "StrComp(username, '" & Me.txt_username.Value & "', " & vbBinaryCompare & ") = 0")
access_level = DLookup("access_level", "tbl_login", "StrComp(password, '" & Me.txt_password.Value & "', " & vbBinaryCompare & ") = 0")






If IsNull(FIRST_NAME) = True Then
   MsgBox prompt:="Incorrect username/password. Try again.", buttons:=vbCritical, title:="SYSTEM"
   Me.txt_username.SetFocus
   Exit Sub
End If


If access_level = DLookup("access_level", "tbl_login", "StrComp(password, '" & Me.txt_password.Value & "', " & vbBinaryCompare & ") = 0") Then


MsgBox prompt:="Welcome, " & FIRST_NAME & ".", buttons:=vbOKOnly, title:="SYSTEM"


Else
MsgBox prompt:="Incorrect username/password. Try again.", buttons:=vbCritical, title:="SYSTEM"
Exit Sub


End If


    'arnelgp
    'save the first_name and access_level to Tempvars
    TempVars("First_Name") = FIRST_NAME
    TempVars("Access_Level") = access_level
    TempVars("user") = Me.txt_username.Value
    


   ' CONDITIONALLY OPEN FORMS
   Select Case access_level
         Case "Administrator"
         DoCmd.OpenForm "A"
         


         Case "Accounts"
         DoCmd.OpenForm "B"
         


         Case "Secretary"
         DoCmd.OpenForm "C"
         
         
   End Select
    Reply With Quote Reply With Quote
  2. 08-11-2023, 05:06 PM #2
    June7's Avatar
    June7
    June7 is online now VIP
    Windows 10 Access 2010 32bit
    Join Date
    May 2011
    Location
    The Great Land
    Posts
    52,929
    Because currently the name and level lookups are independent of each other.

    First check for password against given name and if there is a match, then get the level for the validated user, not password. You need an If Then block.
    Code:
    If StrComp(DLookup("password", "tbl_login", "username='" & Me.txt_username & "'"), Me.txt_password, vbBinaryCompare) = 0 Then
      access_level = DLookup("access_level", "tbl_login", "username='" & Me.text_username & "'")
End If
    Might want to do a DLookup on the username to first make sure they have actually entered a valid username.
    Last edited by June7; 08-11-2023 at 08:55 PM.
    How to attach file: http://www.accessforums.net/showthread.php?t=70301 To provide db: copy, remove confidential data, run compact & repair, zip w/Windows Compression.
    Reply With Quote Reply With Quote
  3. 08-11-2023, 11:55 PM #3
    Emmanuel
    Emmanuel is offline Competent Performer
    Windows 11 Access 2016
    Join Date
    Jan 2020
    Posts
    272
    Quote Originally Posted by June7 View Post
    Because currently the name and level lookups are independent of each other.

    First check for password against given name and if there is a match, then get the level for the validated user, not password. You need an If Then block.
    Code:
    If StrComp(DLookup("password", "tbl_login", "username='" & Me.txt_username & "'"), Me.txt_password, vbBinaryCompare) = 0 Then
      access_level = DLookup("access_level", "tbl_login", "username='" & Me.text_username & "'")
End If
    Might want to do a DLookup on the username to first make sure they have actually entered a valid username.
    You were right with what you said.
    I made the changes as you suggested and was able to achieve the results I needed.

    Thanks so much for your time
    Reply With Quote Reply With Quote
  4. 08-12-2023, 12:40 AM #4
    isladogs's Avatar
    isladogs
    isladogs is offline MVP / VIP
    Windows 10 Office 365
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    5,977
    Thanks for making me the administrator....
    Colin, Access MVP, Website, email
    The more I learn, the more I know I don't know. When I don't know, I keep quiet!
    If I don't know that I don't know, I don't know whether to answer
    Reply With Quote Reply With Quote
  5. 08-12-2023, 02:43 AM #5
    Emmanuel
    Emmanuel is offline Competent Performer
    Windows 11 Access 2016
    Join Date
    Jan 2020
    Posts
    272
    Quote Originally Posted by isladogs View Post
    Thanks for making me the administrator....
    😅😅😅
    You are always welcome my boss 👍🏽
    Reply With Quote Reply With Quote
Please reply to this thread with any new information or opinions.
« Previous Thread | Next Thread »

Similar Threads

  1. Having Issues with Login Attempt incrementation
    By sgreenman in forum Programming
    Replies: 7
    Last Post: 06-08-2020, 04:54 PM
  2. User Login Details!
    By cap.zadi in forum Forms
    Replies: 32
    Last Post: 12-03-2018, 11:51 AM
  3. After Login I want to open a Forum with the worker details but only show by worker ID
    By IAFerrari in forum Programming
    Replies: 5
    Last Post: 10-23-2016, 07:35 AM
  4. Creating a Form holding details from a users login
    By macftm in forum Forms
    Replies: 6
    Last Post: 12-12-2011, 01:28 PM
  5. Create a Form which Displays User Details from Login form
    By macftm in forum Forms
    Replies: 1
    Last Post: 12-11-2011, 11:48 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Other Forums: Microsoft Office Forums