Limit Login Attempts

[data808]

Does anyone know how hard it would be to implement something like this? I was thinking after 3 login attempts, lock the user's account and only the person with an admin account can go in and reset it. Here is the code I am using at the moment:

Private Sub cmdLogin_Click()
Dim validCredentials As Integer
Dim userLevel As Variant
Dim ID As Integer
On Error GoTo ErrHandler:
validCredentials = DCount("Username", "[tblUser]", "[Username] ='" & txtUsername & "' AND [Password]='" & txtPassword & "'")

If Me.txtUsername = "blah" And Me.txtPassword = "blahblah" Then
DoCmd.Close
DoCmd.OpenForm "Hacked", acNormal, , , acFormAdd
Exit Sub
End If

If IsNull(Me.txtUsername) Then
MsgBox "Please Enter Username", vbInformation, "Username Required"
Me.txtUsername.SetFocus
ElseIf IsNull(Me.txtPassword) Then
MsgBox "Please Enter Password", vbInformation, "Password Required"
Me.txtPassword.SetFocus
Else
ID = DLookup("UserID", "tblUser", "Username = '" & Me.txtUsername.Value & "'")
If validCredentials = 1 And Me.txtPassword = "password" Then
DoCmd.Close
MsgBox "Please Change Password", vbInformation, "New Password Required!"
DoCmd.OpenForm "Change Password", , , "[UserID] = " & ID
Else
If validCredentials = 1 Then
userLevel = Nz(DLookup("UserSecurity", "[tblUser]", "[Username]='" & txtUsername & "'"), 0)
If userLevel = "Admin" Then
DoCmd.Close
DoCmd.OpenForm "Main Menu_admin"
ElseIf userLevel = "Supervisor" Then
DoCmd.Close
DoCmd.OpenForm "Main Menu_sup"
Else
DoCmd.OpenForm "Splash Screen Load"
End If
Else
MsgBox "Invalid Username Or Password!", vbExclamation, "UNAUTHORIZED!"
Me.txtPassword.SetFocus
End If
End If
End If
Exit Sub


ErrHandler:
MsgBox "Unable To Authenticate At This Time. Contact System Administrator For Help."
Me.txtUsername.SetFocus
Exit Sub

End Sub

Anyone have any ideas? Thanks.

Also got another question since I have this code posted, does anyone know why I can't use the same username with a different password? The code will always use the later security level. For example:

I set one user's account as:
Username = user1
Password = hello
Security Level = admin



Then I set another user's account as:
Username = user1
Password = bye
Security Level = supervisor

No matter which password I use, it will default to the supervisor account. Its like the code does not stop at the first valid credential. It will find one then keep going and find the other but use the second security level it finds. Does anyone know how to fix that so I can use the same username more than once if I need to but I will always separate it by different passwords. Either that or make the form or table not allow duplicates or something. Any help is appreciated. Thanks.

[June7]

Usernames should not be duplicated.

The DLookup should return value from first record found that matches the criteria.

[amrut]

Add a hidden text box txtAttempts to the form and replace your code

MsgBox "Invalid Username Or Password!", vbExclamation, "UNAUTHORIZED!"

with

Code:

Me.txtAttempts.Value = Me.txtAttempts.Value + 1
MsgBox "Invalid Username Or Password!"  & vbCrLf & "Login attempt " & Me.txtAttempts.Value & " of 3 failed", vbExclamation, "UNAUTHORIZED!"

With the value of this text box you can lock out the user.

Code:

If Me.txtAttempts.Value = 3 Then
'code to lock out user/password reset 
EndIf

[data808]

How do I make a msgbox to let the user know they cannot use this username because it is already being used by another user?

Does this code do all that I need? Sounds like I'm going to have to code to do a password reset which I have no idea how to do that. Can you assist further. Thanks for the help.

[amrut]

How do I make a msgbox to let the user know they cannot use this username because it is already being used by another user?

Use separate forms for logging users in and adding/modifying user credentials.
Use combo box with values from your tbluser on your login form instead of text box for user names.

Sounds like I'm going to have to code to do a password reset which I have no idea how to do that

Add a boolean field for "password reset" to this table. If user exceeds 3 tries, change this value using code and then only person who has access to form adding/modifying user credentials can reset this value.
Hope this helps.