Hello,
On my database I have a login system. The login system restricts the number of failed attempts, locks account, expires password and encrypts the password with MD5 encryption before writing them in the table. I pass the username between forms in order to restrict certain controls on each form based on the users' access level. The way I have it right now is that upon the user's successful login, a form is opened invisibly and the username is passed on to an unbound control on this form. The appropriate event of each control that I want to restrict, runs a DLookup for the access level of the username in the unbound field of the invisible form and then proceeds accordingly. The code is similar to the following:
If DLookup("AccessLevel","tblUsers","[Username]=' " & Forms!frmInvisible.txtUnboundField & " ' ")= ... then ...
This works great most of the time, however I have experienced that occasionally this will not work at all. The event of some of the controls will not do anything at all as if there were no code behind them, which I think might be because the unbound field on the invisible form is blank. And some controls give a message saying the referenced form was not found, as if the form never opened or got closed.
I am certain that the form is not closed by any other event except the on timer event of the invisible form itself, which closes all the opened forms if a 15 minute idle time is detected and puts the users behind the login screen. But, the login form re-opens the form and pass on the username to it when the login is successful.
I wonder why this method does not always work, and if there is a more reliable and effective method to do this. Is it possible to have a function holding the username and can be checked by events of my controls? If yes, how can I do it.
Thanks in advance.