Hello.. I am currently developing a database, and want it to be secure, which seems to be a mountain to climb in access 2013...
I have, through google and such, pieced together a sort of "User Level Security". Now... firstly, it works, almost the way I want it to, but i feel like there are two problems.
Firstly, I am very new to VBA coding... Very little experience.. So the fact that I got it to work at all is astounding to me.
Anyhow.. Here are my issues. I feel like it could be neater.. I have all kinds of code crammed into all kinds of places. I want it to be efficient, not cluttered, but have no idea of how to do this.
And secondly, I have seen ways or more accurately, gleened, that it is possible to attached windows login credentials to the database via VBA. I would love to be able to use this information for security.
I guess what I'm asking is, how can this be more efficient, and how can it be more secure, while easy.
here is the first portion.
Code:
'------Options----------
Option Compare Database
Option Explicit
'-------------Constants--------------------
Global Const MAX_LOGIN_ATTEMPTS As Long = 3
Global Const MAX_PASSWORD_FAILS As Long = 3
'-----Variables--------
Global nCounter As Long
Global sEc As String
Global User As String
Global User2 As String
Global un As String
Global Target As String
Global mCounter As Long
Global Inf As String
This is in a global module.
Second Portion
Code:
Private Sub Command1_Click()
User = DLookup("[First Name]", "tblUser", "[UserName] ='" & Me.UsrName.Value & "'")
sEc = DLookup("[Security Level]", "tblUser", "[UserName] ='" & Me.UsrName.Value & "'")
User2 = DLookup("[Second Name]", "tbluser", "[Username] ='" & Me.UsrName.Value & "'")
un = DLookup("[UserName]", "tbluser", "[Username] ='" & Me.UsrName.Value & "'")
Target = DLookup("[email]", "tbluser", "[Username] ='" & Me.UsrName.Value & "'")
Inf = DLookup("[Info]", "tbluser", "[Username] ='" & Me.UsrName.Value & "'")
If sEc = "user" Then
DoCmd.ShowToolbar "ribbon", acToolbarNo
DoCmd.ShowToolbar "menu bar", acToolbarNo
Else
DoCmd.ShowToolbar "menu bar", acToolbarYes
DoCmd.ShowToolbar "ribbon", acToolbarYes
If sEc = "reader" Then
DoCmd.ShowToolbar "ribbon", acToolbarNo
DoCmd.ShowToolbar "menu bar", acToolbarNo
Else
DoCmd.ShowToolbar "menu bar", acToolbarYes
DoCmd.ShowToolbar "ribbon", acToolbarYes
End If
End If
If sEc = "banned" Then
MsgBox "Your account has been banned due to a security breach.", vbOKOnly
DoCmd.Quit
Else
If sEc = "locked" Then
MsgBox "Your account has been locked due to repeated failed password attempts." & vbCrLf & vbCrLf & _
"Please contact the database administrator."
Me.UsrName = Null
Me.UsrPass = Null
Else
If IsNull(Me.UsrName) Then
MsgBox "Please type in your UserName!", vbCritical
Me.UsrName.SetFocus
Else
If Me.UsrPass = "password" Then
DoCmd.OpenForm "pwchangesf", , , "[UserName] ='" & Me.UsrName.Value & "'"
MsgBox "Please change your password before you continue.", , "Password Change"
DoCmd.Close acForm, "Loginfrm"
Else
If Me.UsrPass = DLookup("[Password]", "tbluser", "[UserName] ='" & Me.UsrName & "'") Then
DoCmd.OpenForm "NavigationHome"
Forms("NavigationHome").signstatus = "Sign out?"
DoCmd.Close acForm, "loginfrm"
Else
nCounter = nCounter + 1
If nCounter < MAX_PASSWORD_FAILS Then
MsgBox "Password does not match, " & vbCrLf & _
"You have " & (MAX_PASSWORD_FAILS - nCounter) & " attempts remaining.", vbOKOnly
Me.UsrPass = Null
Me.UsrPass.SetFocus
Else
MsgBox "Your account has been locked due to repeated failed password attempts." & vbCrLf & vbCrLf & _
"Please contact the database administrator."
DoCmd.OpenForm "locked", , , "[username] ='" & Me.UsrName & "'"
DoCmd.Close acForm, "loginfrm"
End If
End If
End If
End If
End If
End If
End Sub
This is in the loginfrm Form
third portion
Code:
Private Sub Form_Timer()
Me.UsrLogged = (User & " " & User2 & " " & "[" & sEc & "]")
If sEc <> "user" And _
sEc <> "reader" Then
DoCmd.SelectObject acTable, , True
Me.TimerInterval = 0
Else
DoCmd.SelectObject acTable, , True
DoCmd.RunCommand acCmdWindowHide
Me.TimerInterval = 0
End If
MsgBox "Welcome, " & User & "!" & vbCrLf & _
"Please make your selection.", , "Welcome"
End Sub
This is in the navigationhome form.
Any advice / comments / concerns or anything else would be helpful.