www.Usenet.com
www.Usenet.com
| <-- __Chronological__ --> | <-- __Thread__ --> |
"Dag Sunde" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> "A Future Computer Scientist" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > Dag, I am following what you are saying, but I just can't get it to
work.
> I
> > have the user login data table set up in Access and I FINALLY got the
> > password protection working. But it's the coding for the form.
> >
> > I'm assuming that using SQL code is what I would be using to compare the
> > user name & password. SO far, I can't get the coding to work. So, I'm
> trying
> > to do something different. Here's the coding:
> >
> > Private Sub cmdLoginAccept_Click()
> > 'Dim UserName As Text, Password As Text
> > datUserLogin.Recordset.Field ("UserName")
> > datUserLogin.Recordset.Field ("Password")
>
> The statements above doesn't *do* anything!
>
> >
> > 'If txtUsernameBox.Text = ("UserName") And txtPasswordBox =
> ("Password")
> > Then
> >
> > If UCase(txtPasswordBox.Text) = UCase(txtPasswordBox.Tag) And
> > ElseIf UCase(txtUsernameBox.Text = UCase(txtUsernameBox.Tag)
> > Then
> > frmDatabaseIntroPage.Show
> > Unload Me
>
> The syntax of the code above is illegal: If xxx And ElseIf ... Then ???
> ...and why do you compare the .text of the textbox with the .Tag attribute
> of the same textbox?
>
That coding "seemed" logical to me to work, but like I said, I didn't know
how go about it and I wasn't confident in the code anyway. My thinking was
to use the data control to link to the username/password table. And
whenever the username and password were entered in, the username and
password would be compared to the specific combination in the table. And
then if it work, then it would show the main form. I forgot about the TAG
part. I don't have anything in the TAG. That's part of the original code I
had for just comparing just the password.
>
> > I'm using the Data Control object as the link between the login form
and
> > the table. On the form, I have it invisible. I really think it would
work,
>
> When you use a datacontrol and just link up the whole table, the
datacontrol
> contains *all* the users in the table. You need to ask for the specific
> username
> entered into the textbox.
>
>
> > but at runtime and I try to enter a username-password combo, the error
> comes
> > up here---> If UCase(txtPasswordBox.Text) = UCase(txtPasswordBox.Tag)
And
> > ElseIf UCase(txtUsernameBox.Text = UCase(txtUsernameBox.Tag)
> > Then
> >
> > Am I close or am I still far off?
>
> Coding and syntaxwise, I'm afraid you're still far off...
>
> Drop the datacontrol!
>
> Create and connect an ADODB.Connection object to your database,
> and use sql to find a user-record that contains the username.
> If found, compare the retreived password with the entered
> password:
I guess that's why any SQL code I tried putting in didn't work because I
have the connects as MS Jet.
>
>
> Dim cn as ADODB.Connection
> Set cn = New ADODB.Connection
>
> cn.Open "Your connection string or ODBC Alias here..."
>
> Dim rs As ADODB.RecordSet
> Dim sSQL as String
>
> sSQL = "SELECT Password FROM UserTable "
> sSQL = sSQL & " WHERE UserName = '" & txtUserName & "'"
>
> Set rs = cn.Execute(sSQL)
>
> If not rs.Eof Then
> If rs("Password") = txtPassword.Text Then
> MsgBox "Login Successful", vbExclamation, "Login"
> Else
> MsgBox "Invalid Password", vbCritical, "Login"
> End If
> Else
> MsgBox "Invalid UserName", vbCritical, "Login"
> End If
>
> rs.Close
> cn.Close
>
This part here is the ELSE part of the code that I didn't put in. So going
from your example, I at least have that right and I actually know it works
because when I had just a password login, it worked. But I think I'm on the
same page with you now.
>
> --
> Dag.
>
>
> >
> >
> > "Dag Sunde" <[EMAIL PROTECTED]> wrote in message
> > news:[EMAIL PROTECTED]
> > > "A Future Computer Scientist" <[EMAIL PROTECTED]> wrote in message
> > > news:[EMAIL PROTECTED]
> > > > Ok..my bad. I created a login form with just entering in a password
to
> > log
> > > > them in to the application, rather than a login name and password.
But
> > I'm
> > > > think it would probably make sense to have a login name as well.
> > > >
> > > > My problem is where to go from just having the form created. I'm
going
> > to
> > > > assign passwords (and usernames, if I decide to do that). If I'm
> > > assigning
> > > > the names and passwords, do I have to them(the login names and
> > passwords)
> > > in
> > > > a file so that when a user enters them in, it can access the file to
> > check
> > > > for the right combination. I'm asking because I have no idea where
how
> > to
> > > do
> > > > this. I have my old VB book from school and I can actually create
the
> > > coding
> > > > for entering in a password. But, I'm still not getting it as far as
> > > > security.
> > > >
> > > > Does it mean that if you just put in any password that anyone could
> use
> > > the
> > > > application? The application is a database with very sensitive data,
> the
> > > > reason for a password. Or would it just be easier to set the
security
> up
> > > in
> > > > Access and then connect that to VB? I don't even know if I'm asking
> this
> > > > right or not.
> > >
> > >
> > > Your last paragraph is very close!
> > >
> > > * You create a table in your DB called "User", with two columns:
> > > "Name" and "Pwd"
> > > * Turn on security on Access, and give it a password only you
> > > (and your application) knows about.
> > > * In the login form, connect your App to the DB (with the secret
> > > password), and do a "SELECT Pwd FROM User WHERE Name = '" & txtUser
&
> > "'"
> > > * Compare the returned pwd, if any with the contents of txtPwd
> > > on the form
> > > * ... you get the rest. Point is, your App knows the password to the
> > > db itself, not the users. the users passwords is stored in the DB,
> > > and is your apps responsibility to check.
> > >
> > > --
> > > Dag.
> > >
> > >
> > >
> >
> >
>
>
| <-- __Chronological__ --> | <-- __Thread__ --> |
