Creating a login form in Microsoft Access using macros, without VBA. - ms-access

I've looked around for ages and I haven't found an answer to my problem so I was hoping someone here could help me.
I am creating a system using Microsoft Access where I have a members table containing a username and password and various other fields such as date of birth, etc.
I want to create a form where users can enter a username and password. By clicking a button on this form, these details will then be checked against the usernames and passwords in the members table. If the details match, a message will be displayed saying they have logged in. If the details are not found in the table, a message saying the details are incorrect will show.
How can I do this without using VBA?
I have started by creating a form called loginform with two text boxes loginusername and loginpassword.
Where should I go from here?

The VBA solution shouldn't be that complicated. A quick and dirty solution:
Dim Result as Variant
Result=Dlookup("Password","tblMembers","UserName='" & nz(loginusername.value,"") & "'")
If nz(Result,"")<>nz([login password].value,"") Then
MsgBox "Invalid password"
Else
MsgBox "Password correct"
End If

'set the variables
Dim UN As String
Dim PW As String
Dim user, pass As Boolean
'make sure none of the fields are null, or blank
UN = Text
PW = Text
If IsNull(Username) Then
MsgBox "You must enter a username."
Username.SetFocus
Else
'assign true to user
user = True
End If
If IsNull(Password) Then
MsgBox "You must enter a password."
Password.SetFocus
Else
pass = True
End If
If user = True And pass = True Then
UN = DLookup("[Username]", "LoginTable", "[Username]= '" & Me.Username & "'")
PW = DLookup("[Password]", "LoginTable", "[Password] = '" & Me.Password & "'")
End If
If Me.DummyUser = Me.Username And Me.DummyPass = Me.Password Then
MsgBox "Access granted."
Else
MsgBox "Access denied."
End If

Related

Unwanted Scientific Notation in MS Access

I'm encountering a very strange problem with MS Access. I have some VBA code used on a password reset form. The code hashes the input password and then saves the hash to a table of users. Here's a relevant snippit:
If newPW1 = newPW2 Then
MsgBox ("Passwords Match!")
hashPW = Encrypt(newPW1)
MsgBox ("HashedPW is " & hashPW)
updatePW = "UPDATE Users SET Password = " & hashPW & " WHERE Username = pwChangeUsrnm"
DoCmd.RunSQL (updatePW)
the MSGboxes are my debugging notes. I know the hash generates properly as a long string of numbers, all well and good. When I go into the datasheet for the Users table though, the number has always been converted into scientific notation.
Here's a screenshot of the data sheet. bob.smith is an example of what I end up with after the code runs, the other two are gibberish I entered manually. The field is formatted as a string, so I'm not sure why it would even try to convert the number into SN when as far as I can tell the item is always a string.
I'm thinking the error must creep in around the SQL query? If there's a better way of doing this then I'm all ears.
Thanks in advance for your help!
datasheet
design view
Complete code, just in case:
Option Compare Database
Private Sub Command84_Click()
Dim hashPW As String
Dim updatePW As String
Dim checkName As String
checkName = Nz(DLookup("Username", "Users", "Username = pwChangeUsrnm"), "aaa")
MsgBox ("checkName set to " & checkName)
If pwChangeUsrnm = checkName Then
MsgBox ("Username Found")
If newPW1 = newPW2 Then
MsgBox ("Passwords Match!")
hashPW = Encrypt(newPW1)
MsgBox ("HashedPW is " & hashPW)
updatePW = "UPDATE Users SET Password = " & hashPW & " WHERE Username = pwChangeUsrnm"
DoCmd.RunSQL (updatePW)
Else
MsgBox ("Passwords Do Not Match!")
End If
Else
MsgBox ("Username not found")
End If
End Sub
I think Andre has the right of it. I tried adjusting the hashing code to add a letter character and this worked, but then I needed to go back and add the single quote around the hashed PW value- which probably would have made the code work even without adding the letter:
If newPW1 = newPW2 Then
MsgBox ("Passwords Match!")
hashPW = Encrypt(newPW1)
MsgBox ("HashedPW is " & hashPW)
updatePW = "UPDATE Users SET Password = '" & hashPW & "' WHERE Username = pwChangeUsrnm"
DoCmd.RunSQL (updatePW)
A thanks to Zaph's second comment on security as well, I'll take that all into account. For the purposes of this database security isn't too much of a concern as it will be sitting behind existing security measures. The hashing of passwords is more just to avoid ever displaying the passwords in plain text. Nevertheless it's useful to know about these extra functions.

How to use Dlookup in Microsoft access

I am trying to use DLookup to check a text field against a database value except it returns an error when I try to do so. MemberID is the username and is being found using txtUsername field and the password is obviously password which are both retrieved from the Member table.
Here is the code:
Private Sub btnLogin_Click()
If Me.txtPassword.Value = DLookup("[Password]", "Member", "MemberID =
Me.txtUsername.Value") Then
MsgBox "Access Granted", vbInformation, "CD Shop"
MsgBox "Welcome", vbInformation, "CD Shop"
DoCmd.Close
DoCmd.OpenForm "frmGymActivity"
Else
MsgBox "Please re-enter your Username and Password."
End If
End Sub
You need to use proper quoting and string concatenation, to make sure you're passing a string with the value you want.
If Me.txtPassword.Value = DLookup("[Password]", "Member", "MemberID = " & Me.txtUsername.Value) Then
I am assuming MemberID is a number.

Auto populate user id based on login info

I am working on a sales CRM database in MS access 2010. I am trying to auto populate usernames in various forms.
The DB loads to a login page, asking for username and password. The username is set in the Employee table, not based on Windows login. The employee table has the following fields (EmpID PK, firstname, lastname, phone, email, notes, title, username TEXT, password).
I have two tables (Customer Contact and Leads) that require an employee to 'take ownership' of the activity. I would like the employee field to auto populate based on who is logged in.
Here is the code behind the OK button on my login page:
Private Sub Command1_Click()
If IsNull(Me.txtUserID) Then
MsgBox "Please enter user name.", vbInformation, "User Name Required"
ElseIf IsNull(Me.txtPassword) Then
MsgBox "Please enter password.", vbInformation, "Password Required"
Me.txtPassword.SetFocus
Else
'process the job
If (IsNull(DLookup("[UserName]", "tblEmployee", "[UserName] ='" & Me.txtUserID.Value & "' And password = '" & Me.txtPassword.Value & "'"))) Then
MsgBox "Incorrect user name or password."
Else
Me.Visible = False
DoCmd.OpenForm "frmHome"
End If
End If
End Sub
Using Environ("username") will return the value of the current users username. Using environ("userdomain") will return the value of the current users domain.
In your immediate window, do a ?Environ("username") to test and see what you get
On the form where you want users to take ownership, you can have a command button the user clicks to take ownership, you can get the users username from Environ("username") and update the user as the owner in your table.
No need for the logon page (unless you want extra security), your application will always know who the user is.
Also, in your queries that feed your forms, you can have =Environ("username") as the from argument on the username field to show the users the records they own.
HTH
You need to either store the users name in a global variable, or write it to a temporary table.
To store it in a global variable simply declare it in a module
Dim strUser as String
Then modify your login form code like this
If (IsNull(DLookup("[UserName]", "tblEmployee", "[UserName] ='" & Me.txtUserID.Value & "' And password = '" & Me.txtPassword.Value & "'"))) Then
MsgBox "Incorrect user name or password."
Else
Me.Visible = False
strUser=Me.txtUserID.Value
DoCmd.OpenForm "frmHome"
End If
This has the downside of having its value dropped any time a debug/error occurs that is unhandled. It has the upside of being fast and easy to use.
EDIT:
I would go for a local table personally. Make sure you DELETE * FROM tblLocalTableName on application close/logout, and on startup. If you need help with either implementation, let me know.
EDIT:
For a local table, create a table in Access in the frontend file. Lets call it 'tblLocalVars'. Primary key text field, lets name it 'Key', and another text field, let's call it 'Val'. Add a row to this table, Key='LoggedUser' and leave Val empty.
Then on your login form, the code would look something like this:
Private Sub Command1_Click()
If IsNull(Me.txtUserID) Then
MsgBox "Please enter user name.", vbInformation, "User Name Required"
ElseIf IsNull(Me.txtPassword) Then
MsgBox "Please enter password.", vbInformation, "Password Required"
Me.txtPassword.SetFocus
Else
'process the job
If (IsNull(DLookup("[UserName]", "tblEmployee", "[UserName] ='" & Me.txtUserID.Value & "' And password = '" & Me.txtPassword.Value & "'"))) Then
MsgBox "Incorrect user name or password."
Else
CurrentDB.Execute "UPDATE tblLocalVars SET Val='" & Me.txtUserID & "' WHERE Key='LoggedUser'"
Me.Visible = False
DoCmd.OpenForm "frmHome"
End If
End If
End Sub
Now whenever you want to get the current users username, you can use this:
Dlookup("Val","tblLocalVars", "Key='LoggedUser'")
Now you just need to add this to the logout code:
CurrentDB.Execute "UPDATE tblLocalVars SET Val='' WHERE Key='LoggedUser'"
Make sure you add this code to the Unload event on your login form.

in MS ACCESS, is it possible to do: DoCmd.OpenForm "Dlookup...."?

MS Access 2013
I have a tblUser table with following data (UserName / Password / StartForm)
I have a login system in place where user puts in form field called txtLogin his UserName.
After UserName and Password matches, I need to open a specific form for each user (depending on his function in the company).
I have this code in place but can't figure out the problem.
DoCmd.OpenForm DLookup("StartForm", "tblUser","[UserName]='" & txtLogin & "';")
I am only starting programming and I want to learn, not copy/paste code, so I appreciate very much if you can give me a simple explanation.
Thank you
The first parameter to DoCmd.OpenForm is the form name. To open the form to a specific parameter you need to use the
4th parameter which is the WhereCondition.
The Dlookup function is not necessary here. It is used to return a single column from a single record where the sourced column is the first parameter and the source table is the second parameter. It knows what record to grab by the search criteria, the third parameter.
The way you have this set up you are asking DoCmd.OpenForm to open a form by the name of [the result of your DLookup call] with no filter applied.
What you want is more like this
DoCmd.OpenForm NameOfYourUserForm, acNormal, , "[UserName]='" & txtLogin & "'"
I was able to solve the problem as following.
I created a variable for the form I want to call (nomeForm) and I used Dlookup to find appropriate form to each user.
Thank you
Private Sub cmdLogin_Click()
Dim rst As Recordset
Dim nomeUsuario As String
If IsNull(txtLogin) Or IsNull(txtSenha) Then
MsgBox "Preencha o login e senha"
Exit Sub
End If
nomeUsuario = txtLogin
Set rst = CurrentDb.OpenRecordset("SELECT * FROM tblUser WHERE UserName = '" & txtLogin & "' AND Password = '" & txtSenha & "';")
If rst.RecordCount = 1 Then
bcansafelyclose = True
DoCmd.Close
Dim nomeForm As String
nomeForm = DLookup("Start", "tblUser", "UserName = '" & nomeUsuario & "'")
DoCmd.OpenForm nomeForm
Else
MsgBox "Login ou senha incorretos"
bcansafelyclose = False
End If
rst.Close
End Sub

Is this kind of login possible in VBA?

I work on Access Project, but I think there is nothing specific to Access in this question.
I have a form and it's possible to open it only if you are in the table of authenticated users (and I authenticate user by his windows username) - I know it is lame authentication.
Here's the code I've put into form open event:
Private Sub Form_Open(Cancel As Integer)
If DCount("User_Id", "Users", "[username]='" & (Environ$("Username")) & "'") Then
Else
MsgBox "Access Denied!"
DoCmd.Quit
End If
End Sub
What I want to accomplish is that when MsgBox "Access Denied!" is displayed, if I type certain word (something as password) before clicking on OK button, that DoCmd.Quit is not executed. I don't want to display anything, just type in the password.
I don't need this desperately, I just want to make this for fun. And I think it would be really cool if it's possible with VBA.
I tested this in Access 2007 and I think the logic is what you want, or at least it's close. Please consider using something like the WindowsUser() function below to get the Windows user name. I get that this is just for fun, so you don't care now. However, keep this point in mind for anything you do care about in the future. Environ("USERNAME") as a security measure is trivially easy to defeat.
Const cstrYourPassword As String = "let me in"
Dim blnGoodbye As Boolean
Dim lngButtons As Long
Dim strPrompt As String
Dim strPassword As String
strPrompt = "Access Denied!" & vbCrLf & vbCrLf & _
"Click Retry to try with password" & vbCrLf & _
"or Cancel to quit."
lngButtons = vbCritical + vbRetryCancel
If MsgBox(strPrompt, lngButtons) = vbRetry Then
strPassword = InputBox("Password:")
If strPassword = cstrYourPassword Then
MsgBox "Welcome " & WindowsUser
Else
blnGoodbye = True
End If
Else
blnGoodbye = True
End If
If blnGoodbye = True Then
MsgBox "That's all folks."
'DoCmd.Quit ' <- enable this when ready.
End If
Use this instead of Environ("USERNAME").
Public Function WindowsUser() As String
Static strUserName As String
If Len(strUserName) = 0 Then
strUserName = CreateObject("WScript.Network").Username
End If
WindowsUser = strUserName
End Function
The following should work, but you may want to modify it to set the password to something better or if you want more than one password. Anyone who knows how to read the code will be able to find out the password as well, so maybe it would be better to put it in the database somewhere?
Const sPassword As String = "PASSWORD"
Const sMESSAGE As String = "Please enter your password"
Const sTITLE As String = "Enter Password"
Dim sInput As String
sInput = InputBox(sMESSAGE, sTITLE)
If sInput <> Password Then
MsgBox "Access Denied!"
DoCmd.Quit
End If