Security form

[Peter McCartney]

Hello All! A97 Thanking anyone for assistance.

For this I have a table called "Trego" with the fields:
1. ID - autonumber
2. Rego - number
3. Password - text - input mask set to password
4. Name - text

I have put the data in that is required for the above table that covers
these 5 users.
I want the 5 users to be able to change their own password themselves,
instead of me doing it.

The form I am using to change the password is called "fchange"
The fields on it are called, [Rego], [Password] with a unbound text box
called [newpassword].

With code:
************************************************
Private Sub Password_AfterUpdate()
Dim strfilter As String

strfilter = "Password = " & Me!Password
strfilter = "rego = " & Me!rego

If me!password = Dlookup("password", "trego",strfilter) And me!rego =
Dlookup("rego", "trego", strfilter) then

msgbox "ID confirmed. Enter new Password!"

Docmd.GotoControl "Newpassword"

End if
End sub
***********************************************
The user then enters their new password.

The unbound textbox [newpassword] has the code in the afterupdate section

***********************************************
Me!Password = Me!Newpassword
***********************************************

Now! when the user gets a verification that both [rego] & [password] are
correct, I need to be able to change the existing data, not add another
record. Perhaps a SQL statement, but I am unsure of how to do it.

Peter McCartney

 

[TC]

How do stop someone looking directly into the table to see all the names &
passwords?

TC

 

[TC]

Ok!

So let me see if I have this right. Your form can initially see every record
in the password table. But the reader can not see the passwords, because
they are obscured by using a Password mask. When the user enters an old
password, you filter the form to that one record, then let him type a new
password into the new-password box. Then you want to update the new password
into that record of the table.

Correct?

If so, here's what I would do. Make the form an *unbound* form. That is, do
not base it on a table. Make it a single-record form (if it is not already).
Have an "old password" textbox, and a "new password" one. Code an
AfterUpdate event for the new password box. In that event, put something
like this (untested):

dim db as database
set db = currentdb()
db.execute "UPDATE MyTable" & _
" SET [Password]=""" & me![txtNewPassword] & _
""" WHERE [Password]=""" & me![txtOldPassword] & """", _
dbfailonerror
select case db.recordsaffected
case 0: msgbox "Unknown old password!"
case 1: msgbox "Old password updated ok!"
case else: msgbox "Oops!!"
end select
set db = nothing

The "oops!", is this: there is no guarantee that each user has a different
password. So your scheme is fundamentally flawed in assuming that a given
password identifies a single user! But try it out anyway, for learning
purposes.

Other things you'd need to consider:
- check the old password box was entered (not blank) before trying the
update;
- ditto for the new password box;
- check they're not identical.

HTH,
TC

The only thing I do is hide the table and forms concerned.
The thing I am trying to get around is more of a educational issue for me re
access.

Peter

How do stop someone looking directly into the table to see all the names &
passwords?

TC

Hello All! A97 Thanking anyone for assistance.

For this I have a table called "Trego" with the fields:
1. ID - autonumber
2. Rego - number
3. Password - text - input mask set to password
4. Name - text

I have put the data in that is required for the above table that covers
these 5 users.
I want the 5 users to be able to change their own password themselves,
instead of me doing it.

The form I am using to change the password is called "fchange"
The fields on it are called, [Rego], [Password] with a unbound text box
called [newpassword].

With code:
************************************************
Private Sub Password_AfterUpdate()
Dim strfilter As String

strfilter = "Password = " & Me!Password
strfilter = "rego = " & Me!rego

If me!password = Dlookup("password", "trego",strfilter) And me!rego =
Dlookup("rego", "trego", strfilter) then

msgbox "ID confirmed. Enter new Password!"

Docmd.GotoControl "Newpassword"

End if
End sub
***********************************************
The user then enters their new password.

The unbound textbox [newpassword] has the code in the afterupdate section

***********************************************
Me!Password = Me!Newpassword
***********************************************

Now! when the user gets a verification that both [rego] & [password] are
correct, I need to be able to change the existing data, not add another
record. Perhaps a SQL statement, but I am unsure of how to do it.

Peter McCartney

 

[Peter McCartney]

The only thing I do is hide the table and forms concerned.
The thing I am trying to get around is more of a educational issue for me re
access.

Peter

How do stop someone looking directly into the table to see all the names &
passwords?

TC

Hello All! A97 Thanking anyone for assistance.

For this I have a table called "Trego" with the fields:
1. ID - autonumber
2. Rego - number
3. Password - text - input mask set to password
4. Name - text

I have put the data in that is required for the above table that covers
these 5 users.
I want the 5 users to be able to change their own password themselves,
instead of me doing it.

The form I am using to change the password is called "fchange"
The fields on it are called, [Rego], [Password] with a unbound text box
called [newpassword].

With code:
************************************************
Private Sub Password_AfterUpdate()
Dim strfilter As String

strfilter = "Password = " & Me!Password
strfilter = "rego = " & Me!rego

If me!password = Dlookup("password", "trego",strfilter) And me!rego =
Dlookup("rego", "trego", strfilter) then

msgbox "ID confirmed. Enter new Password!"

Docmd.GotoControl "Newpassword"

End if
End sub
***********************************************
The user then enters their new password.

The unbound textbox [newpassword] has the code in the afterupdate section

***********************************************
Me!Password = Me!Newpassword
***********************************************

Now! when the user gets a verification that both [rego] & [password] are
correct, I need to be able to change the existing data, not add another
record. Perhaps a SQL statement, but I am unsure of how to do it.

Peter McCartney

 

[Peter McCartney]

Thanks 4 your time & effort

Peter

Ok!

So let me see if I have this right. Your form can initially see every record
in the password table. But the reader can not see the passwords, because
they are obscured by using a Password mask. When the user enters an old
password, you filter the form to that one record, then let him type a new
password into the new-password box. Then you want to update the new password
into that record of the table.

Correct?

If so, here's what I would do. Make the form an *unbound* form. That is, do
not base it on a table. Make it a single-record form (if it is not already).
Have an "old password" textbox, and a "new password" one. Code an
AfterUpdate event for the new password box. In that event, put something
like this (untested):

dim db as database
set db = currentdb()
db.execute "UPDATE MyTable" & _
" SET [Password]=""" & me![txtNewPassword] & _
""" WHERE [Password]=""" & me![txtOldPassword] & """", _
dbfailonerror
select case db.recordsaffected
case 0: msgbox "Unknown old password!"
case 1: msgbox "Old password updated ok!"
case else: msgbox "Oops!!"
end select
set db = nothing

The "oops!", is this: there is no guarantee that each user has a different
password. So your scheme is fundamentally flawed in assuming that a given
password identifies a single user! But try it out anyway, for learning
purposes.

Other things you'd need to consider:
- check the old password box was entered (not blank) before trying the
update;
- ditto for the new password box;
- check they're not identical.

HTH,
TC

The only thing I do is hide the table and forms concerned.
The thing I am trying to get around is more of a educational issue for

me

re
access.

Peter

names

&

passwords?

TC


Hello All! A97 Thanking anyone for assistance.

For this I have a table called "Trego" with the fields:
1. ID - autonumber
2. Rego - number
3. Password - text - input mask set to password
4. Name - text

I have put the data in that is required for the above table that covers
these 5 users.
I want the 5 users to be able to change their own password themselves,
instead of me doing it.

The form I am using to change the password is called "fchange"
The fields on it are called, [Rego], [Password] with a unbound text box
called [newpassword].

With code:
************************************************
Private Sub Password_AfterUpdate()
Dim strfilter As String

strfilter = "Password = " & Me!Password
strfilter = "rego = " & Me!rego

If me!password = Dlookup("password", "trego",strfilter) And me!rego =
Dlookup("rego", "trego", strfilter) then

msgbox "ID confirmed. Enter new Password!"

Docmd.GotoControl "Newpassword"

End if
End sub
***********************************************
The user then enters their new password.

The unbound textbox [newpassword] has the code in the afterupdate section

***********************************************
Me!Password = Me!Newpassword
***********************************************

Now! when the user gets a verification that both [rego] & [password]

are