UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Reset User Password Woes, Access 2016    
 
   
sommersgj
post Jul 10 2019, 11:16 AM
Post#1



Posts: 12
Joined: 29-November 18



Hello UA Community!

I am attemtping to create a reset password form, 'frmResetPassword.' I am very much a novice, so I tend to scour the interwebs for code I need. If it does not work I tend to massage it until I'm out of options, then I hop on here hoping to pick your brains!

Here is my code for resetting a password:

Private Sub cmdReset_Click()
If Me.txtOldPassword.Value = DLookup("Password", "tblPersonnel", [UserName] = """ & Me.txtUserName & """") Then
GoTo Line1:
Else: MsgBox ("Password Is Incorrect")
Me.txrOldPassword.SetFocus
End If

Line1:
If (Me.txtNewPass1 = Me.txtNewPass2) Then
CurrentDb.Execute "UPDATE tblStaff ' " _
& "Set Password = Me.txtNewPass2' " _
& "Where UserName = Me.txtUserName';"
MsgBox ("Your password has now been updated")

Else: MsgBox "New password does not match"

End If
End Sub

The Run-Time error I receive is 3125: " Set Password = Me.txtNewPass" is not a valid name. Make that is does not include invalid characters or purchase and that is is not too long. I am truly at a loss...do any of you fine folks have a solution(s) I can try? Thank you!!

Joe
Go to the top of the page
 
nuclear_nick
post Jul 10 2019, 11:28 AM
Post#2



Posts: 1,758
Joined: 5-February 06
From: Ohio, USA


Whereas 'Me' is a keyword that refers to the currently open and active form... inside SQL it can't see the 'Me'.

You can either call the form explicitly, set the values to variables first, or use what you used earlier in the 'DLookup'...
CODE
DLookup("Password", "tblPersonnel", [UserName] = """ & Me.txtUserName & """")

… that last part, where the Me.txtUserName is, surrounded by & and "" characters.

Does that help?

--------------------
"Nuclear" Nick
____________
The top three reasons to hide code; 1) It's not your own. 2) It's your own, but it's so crappy you don't want anyone to see it. 3) The comments in your code would get you in a lot of trouble if ever made public.
Go to the top of the page
 
sommersgj
post Jul 10 2019, 11:35 AM
Post#3



Posts: 12
Joined: 29-November 18



Nick,

Thanks for the reply! I found the quotes excessive as well! The site I copied the code from had those quotes in the code he posted that he said worked. I forgot to fix that part when I copied the code in here. I have fixed that portion to show:

DLookup("Password", "tblPersonnel", [UserName] = " & Me.txtUserName & ")

I am not sure if that is the problem because the deb highlights the Line1 code:

Line1:
If (Me.txtNewPass1 = Me.txtNewPass2) Then
CurrentDb.Execute "UPDATE tblStaff ' " _
& "Set Password = Me.txtNewPass2' " _
& "Where UserName = Me.txtUserName';"
MsgBox ("Your password has now been updated")
This post has been edited by sommersgj: Jul 10 2019, 11:37 AM
Go to the top of the page
 
nuclear_nick
post Jul 10 2019, 12:08 PM
Post#4



Posts: 1,758
Joined: 5-February 06
From: Ohio, USA


I think you misunderstood...

The quotes are needed around strings in a query, just as the octothorpe ( or hashtag or pound sign, whatever you want to call it) is needed to surround dates.

Let's try it this way... here's what I was suggesting...
CODE
Private Sub cmdReset_Click()

If Me.txtOldPassword.Value = DLookup("Password", "tblPersonnel", [UserName] = """ & Me.txtUserName & """") Then

  GoTo Line1

Else

  MsgBox ("Password Is Incorrect")

  Me.txrOldPassword.SetFocus

End If

Line1:

If (Me.txtNewPass1 = Me.txtNewPass2) Then

  CurrentDb.Execute "UPDATE tblStaff ' " _
      & "Set Password = '" & Me.txtNewPass2 & "' " _
      & "Where UserName = '" & Me.txtUserName & "';"

  MsgBox ("Your password has now been updated")

Else

  MsgBox "New password does not match"

End If

End Sub


It's still not quite right... if I were doing it for myself, I'd do it without the 'Goto'. But see if you can spot the main differences I was talking about in my first reply.

--------------------
"Nuclear" Nick
____________
The top three reasons to hide code; 1) It's not your own. 2) It's your own, but it's so crappy you don't want anyone to see it. 3) The comments in your code would get you in a lot of trouble if ever made public.
Go to the top of the page
 
nvogel
post Jul 10 2019, 12:53 PM
Post#5



Posts: 966
Joined: 26-January 14
From: London, UK


It has to be said that this kind of thing - inventing your own authentication mechanism and storing usernames and passwords in a database - is an incredibly bad idea. Make sure you are familiar with the data protection laws and regulations in your locality. Make the users / stakeholders aware of the limitations and that this is not a good way to secure their data.
Go to the top of the page
 
WildBird
post Jul 10 2019, 11:28 PM
Post#6


UtterAccess VIP
Posts: 3,576
Joined: 19-August 03
From: Auckland, Little Australia


QUOTE
inventing your own authentication mechanism and storing usernames and passwords in a database - is an incredibly bad idea


Agree wholeheartedly. I have to encrypt files where I work. Cant get SQL Server, so have to use VBA. I have it so that if a file is lost, there is no storing of any password within that file. The passwords are stored in another file, that is encrypted, on a 'secure' network, and hidden. The table is not named 'password' nor is any function named with password in its name. Its security through obscurity. Not very secure at all, but will stop the most basic of people trying to get the data. Having a table named tblPersonnel with a field named 'Password' is probably as less secure as you can make it.

--------------------
Beer, natures brain defragging tool.
Go to the top of the page
 
isladogs
post Jul 11 2019, 12:17 AM
Post#7


UtterAccess VIP
Posts: 1,451
Joined: 4-June 18
From: Somerset, UK


Going back to the DLookup, a simpler method of doing the quotes is to use single quotes rather than double double quotes
DLookup("Password", "tblPersonnel", [UserName] = '" & Me.txtUserName & "'")

You could also look at this Password Login / Reset utility which I updated to include RC4 encryption: http://www.mendipdatasystems.co.UK/password-login/4594469149

However, I agree with the previous comments. Though encryption of passwords is a very good idea, it is far better NOT to store passwords in your application at all

--------------------
Go to the top of the page
 
sommersgj
post Yesterday, 10:15 AM
Post#8



Posts: 12
Joined: 29-November 18



All,

Thank you for your concerns regarding the legality of storing personal information (PII). The system I am designing this for is NOT for storing PII. It is a home grown tracking system that tracks things like trouble tickets, training progress, trunover logs and the like. Having a log in system allows a sort of Single Sign On (SSO) that will help automate user logs, autofill certain forms, etc.

I am the only admin (as of now) and if they need to change thier password I would like for them to do it themselves as we are a 24/7 operation and split between different teams. So when I am off, the other team is here, so they will have to wait a few days to regain access to the system.

So, no worries, nothing nefarious or risky going on here smile.gif
Go to the top of the page
 
sommersgj
post Yesterday, 10:15 AM
Post#9



Posts: 12
Joined: 29-November 18



All,

Thank you for your concerns regarding the legality of storing personal information (PII). The system I am designing this for is NOT for storing PII. It is a home grown tracking system that tracks things like trouble tickets, training progress, trunover logs and the like. Having a log in system allows a sort of Single Sign On (SSO) that will help automate user logs, autofill certain forms, etc.

I am the only admin (as of now) and if they need to change thier password I would like for them to do it themselves as we are a 24/7 operation and split between different teams. So when I am off, the other team is here, so they will have to wait a few days to regain access to the system.

So, no worries, nothing nefarious or risky going on here smile.gif
Go to the top of the page
 


Custom Search


RSSSearch   Top   Lo-Fi    16th July 2019 - 05:37 AM