VBScript – Setting New User Password (MSVisual Studio 6.0, Access 2K)

Topic

New Reply

Ok I have about roughly 100 users. All have a designated sign on Alias so I am restricting them from being able to change that using VB. Now I have gotten to the point where I want them to set their passwords. I’ve looked in the help files to no avail. The books I am using are no help. Anyway I want the user to set their password and when they do I want the Login table in my Access database to be updated with their password. The Login table contains their Alias already, but since I haven’t distributed this yet, no passwords are there. I have it set so they click a new password button and the new password dialog box pops up. If possible I also want them to enter it twice for validation purposes. Any help would be appreciated.

Reply | Quote

Replies

To clarify: Just what are they logging in to? Your Access app a network? or?

Reply | Quote

They are logging into an application I am creating with VB, the access database is there to hold the information that they will be accessing. I can try to clarify more if need be.

Reply | Quote

If you would like them to be able to update their password in an Access db, and then validate that password in the future, it sounds like you’ll need to write an ASP page that will use ADO to get at the Access db. As far as a confirmation of the user’s password when they change it, you can use VBScript or JaveScript to compare the entries in the 2 text boxes prior to submitting the data to the ASP page.

Are you familiar with ASP pages and ADO?

Reply | Quote

I know next to nothing about ASP, and very little about ADO. I’m realatively new at most of this. I just started learning VB, but because I have programming experience behind me in other languages it wasn’t hard to learn.

As I said though all I need them to do is set their password in the VB application then have that password be saved to a table in access. When they log in later I will have a text bax that access that table and looks for the password in the table (basically a .find command) and when it finds it the code will also see if what you types matches the alias in the user name box and if all works well then you can access the information you want. Hope this helps clarify better what I want to do. thanks for any help.

Reply | Quote

I’d sure like to offer a solution, but it seems so simple that I risk insulting your intelligence. So, I hesitate as I might be totally misunderstanding the issue.

If you are managing the entire operation: prompt for name and password, check against table for valid match (username corresponds with password for that table row), allow user in; and if you want to now prompt to allow the user to change password: prompt displays username and two empty text boxes 1) Enter Password, 2) Enter Password again., compare passwords, if match, store in table row for user.

Is that it? Are you hashing or in any way encrypting the password? That doesn’t seem to be a problem. I’m missing something, right?

Reply | Quote

Well you got most of it. I know pretty much how to do what you’ve said. The problem that I will be having is that the table that is holding the username and password, won’t have any information in the table until the person registers. When first signing on to the application they have to hit the “New User” button. That will prompt them to enter a user name and then their password. What I want this to do is when they hit the ok button, I want the user name and password to be stored in that table. Does that make more sense? Maybe I wasn’t clear. Sorry if I wasn’t, I really do appreciate the help.

Reply | Quote

you could give everyone the same username and pass word in the table
and add in the code so that if username =( what ever you choose) then prompt for
them to enter another username and password
just an idea

Reply | Quote

Maybe Charlotte or someone more familiar with Access
syntax can show you some code. If this were a SQL
environment using ADO the code to validate a user would
look like this:

strQry = “select table.username, table.password
where table.username = strUsername AND
table.password = strPassword”

rs.Open strQry, cn, 3, 1, 1
(assumes connection and record source objects already
created)

if rs.RecordCount 0 then
‘Let this person in.
else
‘Lock this person out
endif

To add a new user:

strQry = “Insert table(username, password)
values(strusername, strpassword)”

To update a changed password:

strQry = “Update table
Set password = strNewPassword
Where username = strUsername”

I realize this does you absolutely no good, but maybe it will
help an Access person grasp what you want.

Reply | Quote

I appreciate your trying to help. I will keep trying to use what resources I can until I find the answer. If I find an answer by other means than this board i will post it so everyone can use it for reference if there ever is a need.

Reply | Quote

Try posting to the Access board too.

Reply | Quote

That’s pretty close to what I’d use in Access or VB too, although I prefer to replace numeric arguments with local constants where necessary so I can remember what the heck I was passing in. Of course, you don’t use a record count when you execute an action query in ADO, you pass in a long variable to the RecordsAffected argument and let the value in that variable tell you how many records it actually updated.

Reply | Quote

Glad you showed up. Where you been?

Reply | Quote

Catching a nap over there in the corner. Even moderators are allowed to sleep *sometimes*.

Reply | Quote

I’ll try that out to see how it works. Thanks for your help. I assume that it is generally the same kind of thing for the user name as well. As for the security with the table holding the passwords. The database itself will not be accessed by anyone except the admin, they will also have restricted permissions as well. Anyway thanks for your help.

Reply | Quote

Sorry, misunderstood the situation.

Kevin’s on the right track. As you’ve just started in VB, have you had a chance to pull or push data to a database yet?

Reply | Quote

Here are the basic steps I think you want to take, keeping in mind that storing a password in a database is not true security:

1. Get the user to input a username and verify that as a valid user.

2. Get the user to enter a password and verify that the password belongs to the validated user.

If either of the above is invalid, return an “invalid name or password” message but don’t tell them which one is incorrect if you want to make it harder to crack.

3. For a change password, you need to have a conditional branch. Look up the username to see if they have a password. If they do, require them to enter the old password and then to enter a new password twice to validate it. If they don’t have a password, just have them enter a new password twice. In either case store the new password to a variable temporarily.

4. Once you have a valid username and password, run an action query to update the username record to have the new password.

Here’s one of my ADO funtions to execute an action query:

Public Function ExecuteActionQuery(Optional strQryName As String, _
                                   Optional strSQL As String)
  'created by Charlotte Foust
  'last modified 7/18/2001
  'executes and action query either from a SQL string
  'or from a saved query 
  On Error GoTo Proc_err
  Dim cmd As ADODB.Command
  Dim prm As ADODB.Parameter
  Dim errCurr As ADODB.Error
  Dim lngRecsAffected As Long
  
  Const ERR_OPER_ON_INVALID_CONNECTION = 3709
  Const ERR_BOF_EOF_OR_DELETED = -2147352567
  
  'initialize the command object
  Set cmd = New ADODB.Command
  
  'set its active connection to the current project's connection
  cmd.ActiveConnection = CurrentProject.Connection
  
  'if a SQL string was passed, use that
  If strSQL  "" Then
    cmd.CommandType = adCmdText
    cmd.CommandText = strSQL
    cmd.Execute RecordsAffected:=lngRecsAffected, Options:=adCmdText
    
   'else if a query name was passed,
  'execute that query
 ElseIf strQryName  "" Then
    cmd.CommandType = adCmdStoredProc
    cmd.CommandText = strQryName
    cmd.Execute RecordsAffected:=lngRecsAffected, Options:=adCmdStoredProc
  
  Else 'strSQL  ""
    ' No valid argument was passed
  End If 'strSQL  ""
  
Proc_exit:
  'cleanup and exit
  On Error Resume Next
   Set cmd = Nothing
   
   'return the number of affected records
   ExecuteActionQuery = lngRecsAffected
  Exit Function
Proc_err:
  If cmd.ActiveConnection.Errors.Count > 0 Then
    For Each errCurr In cmd.ActiveConnection.Errors
      MsgBox errCurr.Number & "--" & errCurr.Description
      Resume Proc_exit
    Next errCurr
  ElseIf Err.Number = ERR_BOF_EOF_OR_DELETED Then
     Resume Next
  Else
    MsgBox Err.Number & "--" & Err.Description
   ExecuteActionQuery = Err
    Resume Proc_exit
  End If
End Function 'ExecuteActionQuery(Optional strQryName As String, _
                                       Optional strSQL As String)

Reply | Quote