[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to validate passwords stored in a table

Posted on 2004-11-23
10
Medium Priority
?
240 Views
Last Modified: 2010-04-17
I have created a table that contains 'UserName', 'Password', and 'Level'. I created a form with two text boxes. One is for the username, and one is for the password. The form also has two command buttons. One is to 'Log In', the other is to 'Quit'. What code do I need to put in the On Click section of the Log In button to validate that the UserName and Password are correct? How do I save the UserName to a variable so that I can use it again later?
0
Comment
Question by:navynuke04
10 Comments
 
LVL 3

Expert Comment

by:weddell
ID: 12661246
You need to tell us what language and database you are using.

You need to connect to a database and validate that the password/username combination are correct.

You then need to store the username in a global variable or session, all depends on what you are using.

0
 

Author Comment

by:navynuke04
ID: 12661353
Sorry... I'm using MS Access and I'm trying to do this with Visual Basic.
0
 
LVL 1

Expert Comment

by:fbetag
ID: 12661462
This will do everything you want plus you can redirect to spacific pages based on a group field in your database

<script language="VB" runat="server">
      
      
      Dim MyConnection As oledbConnection
      Dim MyCommand As oledbCommand
      Dim MyCommand1 As oledbCommand
      Dim UserID as string
      Dim userType as string

Sub Page_Load(Src As Object, E As EventArgs)
      MyConnection = New oledbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.mappath("mydatabase.mdb") & ";Jet OLEDB:Database Password=mypassword;")'","password", "")
      
      If User.identity.isAuthenticated Then
            Dim AllLHInfo() as String = User.Identity.Name.Split("|")
            Dim lhuser as string = AllLHInfo(0)
            Dim usertype as string = AllLHInfo(1)
      
      Select Case userType
            Case "group1"
                Response.Redirect("page1.aspx")
            Case "group2"
                Response.Redirect("page2.aspx")
            Case "group3"
                Response.Redirect("page3.aspx")
            Case else
                        lblmessage.text = usertype
                        'Response.Redirect("page4.aspx")
     End Select
      
      end if
      
End Sub



Private Sub ProcessLogin(ByVal sender As Object, ByVal E As EventArgs)

   If Not Page.IsPostback Then
         Exit Sub
    End If
    If CheckPassword(txtUser.text, txtPassword.text) Then
    'Dim AllMyInfo as String = "|" & UserID & "|" & UserFirstName & "|" & UserLastName
      Dim AllMyInfo as String = UserID & "|" & usertype
      FormsAuthentication.SetAuthCookie(AllMyInfo,chkPersistLogin.Checked)
      
      Select Case userType
            Case "group1"
                Response.Redirect("page1.aspx")
            Case "group2"
                Response.Redirect("page2.aspx")
            Case "group3"
                Response.Redirect("page3.aspx")
            Case else
                        lblmessage.text = usertype
                        'Response.Redirect("page4.aspx")
        End Select
   
    Else
        ' Display message.
           Message.InnerHtml = "User name or password not found. Try again."
     
     
    End If
End Sub

Private Function CheckPassword(ByVal UserName As String, _
    ByVal Password As String) As Boolean
    ' Declare variable to track success/failure.
    Dim bSuccess As Boolean
    Dim logindate as string = Format(Now)
      
   
   
    Dim selectcmd As String = "SELECT * FROM User WHERE login='" & UserName & "'"

    MyCommand = New oledbCommand(selectcmd, MyConnection)
      ' Check for errors using database
    Try
            MyCommand.Connection.Open()
       
        ' Get the author ID.
        Dim rdrUsers As OleDbDataReader = MyCommand.ExecuteReader()
       
        If Not rdrUsers.read Then
                  lblmessage.text = "The Username '" & UserName & "' Isn't Registered."
            Elseif rdrUsers.Item("pass") <> Password Then
                  lblmessage.text = "Your Password is invalid.  Please try again."
            Else
       
                  bSuccess = True
       
                  UserId=rdrUsers.Item("login")
                  userType = rdrUsers.Item("group")
            
                  MyCommand.Connection.Close()
             
                  Dim UpdateCmd as string = "update userx set lastlogin = '" & logindate & "' WHERE login = '" & UserId & "'"
     
                  MyCommand = New oledbCommand(UpdateCmd, MyConnection)
                  MyCommand.Connection.Open()
                  MyCommand.ExecuteNonQuery()
            
            End If
       
        MyCommand.Connection.Close()
     
    Catch
        'Otherwise set failure.
        bSuccess = False
        MyCommand.Connection.Close()
    End Try
    Return bSuccess
End Function
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:navynuke04
ID: 12661534
This is an excellent example of how to do this on a website, however I'm needing to keep this all within Access.

When I said I wanted to use VB, I meant the VB editor that is accesible through Access. By going to the 'LogIn' button's properties, and clicking on events, I see a list of events. One of these is 'On Click'. If I click on it, I can build an event procedure using Visual Basic. This is where I was wanting to validate the passwords. Having cases listed here would be handy to send the user to either an Admin page (Level=1), Management page (Level=2), or Normal User page (Level=3).
0
 
LVL 13

Expert Comment

by:dungla
ID: 12661540
I think this article might helpful to you.

http://www.freevbcode.com/ShowCode.asp?ID=3687

Hope this help
.:: LDLP ::.
0
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 12662787
The simplest way is to do as follows.

Create a global String variable in a module that stores the user name.

In your OnClick event for your login button do a select on your login table looking for a record that matches the name and password given.

If you find a record set the global string variable equal to the user name entered.

I posted a very simple example on our website

http://www.managedprofile.com/downloads/loginzip

That illustrates the basic functionality. It does not constitute a reliable login method because there is no security around the table as the password is in plain text.

To get around this (if required) what you could do is use the MS Access in built security options or alternatively an external module to do the validation for you and store the name and password in the database in encrypted format - I will leave that for another question.

Hopefully the above will get you started.

Julian
0
 
LVL 60

Accepted Solution

by:
Julian Hansen earned 2000 total points
ID: 12662826
0
 
LVL 2

Expert Comment

by:vikaskumar101
ID: 12663353
try this code

Private Sub CmdLogin_Click()
    If Trim(txtLogin.Text) <> "" And Trim(txtPassword.Text) <> "" Then
        conn.Open "C:\LoginCheck\database\test.mdb"
        rec.Open "select * from tblLogin where USerName = '" & Trim(txtLogin.Text) & "' and Password = '" & Trim(txtPassword.Text) & "'", conn, adOpenDynamic, adLockOptimistic
        If Not rec.EOF Then
            LoginName = Trim(txtLogin.Text)
            MsgBox "You have successfully logged in"
        Else
            MsgBox "Login Name or Password is worng please try again"
        End If
    Else
        MsgBox "Login Name and Password should not be blank"
    End If
End Sub

Declare below variable in module so that it can be accessible in any form of project

Public LoginName As String
0
 

Author Comment

by:navynuke04
ID: 12664426
Thanks for the example, julianH! With a bit of editing, this should work for what I wanted!
0
 
LVL 60

Expert Comment

by:Julian Hansen
ID: 12665540
Only a pleasure.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you've completed a degree in computer sciences or you're a self-taught programmer, writing your first lines of code in the real world is always a challenge. Here are some of the most common pitfalls for new programmers.
If you are a mobile app developer and especially develop hybrid mobile apps then these 4 mistakes you must avoid for hybrid app development to be the more genuine app developer.
Six Sigma Control Plans
Introduction to Processes

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question