navynuke04
asked on
How to validate passwords stored in a table
I have created a table that contains 'UserName', 'Password', and 'Level'. I created a form with two text boxes. One is for the username, and one is for the password. The form also has two command buttons. One is to 'Log In', the other is to 'Quit'. What code do I need to put in the On Click section of the Log In button to validate that the UserName and Password are correct? How do I save the UserName to a variable so that I can use it again later?
ASKER
Sorry... I'm using MS Access and I'm trying to do this with Visual Basic.
This will do everything you want plus you can redirect to spacific pages based on a group field in your database
<script language="VB" runat="server">
Dim MyConnection As oledbConnection
Dim MyCommand As oledbCommand
Dim MyCommand1 As oledbCommand
Dim UserID as string
Dim userType as string
Sub Page_Load(Src As Object, E As EventArgs)
MyConnection = New oledbConnection("Provider= Microsoft. Jet.OLEDB. 4.0;Data Source=" & server.mappath("mydatabase .mdb") & ";Jet OLEDB:Database Password=mypassword;")'"," password", "")
If User.identity.isAuthentica ted Then
Dim AllLHInfo() as String = User.Identity.Name.Split(" |")
Dim lhuser as string = AllLHInfo(0)
Dim usertype as string = AllLHInfo(1)
Select Case userType
Case "group1"
Response.Redirect("page1.a spx")
Case "group2"
Response.Redirect("page2.a spx")
Case "group3"
Response.Redirect("page3.a spx")
Case else
lblmessage.text = usertype
'Response.Redirect("page4. aspx")
End Select
end if
End Sub
Private Sub ProcessLogin(ByVal sender As Object, ByVal E As EventArgs)
If Not Page.IsPostback Then
Exit Sub
End If
If CheckPassword(txtUser.text , txtPassword.text) Then
'Dim AllMyInfo as String = "|" & UserID & "|" & UserFirstName & "|" & UserLastName
Dim AllMyInfo as String = UserID & "|" & usertype
FormsAuthentication.SetAut hCookie(Al lMyInfo,ch kPersistLo gin.Checke d)
Select Case userType
Case "group1"
Response.Redirect("page1.a spx")
Case "group2"
Response.Redirect("page2.a spx")
Case "group3"
Response.Redirect("page3.a spx")
Case else
lblmessage.text = usertype
'Response.Redirect("page4. aspx")
End Select
Else
' Display message.
Message.InnerHtml = "User name or password not found. Try again."
End If
End Sub
Private Function CheckPassword(ByVal UserName As String, _
ByVal Password As String) As Boolean
' Declare variable to track success/failure.
Dim bSuccess As Boolean
Dim logindate as string = Format(Now)
Dim selectcmd As String = "SELECT * FROM User WHERE login='" & UserName & "'"
MyCommand = New oledbCommand(selectcmd, MyConnection)
' Check for errors using database
Try
MyCommand.Connection.Open( )
' Get the author ID.
Dim rdrUsers As OleDbDataReader = MyCommand.ExecuteReader()
If Not rdrUsers.read Then
lblmessage.text = "The Username '" & UserName & "' Isn't Registered."
Elseif rdrUsers.Item("pass") <> Password Then
lblmessage.text = "Your Password is invalid. Please try again."
Else
bSuccess = True
UserId=rdrUsers.Item("logi n")
userType = rdrUsers.Item("group")
MyCommand.Connection.Close ()
Dim UpdateCmd as string = "update userx set lastlogin = '" & logindate & "' WHERE login = '" & UserId & "'"
MyCommand = New oledbCommand(UpdateCmd, MyConnection)
MyCommand.Connection.Open( )
MyCommand.ExecuteNonQuery( )
End If
MyCommand.Connection.Close ()
Catch
'Otherwise set failure.
bSuccess = False
MyCommand.Connection.Close ()
End Try
Return bSuccess
End Function
<script language="VB" runat="server">
Dim MyConnection As oledbConnection
Dim MyCommand As oledbCommand
Dim MyCommand1 As oledbCommand
Dim UserID as string
Dim userType as string
Sub Page_Load(Src As Object, E As EventArgs)
MyConnection = New oledbConnection("Provider=
If User.identity.isAuthentica
Dim AllLHInfo() as String = User.Identity.Name.Split("
Dim lhuser as string = AllLHInfo(0)
Dim usertype as string = AllLHInfo(1)
Select Case userType
Case "group1"
Response.Redirect("page1.a
Case "group2"
Response.Redirect("page2.a
Case "group3"
Response.Redirect("page3.a
Case else
lblmessage.text = usertype
'Response.Redirect("page4.
End Select
end if
End Sub
Private Sub ProcessLogin(ByVal sender As Object, ByVal E As EventArgs)
If Not Page.IsPostback Then
Exit Sub
End If
If CheckPassword(txtUser.text
'Dim AllMyInfo as String = "|" & UserID & "|" & UserFirstName & "|" & UserLastName
Dim AllMyInfo as String = UserID & "|" & usertype
FormsAuthentication.SetAut
Select Case userType
Case "group1"
Response.Redirect("page1.a
Case "group2"
Response.Redirect("page2.a
Case "group3"
Response.Redirect("page3.a
Case else
lblmessage.text = usertype
'Response.Redirect("page4.
End Select
Else
' Display message.
Message.InnerHtml = "User name or password not found. Try again."
End If
End Sub
Private Function CheckPassword(ByVal UserName As String, _
ByVal Password As String) As Boolean
' Declare variable to track success/failure.
Dim bSuccess As Boolean
Dim logindate as string = Format(Now)
Dim selectcmd As String = "SELECT * FROM User WHERE login='" & UserName & "'"
MyCommand = New oledbCommand(selectcmd, MyConnection)
' Check for errors using database
Try
MyCommand.Connection.Open(
' Get the author ID.
Dim rdrUsers As OleDbDataReader = MyCommand.ExecuteReader()
If Not rdrUsers.read Then
lblmessage.text = "The Username '" & UserName & "' Isn't Registered."
Elseif rdrUsers.Item("pass") <> Password Then
lblmessage.text = "Your Password is invalid. Please try again."
Else
bSuccess = True
UserId=rdrUsers.Item("logi
userType = rdrUsers.Item("group")
MyCommand.Connection.Close
Dim UpdateCmd as string = "update userx set lastlogin = '" & logindate & "' WHERE login = '" & UserId & "'"
MyCommand = New oledbCommand(UpdateCmd, MyConnection)
MyCommand.Connection.Open(
MyCommand.ExecuteNonQuery(
End If
MyCommand.Connection.Close
Catch
'Otherwise set failure.
bSuccess = False
MyCommand.Connection.Close
End Try
Return bSuccess
End Function
ASKER
This is an excellent example of how to do this on a website, however I'm needing to keep this all within Access.
When I said I wanted to use VB, I meant the VB editor that is accesible through Access. By going to the 'LogIn' button's properties, and clicking on events, I see a list of events. One of these is 'On Click'. If I click on it, I can build an event procedure using Visual Basic. This is where I was wanting to validate the passwords. Having cases listed here would be handy to send the user to either an Admin page (Level=1), Management page (Level=2), or Normal User page (Level=3).
When I said I wanted to use VB, I meant the VB editor that is accesible through Access. By going to the 'LogIn' button's properties, and clicking on events, I see a list of events. One of these is 'On Click'. If I click on it, I can build an event procedure using Visual Basic. This is where I was wanting to validate the passwords. Having cases listed here would be handy to send the user to either an Admin page (Level=1), Management page (Level=2), or Normal User page (Level=3).
I think this article might helpful to you.
http://www.freevbcode.com/ShowCode.asp?ID=3687
Hope this help
.:: LDLP ::.
http://www.freevbcode.com/ShowCode.asp?ID=3687
Hope this help
.:: LDLP ::.
The simplest way is to do as follows.
Create a global String variable in a module that stores the user name.
In your OnClick event for your login button do a select on your login table looking for a record that matches the name and password given.
If you find a record set the global string variable equal to the user name entered.
I posted a very simple example on our website
http://www.managedprofile.com/downloads/loginzip
That illustrates the basic functionality. It does not constitute a reliable login method because there is no security around the table as the password is in plain text.
To get around this (if required) what you could do is use the MS Access in built security options or alternatively an external module to do the validation for you and store the name and password in the database in encrypted format - I will leave that for another question.
Hopefully the above will get you started.
Julian
Create a global String variable in a module that stores the user name.
In your OnClick event for your login button do a select on your login table looking for a record that matches the name and password given.
If you find a record set the global string variable equal to the user name entered.
I posted a very simple example on our website
http://www.managedprofile.com/downloads/loginzip
That illustrates the basic functionality. It does not constitute a reliable login method because there is no security around the table as the password is in plain text.
To get around this (if required) what you could do is use the MS Access in built security options or alternatively an external module to do the validation for you and store the name and password in the database in encrypted format - I will leave that for another question.
Hopefully the above will get you started.
Julian
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
try this code
Private Sub CmdLogin_Click()
If Trim(txtLogin.Text) <> "" And Trim(txtPassword.Text) <> "" Then
conn.Open "C:\LoginCheck\database\te st.mdb"
rec.Open "select * from tblLogin where USerName = '" & Trim(txtLogin.Text) & "' and Password = '" & Trim(txtPassword.Text) & "'", conn, adOpenDynamic, adLockOptimistic
If Not rec.EOF Then
LoginName = Trim(txtLogin.Text)
MsgBox "You have successfully logged in"
Else
MsgBox "Login Name or Password is worng please try again"
End If
Else
MsgBox "Login Name and Password should not be blank"
End If
End Sub
Declare below variable in module so that it can be accessible in any form of project
Public LoginName As String
Private Sub CmdLogin_Click()
If Trim(txtLogin.Text) <> "" And Trim(txtPassword.Text) <> "" Then
conn.Open "C:\LoginCheck\database\te
rec.Open "select * from tblLogin where USerName = '" & Trim(txtLogin.Text) & "' and Password = '" & Trim(txtPassword.Text) & "'", conn, adOpenDynamic, adLockOptimistic
If Not rec.EOF Then
LoginName = Trim(txtLogin.Text)
MsgBox "You have successfully logged in"
Else
MsgBox "Login Name or Password is worng please try again"
End If
Else
MsgBox "Login Name and Password should not be blank"
End If
End Sub
Declare below variable in module so that it can be accessible in any form of project
Public LoginName As String
ASKER
Thanks for the example, julianH! With a bit of editing, this should work for what I wanted!
Only a pleasure.
You need to connect to a database and validate that the password/username combination are correct.
You then need to store the username in a global variable or session, all depends on what you are using.