How to validate passwords stored in a table

I have created a table that contains 'UserName', 'Password', and 'Level'. I created a form with two text boxes. One is for the username, and one is for the password. The form also has two command buttons. One is to 'Log In', the other is to 'Quit'. What code do I need to put in the On Click section of the Log In button to validate that the UserName and Password are correct? How do I save the UserName to a variable so that I can use it again later?
navynuke04Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

weddellCommented:
You need to tell us what language and database you are using.

You need to connect to a database and validate that the password/username combination are correct.

You then need to store the username in a global variable or session, all depends on what you are using.

0
navynuke04Author Commented:
Sorry... I'm using MS Access and I'm trying to do this with Visual Basic.
0
fbetagCommented:
This will do everything you want plus you can redirect to spacific pages based on a group field in your database

<script language="VB" runat="server">
      
      
      Dim MyConnection As oledbConnection
      Dim MyCommand As oledbCommand
      Dim MyCommand1 As oledbCommand
      Dim UserID as string
      Dim userType as string

Sub Page_Load(Src As Object, E As EventArgs)
      MyConnection = New oledbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & server.mappath("mydatabase.mdb") & ";Jet OLEDB:Database Password=mypassword;")'","password", "")
      
      If User.identity.isAuthenticated Then
            Dim AllLHInfo() as String = User.Identity.Name.Split("|")
            Dim lhuser as string = AllLHInfo(0)
            Dim usertype as string = AllLHInfo(1)
      
      Select Case userType
            Case "group1"
                Response.Redirect("page1.aspx")
            Case "group2"
                Response.Redirect("page2.aspx")
            Case "group3"
                Response.Redirect("page3.aspx")
            Case else
                        lblmessage.text = usertype
                        'Response.Redirect("page4.aspx")
     End Select
      
      end if
      
End Sub



Private Sub ProcessLogin(ByVal sender As Object, ByVal E As EventArgs)

   If Not Page.IsPostback Then
         Exit Sub
    End If
    If CheckPassword(txtUser.text, txtPassword.text) Then
    'Dim AllMyInfo as String = "|" & UserID & "|" & UserFirstName & "|" & UserLastName
      Dim AllMyInfo as String = UserID & "|" & usertype
      FormsAuthentication.SetAuthCookie(AllMyInfo,chkPersistLogin.Checked)
      
      Select Case userType
            Case "group1"
                Response.Redirect("page1.aspx")
            Case "group2"
                Response.Redirect("page2.aspx")
            Case "group3"
                Response.Redirect("page3.aspx")
            Case else
                        lblmessage.text = usertype
                        'Response.Redirect("page4.aspx")
        End Select
   
    Else
        ' Display message.
           Message.InnerHtml = "User name or password not found. Try again."
     
     
    End If
End Sub

Private Function CheckPassword(ByVal UserName As String, _
    ByVal Password As String) As Boolean
    ' Declare variable to track success/failure.
    Dim bSuccess As Boolean
    Dim logindate as string = Format(Now)
      
   
   
    Dim selectcmd As String = "SELECT * FROM User WHERE login='" & UserName & "'"

    MyCommand = New oledbCommand(selectcmd, MyConnection)
      ' Check for errors using database
    Try
            MyCommand.Connection.Open()
       
        ' Get the author ID.
        Dim rdrUsers As OleDbDataReader = MyCommand.ExecuteReader()
       
        If Not rdrUsers.read Then
                  lblmessage.text = "The Username '" & UserName & "' Isn't Registered."
            Elseif rdrUsers.Item("pass") <> Password Then
                  lblmessage.text = "Your Password is invalid.  Please try again."
            Else
       
                  bSuccess = True
       
                  UserId=rdrUsers.Item("login")
                  userType = rdrUsers.Item("group")
            
                  MyCommand.Connection.Close()
             
                  Dim UpdateCmd as string = "update userx set lastlogin = '" & logindate & "' WHERE login = '" & UserId & "'"
     
                  MyCommand = New oledbCommand(UpdateCmd, MyConnection)
                  MyCommand.Connection.Open()
                  MyCommand.ExecuteNonQuery()
            
            End If
       
        MyCommand.Connection.Close()
     
    Catch
        'Otherwise set failure.
        bSuccess = False
        MyCommand.Connection.Close()
    End Try
    Return bSuccess
End Function
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

navynuke04Author Commented:
This is an excellent example of how to do this on a website, however I'm needing to keep this all within Access.

When I said I wanted to use VB, I meant the VB editor that is accesible through Access. By going to the 'LogIn' button's properties, and clicking on events, I see a list of events. One of these is 'On Click'. If I click on it, I can build an event procedure using Visual Basic. This is where I was wanting to validate the passwords. Having cases listed here would be handy to send the user to either an Admin page (Level=1), Management page (Level=2), or Normal User page (Level=3).
0
dunglaCommented:
I think this article might helpful to you.

http://www.freevbcode.com/ShowCode.asp?ID=3687

Hope this help
.:: LDLP ::.
0
Julian HansenCommented:
The simplest way is to do as follows.

Create a global String variable in a module that stores the user name.

In your OnClick event for your login button do a select on your login table looking for a record that matches the name and password given.

If you find a record set the global string variable equal to the user name entered.

I posted a very simple example on our website

http://www.managedprofile.com/downloads/loginzip

That illustrates the basic functionality. It does not constitute a reliable login method because there is no security around the table as the password is in plain text.

To get around this (if required) what you could do is use the MS Access in built security options or alternatively an external module to do the validation for you and store the name and password in the database in encrypted format - I will leave that for another question.

Hopefully the above will get you started.

Julian
0
Julian HansenCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vikaskumar101Commented:
try this code

Private Sub CmdLogin_Click()
    If Trim(txtLogin.Text) <> "" And Trim(txtPassword.Text) <> "" Then
        conn.Open "C:\LoginCheck\database\test.mdb"
        rec.Open "select * from tblLogin where USerName = '" & Trim(txtLogin.Text) & "' and Password = '" & Trim(txtPassword.Text) & "'", conn, adOpenDynamic, adLockOptimistic
        If Not rec.EOF Then
            LoginName = Trim(txtLogin.Text)
            MsgBox "You have successfully logged in"
        Else
            MsgBox "Login Name or Password is worng please try again"
        End If
    Else
        MsgBox "Login Name and Password should not be blank"
    End If
End Sub

Declare below variable in module so that it can be accessible in any form of project

Public LoginName As String
0
navynuke04Author Commented:
Thanks for the example, julianH! With a bit of editing, this should work for what I wanted!
0
Julian HansenCommented:
Only a pleasure.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.