Blocking users who fail to login after 3 attempts

Blocking users who fail to login after3 attempts

Hi

(1)      We have now a new business rule which require that users who fail to login into the application after three attempt must be blocked. This is important to avoid fraud, once blocked the individual concerned must give convincing reasons to the administrator why there were blocked. I know very well that Ms Access is weak in this area, is there any VBA code that can help?
The required code should have also a way of unblocking staff by the system admin.
LVL 2
Hankwembo Christopher,FCCA,FZICA,CIA,MAAT,B.A.ScDirectorAsked:
Who is Participating?
 
Dale FyeConnect With a Mentor Commented:
Assuming you have a form with userid and password, and a "login" command button, then something like the following would prevent them from logging in:
Private Sub cmd_Login_Click

    Static intCount as integer
    Dim strCriteria as string
    Dim strPassword  as String

    intCount = intCount + 1
    strCriteria = "[UserID] = '" & me.txt_UserID & "'"
    strPassword = NZ(DLookup("Password", "tblEmployees", strCriteria), "None")

    if me.txt_Password = strPassword Then
        'do something here open main form or enable the button that takes you to some other form
    Elseif intCount >= 3 then
        msgbox "You have failed to login properly three times!"
        Docmd.quit
    End If

End Sub

Open in new window

0
 
ste5anSenior DeveloperCommented:
hmm, why do they have to login?

You should control this by design. Split your database in a UI front-end on the client and a data back-end on the server. Control the access to the back-end database by setting the appropriate NTFS permissions on the containing folder according to your business rules. Thus create a security group for your application users and add the users.

Then users can "SSO" by simply authenticating with their Windows credentials.
1
 
Hankwembo Christopher,FCCA,FZICA,CIA,MAAT,B.A.ScDirectorAuthor Commented:
We have a proper logon form, this form have the code behind it :

(1) This form controls who goes in the application FE , for sure we have the BE on the server and it is encrypted with a password
(2) The code behind it controls the login system
(3) The same form provides the login details to another form where users can change their passwords  and also a link to another form that controls the user rights addition or revoking

Regards

Chris
0
 
ste5anSenior DeveloperCommented:
The code behind it controls the login system

I don't doubt that. But it is imho not necessary. Cause users are already logged on into Windows. Just use this as SSO.

Controlling different user rights is then bound to the Windows account name:

Option Compare Database
Option Explicit

Private Declare Function GetUserNameA Lib "AdvApi32" (ByVal lpBuffer As String, nSize As Long) As Long

Public Function GetUserName() As String

  Const BUFFER_SIZE As Long = 100

  Dim Buffer As String
  Dim Result As Long
  Dim Size As Long

  Buffer = String(BUFFER_SIZE + 1, 0)
  Size = BUFFER_SIZE + 1
  Result = GetUserNameA(Buffer, Size)
  If Result <> 0 Then
    GetUserName = Left(Buffer, Size - 1)
  End If

End Function

Open in new window

0
 
ste5anSenior DeveloperCommented:
Never store passwords!

When you need to store credentials, then store a salted hash of the password instead.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.