Password (2003)

[robm]

I have a similar problem with passwords, as in <post#=487,248>post 487,248</post#>, but this time I have put code in the on open property of the form, to ask for a password. I want the entered password to appear as asterisks/

[HansV]

What are you using to prompt for the password? The InputBox function?

[robm]

Yes, the input box

[HansV]

There is no way to make InputBox mask the password with asterisks. As in <post#=487250>post 487250</post#>, the solution is

<hr>You can create a form with a text box in which the user can enter the password. If you set the Input Mask property of the text box to PASSWORD, all characters entered by the user will be displayed as asterisks.<hr>

You can pop up this custom form in the On Open or On Load event of your form.

[robm]

Thanks Hans, I'll give that a try. Thanks again.

[robm]

I've added a form with a password, and added a parameter in the query, but how do I set what the password should be, and how to compare it. Will I need to create a password table?

[HansV]

It all depends on how secure you want things to be. If you put the correct password in a table, or in the code behind the form, users will be able to crack the password by looking at the table or code.

By far the best way to organize security is to set up user-level security. That way, you can give different users different permissions in the database. The usernames and passwords aren't stored in the database itself, but in a secured workgroup information file (.mdw). See WendellB's tutorial The Secrets of Security; it contains a short introduction and provides lots of useful links.

[robm]

Not many here know how to get to the code once the database is run. We just want to prevent unauthorised people changing the data.

[HansV]

The attached database shows one possible way to handle passwords. If you open frmData, the password form frmPassword will be displayed first. If you enter the correct password ("secret"), you can edit the data in frmData, otherwise it will be read-only.

There is no protection at all, so anyone can view the code to retrieve the password.

[robm]

That will do for what I want at the moment thanks. No one can view the code, because I use code to disable the Shift Key from being used, unless I require it. Thanks.

[charlotte]

The shift key to bypass autoexec is only one way to expose the database window. Exposing the database window is not actually required in order to view code., since code is visible in the VB editor, not in the database window.

[robm]

Which part of the code, allows editing if the password is correct, and stops it if it is wrong. I want to stop the form from opening at all. Thanks.

[HansV]

The code behind the OK button on frmPassword sets the variable blnEdit to True if the password is correct. The On Open event of frmData uses this. If you don't want to open frmData, change the latter from

Private Sub Form_Open(Cancel As Integer)
DoCmd.OpenForm FormName:="frmPassword", WindowMode:=acDialog
If blnEdit = True Then
Me.RecordsetType = 0
End If
End Sub

to

Private Sub Form_Open(Cancel As Integer)
DoCmd.OpenForm FormName:="frmPassword", WindowMode:=acDialog
Cancel = Not blnEdit
End Sub

[robm]

Where would I put a message box telling them the password was incorrect?

[HansV]

For example in the On Click event of the OK button on frmPassword. The following code will give the user three chances to enter the correct password.

Private Sub cmdOK_Click()
Static intCount As Integer
If IsNull(Me.txtPassword) Then
MsgBox "Please enter a password!", vbExclamation
Me.txtPassword.SetFocus
ElseIf Me.txtPassword = "secret" Then
Form_frmData.blnEdit = True
DoCmd.Close acForm, Me.Name, acSaveNo
ElseIf intCount = 2 Then
MsgBox "Three strikes - you're out!", vbExclamation
Form_frmData.blnEdit = False
DoCmd.Close acForm, Me.Name, acSaveNo
Else
MsgBox "Password incorrect. Please try again.", vbExclamation
Me.txtPassword.SetFocus
intCount = intCount + 1
End If
End Sub