I'm having issues with a login menu that I am creating for my database. For this database I have the location of the User login email and password in two locations. After I solve this issue, i'll make validate where the login details originated from to dictate which forms open, for now I have one form to open,
For now I just want to confirm if the the user logins and passwords are valid from either table. However it can only validate the user Login and Password from from tblMembers. If I try to enter details from tblTrainers, I would keep getting a mismatch error. I am aware what this error but not too sure how it works here.
However if I get rid off the Or statement close the statement, it works but of course I cannot use login details from tblTrainers to login. Could anyone offer any suggestions please? Code found below.
Private Sub Command1_Click()
If IsNull(Me.txtLoginID) Then
MsgBox "Please Enter LoginID", vbInformation, "Required"
Me.txtLoginID.SetFocus
ElseIf IsNull(Me.txtPassword) Then
MsgBox "Please Enter A Password", vbInformation, "Required"
Me.txtPassword.SetFocus
Else
If (IsNull(DLookup("Member_Email", "tblMembers", "Member_Email = '" & Me.txtLoginID.Value & "' And Member_Password = '" & Me.txtPassword.Value & "'")) Or (DLookup("Trainer_Email", "tblTrainers", "Trainer_Email = '" & Me.txtLoginID.Value & "' And Trainer_Password = '" & Me.txtPassword.Value & "'"))) Then
MsgBox "Inccorect LoginID or Password"
Else
DoCmd.OpenForm "mnuMain_Menu"
DoCmd.Close acForm, "frmLogin"
End If
End If
End Sub
You can use CurrentDb.OpenRecordset to open recordsets based on SQL queries. You can use .EOF to check if the recordset is at the end of the file, thus contains 0 records.
If you want to query multiple tables at once, you can use a UNION query for that.
If CurrentDb.OpenRecordset("SELECT 1 FROM tblMembers WHERE Member_Email = '" & Me.txtLoginID.Value & "' And Member_Password = '" & Me.txtPassword.Value & "' UNION ALL SELECT 1 FROM tblTrainers WHERE Trainer_Email = '" & Me.txtLoginID.Value & "' And Trainer_Password = '" & Me.txtPassword.Value & "'").EOF Then
Note that this login code is at risk for SQL injection, and these kind of login forms are fundamentally insecure. You can easily demonstrate SQL injection by entering ' OR 1 = 1 OR '' = ' as a username, and entering a random character in the password field. That passes as a valid login if there are entries in the table. An easy fix for SQL injection is to use parameters.
Related
I have a query which shows a list of users and their access level which has tick box for the edit field.
The query shows the username, Form name and Edit field.
If the Edit field is ticked then I want the user to be able to click on the edit button and makes changes to the data on the form.
I have come up with this:
If (Dlookup("Edit", "QryUserAction", "UserName ="& Me!TempVars("UserName").[Value]
And "FormName = "& Forms!Form.Name)) = False Then
Forms!FrmPatientInfo!btnEdit.Enabled = False
Else
Forms!FrmPatientInfo!btnEdit.Enabled = True
Both of these should work. Your issue is you were not using the AND part of Dlookup correctly. The AND clause needs to be in quotes as it is part of the syntax. I also assume you left out the single quotes it requires for string values.
Side note - having a control to store UserName is bad practice - there is the environ function which can get you the user name. Unless the user's logging is different than whats store din the db, this should be sufficient
If (Dlookup("Edit", "QryUserAction", "UserName ='" & Me!TempVars("UserName").[Value] & "' And FormName = '" & Me.Name & "'")) = False Then
Forms!FrmPatientInfo!btnEdit.Enabled = False
Else
Forms!FrmPatientInfo!btnEdit.Enabled = True
End if
If (Dlookup("Edit", "QryUserAction", "UserName ='" & ENVIRON("USERNAME") & "' And FormName = '" & Me.Name & "'")) = False Then
Forms!FrmPatientInfo!btnEdit.Enabled = False
Else
Forms!FrmPatientInfo!btnEdit.Enabled = True
End if
I have a Form with a SubForm, i'm trying to filter based on a range of two dates and an Username (i take the criteria from 3 textboxes), the part of the dates works fine but when i press the button to start the filter, a pop-up shows saying "Enter parameter value" (even if i type the username in the textbox), i enter an username and filters correctly, but the parameter its kept and the filter won't work anymore, until i close the Form and open again, any ideas?
I don't know why ask me to enter a parameter if i have already the username in the textbox.
Here my code:
Private Sub Filter_Click()
Dim QIL As Form
Set QIL = Forms("QIL")
If IsNull(Me.username_textbox) Or IsNull(Me.date_from_textbox) Or IsNull(Me.date_to_textbox) Then
MsgBox "Insert date or username"
Else
With Me.Superlinks_subform.Form
.Filter = "[Date] = #" & Format(Me.date_from_textbox, "mm\/dd\/yyyy") & _
"# AND #" & Format(Me.date_to_textbox, "mm\/dd\/yyyy") & "# AND [User] = " & Me.username_textbox.Value & ""
.FilterOn = True
End With
End If
End Sub
Regards
Diego.
Assuming the field [User] is a String - include single quotes like this:
[User] = '" & Me.username_textbox.Value & "'"
Have an Access front end Login Form which includes an option for the user to change password. In frm_Login Sub I'm attempting to use the following to pass the entered username "Me.txtUserName" to frm_PassChange:
If Me.changepass = "Yes" Then
DoCmd.OpenForm "frm_PassChange", , , , , Me.txtUserName
End If
In frm_PassChange Sub I want the user to enter a new password "Me.txtNewPass" which I will then store in a usertable X_tblUsers:
CurrentDb.Execute "UPDATE X_tblUsers SET X_tblUsers.Password = '" & Replace(Me.txtNewPass.Value, "'", "''") & "' " & _
"WHERE X_tblUsers.Username = '" & Me.OpenArgs & "'"
I'm getting a type mismatch error on the DoCmd.OpenForm call.
Can anyone help?
You need one more comma before your Me.txtUserName
Right now you're trying to pass it to the WindowMode argument
Just use Intellisense as you type and insert your commas - it'll popup the argument as you go along
This is my first try at VBA on the whole. So I'm not familiar with everything.
I'm trying to make a login for a database in Access 2007.
I have 2 Tables named TableLogin and TableUserLevel.
TableLogin has ID, Username, Password and UserLevel that is linked to TableUserLevel.
TableUserLevel has ID and UserLevel which has the levels of Admin and User.
I have a form named LoginForm that has 2 fields named txtUsername and txtPassword and a button named cmdLogin.
I'm pretty sure my DLookUp methods are wrong, but I don't know why. I'm using the first DLookUp to see if the username and password match one ID and if so it will then go to the second DLookUp method to see which userlevel security that particular user has.
Right now, I'm not sure the first DLookUp even works good. I'm not sure if it checks if both input came from one ID. I'm hoping it works like that and the last DLookUp method only return 0 and I don't know why.
The VBA code for the button is:
Private Sub cmdLogin_Click()
Dim UserLevel As Integer
Dim Username As String
If IsNull(Me.txtUsername) Or Me.txtUsername = "" Then
MsgBox "You must enter a Username.", vbOKOnly, "Required Data"
Me.txtUsername.SetFocus
Exit Sub
End If
'Check to see if data is entered into the password box
If IsNull(Me.txtPassword) Or Me.txtPassword = "" Then
MsgBox "You must enter a Password.", vbOKOnly, "Required Data"
Me.txtPassword.SetFocus
Exit Sub
End If
'Check value of username and password in tblLogin to see if this
If IsNull(DLookup("ID", "TableLogin", "Username = '" & Me.txtUsername.Value & "'") And DLookup("ID", "TableLogin", "Password = '" & Me.txtPassword.Value & "'")) Then
MsgBox "Password or Username invalid. Please Try Again", vbOKOnly, "Invalid Entry!"
Else
Username = Me.txtUsername.Value
If IsNull(DLookup("UserLevel", "TableLogin", "Username = '" & Me.txtUsername.Value & "'")) Then
MsgBox ("No security level")
Else
If UserLevel = 1 Then
MsgBox ("yes" & UserLevel)
Else
MsgBox ("No" & UserLevel)
End If
End If
'Close login form and open screen
DoCmd.Close acForm, "LoginForm", acSaveNo
End If
'If User Enters incorrect password 3 times database will shutdown
intLogonAttempts = intLogonAttempts + 1
If intLogonAttempts > 3 Then
MsgBox "You do not have access to this database. Please contact admin.", vbCritical, "Restricted Access!"
Application.Quit
End If
End Sub
Just a headsup, I am quite new to relational databases so my question could be a simple fix.
Currently, I have a table with the following data.
ID(1 ,2,3,4,5)
Location(Canada, USA, Japan, Australia, Venezuela)
Count(4,6,2,91,23)
I created a form with a combobox and two text fields. The goal is that I want to be able to click the combobox, have it show all the ID's and when I click an ID, it autopopulates the other two text fields with the corresponding information. After googling a bit, I found a way to do is. Within the Event tab under "on Change" for the combobox, I wrote the these two lines of code.
Me.txtLocation = Me.cboID.Column(1)
Me.txtCount = Me.cboID.Column(2)
However, I also want to be able to edit this information once it has been autopopulated. The problem I'm having is that when I change any of the two textfields, it always edits the first records.
So for example, if I click ID #4, and I change the "Count", it will change the "Count" for the ID #1. Any idea of what I'm doing wrong?
P.S. (I have programming experience but not with VBA)
Thanks in advance!
EDIT:
Private Sub txtCount_AfterUpdate()
Dim strSQL As String
strSQL = "UPDATE aDuh SET Count = '" & Me.Count & "', Location = '" & Me.txtLocation & "' WHERE ID = " & Me.cboID & ""
DoCmd.RunSQL (strSQL)
End Sub
Private Sub txtLocation_AfterUpdate()
Dim strSQL As String
strSQL = "UPDATE aDuh SET Location = '" & Me.txtLocation & "', Count = '" & Me.txtCount & "' WHERE ID = " & Me.cboID & ""
DoCmd.RunSQL (strSQL)
End Sub
Don't bind your form to a table. Put a textbox on your form with it's Visible property set to False. In that textbox, put the value of your Primary Key field (which should be an AutoNumber field) Then when you update your record, pass an UPDATE SQL statement where you update your table based on the value of your Primary Key
Dim strSQL as String
strSQL = "UPDATE aDuh SET Location = '" & Me.txtLocation & "', Count = '" & Me.txtCount & "' WHERE ID = " & Me.cboID & ""
DoCmd.RunSQL (strSQL)