|
Question : Validating users with three level security
|
|
In some of my previous EE posts, users with default password can log into my db. Now I want to subject the users to a three level test before new user can log in.
This means that only the "Developer" or the "Admin" can create new users using frmAddUser - this form's code is an exact duplicate of frmChangePassword (available in my previous post).
Request:
(a). If user does not already exist in tblPasswords_old nor in VBA module -
then the User cannot login to the DB. - this is because ONLY users created with
frmAddUsers can log in because the default password has already been subjected
to the three level security check.
(b). If a user exist in "tblSecurity" or tblPasswords_old with the default password
(whether or not the changedate is valid for this enstrange user)
.....it means that the two tables have been modified by an unknown user
more than likely, the changed fields will not match up with the VBA module.
In this case, "DENY" user login priviledges to the DB and provide an "alert"
message to the estrange users "that the DB has been modified"- then "SHUT
DOWN" the DB.
(c). I will appreciate query or code that will further modify "frmAdduser"
and "btnForgotPassword" (available in my previous EE posts) where users'
(answer / birthdate -text type fields) can be encrypted and decrypted.
Any help will be appreciated.
|
|
|
Answer : Validating users with three level security
|
|
Hi Bill,
I'm refferring to your other post to give you answer's here...
(a) In you OK command button for the login form, remove the If Me.txtPassword = "Password"
That line makes the other validation skip, so be removing it you'll be OK
(b) If the validation goes through the first and second levels but fails on the third, in the Else clause add your Msgbox and docmd.Quit
(c)Change the birthdate to a text field and use an update query and your PerformEncryption routine to encrypt the fields in your table.
When you retrieve the fields be sure to decrypt them
|
|
|
|
|
