How to create a random password and setup a change password form?

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Jesse Jones
    New Member
    • Jan 2011
    • 51
    #1

    How to create a random password and setup a change password form?

    Any ideas on how to send info from one form into another domain or how to write a default value for a new user's password with a formula?

    Here's what I'm trying to do: design my database so that a new employee record has a password generated with a formula (obviously, not one that is published). On the employees table is a true false declaring if the user's password needs changed. The default value is true. So when I create a new record (add an employee to the table) he is given an unguessable (but not actually random) password and the tables marks his password as needing changed.

    Now, on the login form, the command button checks if that user's password is marked as needing changed. If it is, it closes the login form and opens the change password form. What I need the command button on the change password form to do is change the value if the user's password (from the auto-calculated one) to the one he entered in the change password form AND to change the true/false value on that user's require change password box to false. Make sense?

    So

    1. How do I make the default password = to a formula (like the date the employee was added and their initials, etc) and

    2. How do I code the command button on the change password form do the saving if the info change like I described earlier? Any tips?
    Last edited by Niheel; Jan 24 '11, 03:34 PM. Reason: Always ask your questions in your own thread now @ the end of someone elses?
    Tags: None
    • Marty L
      New Member
      • Jan 2011
      • 8
      #2
      Jesse,

      I understand exactly what you're trying to do, and I know how to do it, but unfortunately I don't know the code for it. You want to concatenate your fields. Concatenate means to "add" your fields together. So basically it'll look like this:

      "date" + "initials"

      that will show up as 010811ml

      something like that. Now as I've said, I don't know the code for it, but that's the concept that you need.

      Sorry I couldn't be of more help.

        Comment

        • Jesse Jones
          New Member
          • Jan 2011
          • 51
          #3
          Thanks, Marty. How would you do it? The only reason I think I don't actually need code to originate the password.

          Also, do you know the code that changes the value of a field in another table? (On my employee table, there is a yes/no that decides if the employee needs to be forced to change their password. If it says yes, they are redirected to a password change form. What I need is for the command button on that password change form to 1. set the password in employees = the password they just entered on the change form and 2. change the value of that yes/no to no.) Anyone have any suggestion?

            Comment

            • munkee
              Contributor
              • Feb 2010
              • 374
              #4
              I am unsure if this is the answer you are looking for but it is what I do for my database and it runs a lot smoother than trying to generate random/unique passwords.

              Whenever I add a new person to my database the default password is set to "Password".

              In my login form I check the entered password (as you do). If this password is = to Password I redirect the person t the "change password" form. I use a simple message box to display "Since this is the first time you have entered the databse, using the default password you are now required to change this." or similar.

              It saves a lot of headaches generating new passwords etc when realisticly it is easier to let people all use 1 password to login for the first time and then ensure they change this to something else.

                Comment

                • Jesse Jones
                  New Member
                  • Jan 2011
                  • 51
                  #5
                  Okay, munkee, thanks. I used to do it that way, but we had a problem with people overwriting other people's passwords. Not everyone has the same permissions in the database. So when I hire someone into database development with near total access, I don't want people in communications to be able to change the new guys password. Make sense?

                  Thank you for your thought. You could be a huge help to me though by perhaps sharing with me what you have done with you password change form. I assume its a modal form with a command button...? What is the coding on that button that changes the users password? I mean, how do you automatically save their new password?

                  Any help would be greatly appreciated. I am basically a novice in this.

                    Comment

                    • munkee
                      Contributor
                      • Feb 2010
                      • 374
                      #6
                      I'll post some code in the morning

                        Comment

                        • Rabbit
                          Recognized Expert MVP
                          • Jan 2007
                          • 12517
                          #7
                          As far as security goes, you may want to take a look at this thread. http://bytes.com/topic/access/insigh...atabase-access

                          For a default password, I assume you have an add employee form. I would put a button on there that sets the password.

                          As for the password change, when they click the log in, I would use a dloopup to check if they need to change their password. If they do, I would open up a modal form for them to change their password. When they click a change password button, it would run an update SQL.

                            Comment

                            • munkee
                              Contributor
                              • Feb 2010
                              • 374
                              #8
                              Here are the two sets of code I use.

                              The first is to validate a user login and to check if they have their password set to "Password" to redirect them to the change password form.

                              Code:
                              Private Sub cmdOk_Click()
On Error GoTo Err_cmdOk_Click
'-----------------------------------------------------------------------------------------------------------------------------
' This code is used to validate users found in the tblSecurity table. If the wrong user name or password is
' provided access is denied.
'-----------------------------------------------------------------------------------------------------------------------------
    Dim db As DAO.Database
    Dim rst As DAO.Recordset
    Dim rstV As Recordset
    Dim stDocName As String
    Dim stLinkCriteria As String
    
    Set db = CurrentDb()
    Set rst = db.OpenRecordset("tblSecurity", dbOpenDynaset)
    
    If Not IsNull(Me.txtUser) And Not IsNull(Me.txtPassword) Then
        rst.FindFirst "Password = '" & Me.txtPassword & "'" & " And UserID = '" & Me.txtUser & "'"
    
        If rst.NoMatch Then
            MsgBox "You entered the wrong User Name or Password." & Chr(13) & _
            "Please enter the correct User Name and Password or " & Chr(13) & _
            "contact the Database Adminstrator for assistance.", vbOKOnly + vbCritical, "Logon Denied"
        ElseIf Me.txtPassword = "password" Then
            MsgBox "This is the first time using the database or your passowrd has been reset." & Chr(13) & _
            "You must change your password before you can enter the database.", _
            vbOKOnly + vbExclamation, "Change Password"
            stDocName = "frmUserLogonNew"
            stLinkCriteria = "[UserID]=" & "'" & Me![txtUser] & "'"
            DoCmd.OpenForm stDocName, , , stLinkCriteria
        Else
            stDocName = "frmSplashScreen"
            DoCmd.OpenForm stDocName, , , stLinkCriteria
            Me.Visible = False
        End If
    Else
        MsgBox "You left the User Name and/or Password blank." & Chr(13) & _
        "Please enter the correct User Name and Password or " & Chr(13) & _
        "contact the Database Adminstrator for assistance.", vbOKOnly + vbCritical, "Logon Denied"
    End If
    
    
    With Forms!frmhidden
        .txtViewID = rst.Fields("ViewID")
        .txtAccessID = rst.Fields("AccessID")
        .txtActive = rst.Fields("Active")
        .txtPassword = rst.Fields("Password")
        .txtUserID = rst.Fields("UserID")
        .txtSecurityID = rst.Fields("SecurityID")
        .txtFName = rst.Fields("FName")
        .txtSName = rst.Fields("SName")
        .txtEMailAd = rst.Fields("EmailAd")
        .txtUDept = rst.Fields("UDept")
    End With
    
    
    
    
Exit_cmdOk_Click:
rst.Close
Set rst = Nothing
Set db = Nothing
    Exit Sub

Err_cmdOk_Click:
    Me.Visible = True
    MsgBox Err.Description
    Resume Exit_cmdOk_Click

End Sub

                              The second part of the code is my change password form allowing users to supply a new password twice and update their info:

                              Code:
                              Private Sub cmdOk_Click()
On Error GoTo Err_cmdOk_Click
'-----------------------------------------------------------------------------------------------------------
' This code is used to change the user password in the 'tblSecurity table.
    
    Dim stDocName As String
    Dim stLinkCriteria As String
    
    If Not IsNull(Me.txtNPassword) And Not IsNull(Me.txtCPassword) Then
        If Me.txtCPassword = Me.txtNPassword Then
            stDocName = "qryUpdateUserPassowrd"
            DoCmd.SetWarnings False
            DoCmd.OpenQuery stDocName, acNormal, acEdit
            DoCmd.SetWarnings True
            MsgBox "Password was successfully change", vbOKOnly + vbInformation, "Password Changed"
            stDocName = "frmSplashScreen"
            DoCmd.OpenForm stDocName, , , stLinkCriteria
        Else
            MsgBox "New password and confirmation do not match." & _
            Chr(13) & "Please enter the correct password and confirm", vbOKOnly + vbInformation, "Incorrect Password"
        End If
    Else
        MsgBox "You left the User Name and/or Password blank." & Chr(13) & _
        "Please enter the correct User Name and Password or " & Chr(13) & _
        "contact the Database Adminstrator for assistance.", vbOKOnly + vbCritical, "Change Failed"
    End If
    
Exit_cmdOk_Click:
    Exit Sub

Err_cmdOk_Click:
    MsgBox Err.Description
    Resume Exit_cmdOk_Click

End Sub
                              The query the above references to has the following sql:

                              Code:
                              UPDATE tblSecurity SET tblSecurity.[Password] = Forms!frmUserLogonNew!txtCPassword
WHERE (((tblSecurity.UserID)=[Forms]![frmUserLogonNew]![txtUser]));

                                Comment

                                Previous template Next
                                Working...