0

I am not a coder, but I enjoy tinkering.

I have a access database and I have a login screen, but I want to hard code in a high level username and password into the actual code. The username will be "Developer" the password initially will be "One"

This is what I am doing currently. any assistance would be greatly appreciated.

Private Sub cmdLogin_Click()
On Error GoTo cmdLogin_ClickErr
    Dim rs As Recordset
    Set rs = CurrentDb.OpenRecordset("Select * From TLKPeople Where Username =  '" & Me.txtUserName & "' And Password = '" & Me.txtPassword & "'")
    If Not rs.EOF Then
        TempVars.Add "UserName", rs!UserName.Value
        TempVars.Add "Password", rs!Password.Value
        TempVars.Add "Admin", rs!Admin.Value
        TempVars.Add "ReadOnly", rs!ReadOnly.Value
        TempVars.Add "StdUser", rs!STDUser.Value
          If Nz(TempVars!UserName, 0) = "Developer" Then
             DoCmd.ShowToolbar "Ribbon", acToolbarYes
           End If
        DoCmd.Close acForm, Me.Name
        DoCmd.OpenForm "FRMMenuMain"
        DoEvents

    Else
        MsgBox "Your login as failed!", vbOKOnly, "Login Failed"
    End If
    rs.Close
    Set rs = Nothing


Exit Sub

cmdLogin_ClickErr:
    MsgBox ("Err: " & Err.Number & " " & Err.Description)
End Sub
AHeyne
  • 3,377
  • 2
  • 11
  • 16
Kevin
  • 39
  • 5
  • See this example for using Data Protection API (DPAPI) inside VBA: https://stackoverflow.com/questions/10984256/can-i-use-dpapi-or-something-like-it-in-vba – Mr__Q Aug 30 '21 at 00:02
  • You want to hard code it when the query return `EOF`? Or just hard code it so it doesn't even look for a user? – braX Aug 30 '21 at 00:14
  • I just want to hard code it in, so it doesn't look for a user if the username and password are entered, otherwise it will look for a user. Does that make sense, i other words a high level administrator – Kevin Aug 30 '21 at 03:07
  • Your code can be the target of SQL injection, I do hope you properly sanitize your entries. What would be the result of a `Me.txtUserName` set to `' Or TRUE; %'` – Vincent G Aug 30 '21 at 07:44

1 Answers1

0

Based on that, this should at least get your started. You will probably need to tweak it a little.

Private Sub cmdLogin_Click()
    On Error GoTo cmdLogin_ClickErr
    
    If Len(Me.txtUserName) = 0 And Len(Me.txtPassword) = 0 Then
        TempVars.Add "UserName", "Developer"
        TempVars.Add "Password", "One"
    Else
      Dim rs As Recordset
      Set rs = CurrentDb.OpenRecordset("SELECT * FROM TLKPeople WHERE Username='" & Me.txtUserName & "' And Password='" & Me.txtPassword & "'")
      If Not rs.EOF Then
          TempVars.Add "UserName", rs!UserName.Value
          TempVars.Add "Password", rs!Password.Value
          TempVars.Add "Admin", rs!Admin.Value
          TempVars.Add "ReadOnly", rs!ReadOnly.Value
          TempVars.Add "StdUser", rs!STDUser.Value
      Else
          MsgBox "Your login as failed!", vbOKOnly, "Login Failed"
          Exit Sub
      End If
      rs.Close
      Set rs = Nothing
    End If
    
    If Nz(TempVars!UserName, 0) = "Developer" Then
         DoCmd.ShowToolbar "Ribbon", acToolbarYes
    End If
    
    DoCmd.Close acForm, Me.Name
    DoCmd.OpenForm "FRMMenuMain"
    DoEvents

Exit Sub

cmdLogin_ClickErr:
    MsgBox ("Err: " & Err.Number & " " & Err.Description)
End Sub

Note: You may want to use an Or instead:

If Len(Me.txtUserName) = 0 Or Len(Me.txtPassword) = 0 Then
braX
  • 11,506
  • 5
  • 20
  • 33
  • That is excellent, that will point me in the right direction, thanks heaps – Kevin Aug 30 '21 at 04:20
  • @Kevin: You're welcome. Please consider [accepting the answer](https://stackoverflow.com/help/someone-answers) if you find that it solved your problem. – AHeyne Aug 30 '21 at 06:16