VB6 - Example on how to make a Login where password is stored hashed in Database
Lately a few users asked how to make a login for their applications.
This example shows how to make a login where the login information is stored in a database.
I'm using an Access Database (for simplicity), but it can be done just as easily with any other database type.
The password is stored hashed using MD5 (128 Bit) in the database, so you don't need to be afraid that someone will just open the database and read the passwords.
As most people know, hashing is a one-way encryption, so the hash cannot be brought back to the original password, that's why it is safe to store the passwords this way.
You can go further than that, and set a password to the database itself, but as many know, that is easily breakable using tools off the internet. That's why I did not bother adding a password to the database for this example.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Originally Posted by sunilvedula
what application should i have to open the forms. i have tried using access but except the database nothing else opens. Can u help
Amm.... VB6 means... Visual Basic 6.0 .... so you open the LogInExample.vbp file using Visual Basic...
Since the example comes with an empty database, you have to make a login first, then next time you start the application, it will ask you to login using the username & password you have saved previously...
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
can u show me the right way to use the program?
i have installed the .zip file and in the folder there are many form. how do i use it? can u pls teach me.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
ops...ya! i had downloaded and didn't uncompressed the file. No wonder it can't work.
anyway, now it works!
this program seem useful but i don't understand how the form link with each other. normally i just build a single form to link with access database to do my project. but for yours, it has more than one form, besides that there is also .cls and .bas.
is there any other way to build the login page?
pls dun get me wrong, i'm not criticizing on ur program. is just that i'm not use to vb because normally i just build a sample program.
hope u can help me. actually i'm not from computer filed, i'm from E&E eng and currently i'm doing my project that going to communicate my hardware with vb+database. so i hope that u can help me.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Im using this as a base for my online game... i think this can be a useful login but i only need the ability to change accounts for admin... i cant find any code to edit exept
Code:
Private Sub cmdOK_Click()
mCancel = False
mUsername = Me.txtUserName.Text
mPassword = Me.txtPassword.Text
Unload Me
End Sub
Can any1 tell me how to edit this to make it so Admin only get that screen?
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Hello Michael,
First i'd like to thank you for your work.
I was looking for this kind of script for a long time.
Just as silver55 i'd like to add access levels.
Like Admin, Special user, User.
I edited the Access Database with a extra field called: "Access"
I would like to know how to add the code part "username = admin" or "special user" (and so on) to the vb code. (Checking what kind of access he has)
Also i like to see this option added in the Manage Users dialog.
My VB knowlegde is pretty limited, so i'm asking for your help.
Perhaps you can also explain how to forward those users to frm's.
Like, if a user has admin access he will be forwarded to form3, a special user to form2, a user to form1. something like that. (After logging in)
Thanks for reading,
-Tribeca
Last edited by Tribeca; Apr 11th, 2008 at 04:31 AM.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Hi Tribeca,
I read your message, and I started working on a sample where you can set permissions by form.
The way I will make it: You "design" a group or groups, then you assign a group to each user, so every user will have access to the forms that the group has assigned to.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Hey Michael, do you know a way i can upload this to the internet (Like MySQL) for free and easily and i have the same issue as tribeca... and as it seems
Just as silver55 i'd like to add access levels.
Like Admin, Special user, User.
i asked first so can i have a copy of that new database also? thanks alot for your privious help and hopefully for your future help too and if you could look at My Online Game you and anyone else please read and if you can help.
Thanks Alot, Slicksilver555
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Great job CVMichael.
One thing I noticed was that when I open up the LogInExample2 BV workspace I cannot seem to move any of the controls at design-time (buttons, textboxes and etc.). Nor can I find any attribute to "unlock" them.
Second is about the user managment itself. Admins have right to update user-accounts with new password and even new username. It would be neat with a delete user ability.
Keep up the good work man. I really like your ecryption methods in your other threads.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
I always Lock the controls when the design part is done while making the program. This way, I won't move a control by mistake.
I attached a screen shot of how I have my toolbars aranged, you can see the "Lock Controls" selected, and if you don't have it there, then you can add it from the Customize window.
I don't know how much experience you have with databases (I have a lot).
One thing you learn (in time) is that you never need to delete a user (also you can't), because of data integrity. If you have records made by that user, and foreign keys set up properly, then you won't be able to delete the user until all records made by that user are deleted also.
Instead the best thing to do is to have a boolean field like "Active", and if it's False, then the LogIn should not allow the user to log in.
But if you browse the records, you will still be able to see records done by that user.
I don't remember if I made the "Active" field in this example, if I did not, then it's probably because I did not want to complicate the application too much (or maybe I did not think of it at that time ).
I don't have time right now to make the modifications (I'm at work), but if you want to try you only have to do 3 things.
1) Add the field in the user table "Active" as boolean
2) In the Log-In, in the select statement, just add "Where Active = True"
3) Add the field in the user interface, that is accessable only by Admin.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Thanks for fast reply CVMichael
I had never seen that Lock Control toggle before. But it might come in handy tho. Anyway, delete user was kind of wrong to describe it. Better would be hide it or as you suggested make the account inactive and inaccessble to anyone but administrator. Only work I've done with databases are on PHP with mySQL and some simple MS Access jobs.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
My apologies for reviving this yet I need to know, say I already have a main form on my application and I want to set it up so that, the login form runs first, then if validated launches my main form where I could also use the manage users. How would I do that.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
If I remember correctly, the example I have posted launches the main form first, and then the login form as a modal form. If the login is correct, then the login simply unloads, but if the login is incorrect (after 3 tries), then both unload.
So you can just add the login form to your project, and copy the same logic from my example in the first post...
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Great work!
You have managed user groups via giving access to forms but with this procedure the non admin users can delete record from the database with their login another thing is that if anyone wants to see the data from other department how he can see or in other words how do we give the users:
Add
Save
Edit
Update
Delete
View
Rights
You have done a fantastic job we expect more. Kindly reply my questions.
I belive in pray. I pray for you.
You may have happy, healthy, wealthy life.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Im a 2nd year college student, and we are using vb and my sql server(sql instead of ms access). I converted the access data to sql, i think i need to change some of the code. like this one.
vb Code:
FormAllowed = DBConn.Execute("SELECT Count(*) FROM (tblUsers AS u " & _
"INNER JOIN tblUserGroupPrivileges AS gp ON u.UserGroupID = gp.GroupID) " & _
"INNER JOIN tblForms AS f ON gp.FormID = f.FormID " & _
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Hi CVMichael!
Thanks for the wonderful post. I really appreciate it.
But I have a problem when I was about to look for the code in converting it back to the old password. I can't seem to load the old password when I double click on the ListView that you made in the frmManageUsers.
Could you kindly check the program again if it works for you..?
Thanks a lot..
^___^
Manny Pacquiao once posted in his twitter:
It doesn't matter if the grammar is wrong, what matter is that you get the message
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Good day Sir, I've seen your project and i was truly fascinated by the way you did the password encryption. one thing that I can't work out with this is that what if I wanted to put a password on my database to protect the other field contents? How would or where should i put my userID and Password for my database? thank you so much for this wonderful project it really helps a lot.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
hello! i found this program helpful and im wanting it to modify but i dont know where to start..
can you please help me.. i just want to make a desktop locker, this what i want to do:
i want this for personal use only.. because my cousins mess up with my pc.. by the way im not a hardcore programmer but i can do simple ones. actually i created one but i want this login sample to merge with my program.. thanks in advance!
Last edited by kulunggoy; Sep 6th, 2011 at 10:33 AM.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Thank for you for this work. It is useful and helpful. Is there a reason why the field size of the field Password is set to 32? Is it something to do with the MD5 implementation?
Last edited by Phantom1; Apr 19th, 2012 at 01:58 PM.
Learning to Program on Earth until I go into Outer Space...
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Yes...
128 bit (MD5 encryption strength) is 16 bytes (in binary)
16 bytes to HEX is 32 characters
If you change the encryption strength to something else, like SHA, then convert that to bytes times 2, and that's the length of the field should be. So for 160 bit SHA, then 160 / 8 = 20 * 2 = 40 chars...
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
Can you explain about
Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long)
and
Sleep 200 + 300 * Rnd?
I only know that it is to prevent brute force password cracking from the application, as it is annotated. How? What does Sleep (200 + 300 * Rnd), along with Randomize at the start of the DoLogin function, do exactly?
Learning to Program on Earth until I go into Outer Space...
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
When cracking by brute force, you try in a loop passwords. The more passwords you try per second, the faster you crack it.
This just slows down the automated process that tries to crack the password. The Rnd is just there so that it is not too predictable on how long to wait until it tries next password.
Re: VB6 - Example on how to make a Login where password is stored hashed in Database
hey michael...i liked ur work alot......can u help me designing a system where i have to decrement quantity of entity after every issue of the same entity...