[RESOLVED] I need help with validation on a password

Hello Everyone

I am new using VB2005 and I need some assistance with the following:

I have a created a program that connects to a Access database, the user has to have a user name and password to be able to access the application. So far that is working correctly it validates to make sure that the user and password does exist in the logon table.

As you know sometimes people forget their passoword and the administrator has to reset it. I have setup a default password when ask to be reset it which is "Support".

If someone logs in using their logon and the temporary passoword (Support) the system is going to promt the user to change it.

I would like for the validation of the temporary password not for just anyone to use someone elses logon and just type "Support" and promt them to change it. how can i make sure that the password has been reset.

I have the following code:

Code:

---

        Dim testsearch_connection As OleDbConnection
        Dim searchtable_string As String = ""
        'Dim searchtable_string2 As String = ""
        If Trim(UsernameTextBox.Text) = "" Then
            InvalidEntry("User Name")
            Exit Sub
        End If

        If Trim(PasswordTextBox.Text) = "" Then
            InvalidEntry("User Password")
            Exit Sub
        End If

     
        'If PasswordTextBox.Text = "support" Then
        'MessageBox.Show("The Password you entered has expired, please change it now.", "Change Password", MessageBoxButtons.OK)
        'Me.PasswordTextBox.ResetText()
        ' ResetPasswordForm.Show()
        ' Exit Sub
        ' End If

        testsearch_connection = New OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\program files\Support Desk\Database\SupportDesk.mdb;Persist Security Info=False")

        testsearch_connection.Open()
        Dim myAdapter As New OleDb.OleDbDataAdapter
        searchtable_string = "SELECT logon, test FROM assignee Where logon='" & UsernameTextBox.Text & "' and test='" & HashPassword(PasswordTextBox.Text) & "'"

        Dim myCommand As New OleDb.OleDbCommand()
        myCommand.Connection = testsearch_connection
        myCommand.CommandText = searchtable_string
        'start query
        myAdapter.SelectCommand = myCommand
        Dim myData As OleDb.OleDbDataReader

        myData = myCommand.ExecuteReader()

        'see if user exits.
        If myData.HasRows = 0 Then
            'MessageBox.Show("Invalid Login Details", "Login Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
            MsgBox("User name/password invalid", MsgBoxStyle.Critical)
           
        Else
            Dim frm1 = New Form
            Searchfrm.Show()
            Me.Visible = False

        End If

---

Thanks you so much for your help

Don't use a default password. When you need to generate a new password, use the RandomNumberGenerator class to generate an array of cryptographically random Bytes, which you can then turn into a String and use as the password. Save that password to the database, along with a Boolean value that indivates that the user must change their password the next time they log in.

Thank you for your quick responce JM

On the reset password I have a reset password button that when you click on on it does the following:

Code:

---

Private Sub ButResetPass_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ButResetPass.Click
        TextResetNewPass.Text = "Support"
        TextRestConfirmPass.Text = "Support"
    End Sub

---

Then I have the foolowing on the save:

Code:

---

Private Sub ButResetSave_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles ButResetSave.Click
        Dim cn As OleDbConnection
        Dim cmd As OleDbCommand
        Dim str As String

        If TextResetNewPass.Text = "" Then
            MsgBox("New Password Cannot be Empty")
            Exit Sub
        End If

        If TextRestConfirmPass.Text = "" Then
            MsgBox("Confirm Password Cannot be Empty")
            Exit Sub
        End If
' Compare the two hashed passwords.
        If TextResetNewPass.Text = TextRestConfirmPass.Text Then
            'MessageBox.Show("Access Authorized")
        Else
            MessageBox.Show("Please confirm the Password!")
            Exit Sub
        End If

cn = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\program files\Support Desk\Database\SupportDesk.mdb;Persist Security Info=False")
        cn.Open()
        str = ("UPDATE Assignee SET test = '" & HashPassword(TextResetNewPass.Text) & "' WHERE Logon = '" & TextResetName.Text & "'")
        cmd = New OleDbCommand(str, cn)
        cmd.ExecuteNonQuery()

 'End Using
        MsgBox("Your new password has been saved sucessfully", vbOKOnly)
        Me.Close()
        'Dim stamp As String = "Edited by " & My.User.Name & " on " & Date.Now.ToString
        ButResetSave.Enabled = False

---

How can I implement what you are suggesting?
Thanks you so much fior your help
BK