Jump to content
xisto Community
icash

Access Is this easy to make a login/password?

Recommended Posts

I was looking to make a site where people need to create an account, and log in to view the main pages.Is it easy, or do-able, to use msoft access to make a database where people are able to sign up with a username and password via my website?

Share this post


Link to post
Share on other sites

I most strongly suggest to not use Microsoft Access. Secondly, I suggest using a simple php login script and a MySQL database to hold all of your data (usernames and passwords)

Share this post


Link to post
Share on other sites

If you want a "learn-by-example" set of sources, may I suggest that you use your Xisto's cpanel and install the phpbb forum, you will then see how they use php and a mysql database in order to let people create their accounts and then login using username and passwords.

Share this post


Link to post
Share on other sites

I was looking to make a site where people need to create an account, and log in to view the main pages.
Is it easy, or do-able, to use msoft access to make a database where people are able to sign up with a username and password via my website?

Yes it is easy but i suggest to use MySql or Postgress instead, and also i agree with the others.

Best regards,

Share this post


Link to post
Share on other sites

Not to mention I've had a HELL of a time trying to get my Access pages to come up properly in any browser other than Internet Explorer... Not to mention none of the intended client computers had Microsoft Office... this WAS at a workplace where I tend to avoid using pirated software...I since converted their databases to XML which was at the time fairly easy... but that's to say.. this was probably like 5 years ago now...In any case... I agree... PHP + MySQL is pretty slick... and of course, free : )

Share this post


Link to post
Share on other sites

Yeah, in most cases it is much easier to do it with PHP and MySQL database, when working with Microsoft Access I remember I had difficulties, due to I am used to a little bit different SQL, of course with time it gets easier, but.. A login script can be available for free written in PHP and MySQL or I even think you can find one which is using a database directory and is storing everything into simple text files, it's not a bad idea if you don't have any access to MySQL database, nevertheless, it's very easy to get MySQL database these days.. You just need to google for it and install it or embed into your scripts/files ;DAnother alternative is to use password protected directories, with lots of users for it, it can be done with PHP by sending and checking the headers or with CPanel which does this by adding/modifying .htaccess files in that directory, but I don't like this way, usually there are problems logging off and it doesn't look as "cool" as done with a scripting/programming language and a database or a text file. :rolleyes:

Share this post


Link to post
Share on other sites

If you still want to use Access for your site check this topic Connecting Ms Access To Php Using Odbc which explains in a very simple way how to do it with Php, and if you want to start right now your login system, check out this simple tutorial: Creating a PHP Login Script, in this case, it uses Php, MySql and the PEAR:Db library.

 

Also i recommend you to search here at the forums, there are a lot of topics related to this, like the following ones:

A Simple Checking & Validation PHP Script

Need Help With A PHP - MySQL Registration Script

How Do I Do Script Checking & Validation In PHP?

Extremely Secure Authentication System

Best regards,

Share this post


Link to post
Share on other sites

We just learned the basics of Microsoft Access in school and I have no idea of how it is used for other than organize information for companies. It isn't very flexible and is quite confusing to use. I think it is best suited for info that doesn't need to be "accessed" often as adding/editing records are easy enough, but for people logging on and off of it noone can seem to find anything like that.I highly recommend using MySQL and PHP (or ASP + MSSQL if you are on Windows) and doing a database from there. That's what I use and that is what major companies use.

Share this post


Link to post
Share on other sites

1. Create a table of Login names and associated passwords. This can easily be incorporated in a table of employees. We will assume this table to be called TblLogin, and the fields called "LoginName" and "Password". The field Password can have a "password" input mask for security. Or those 2 fields could be created in a separate table that can then be hidden.2. Create a table called "TblLoginRecords" to keep track of passwords entered as well as errors. This table would have the following fields:LogLoginName (text)LogPasswordEntered (text)LogProblem (Y/N)3. Create a form named "frmLogin" with the table "TblLoginRecords" as record source.4. On that form, create 2 textboxes with the LogLoginName, LogPasswordEntered fields as Control Source. Also create a check box with the field LogProblem. Change the Visible property of LogPasswordEntered to No.5. Create a button labeled "CmdLogin" with the following code attached to its OnClick property:On Error GoTo Err_CmdLogin_ClickIf [LogLoginName] = DLookup("[LoginName]", "TblLogin", "[Password]=forms!frmlogin!LogPasswordEntered") ThenDoCmd.OpenForm "FrmPage1"ElseMe!LogProblem = -1DoCmd.QuitEnd IfForms!frmlogin.Visible = FalseExit_CmdLogin_Click:Exit SubNote: i would just like to say that if you do use this is can be easily be bypassed if they really want to attack you. this will only stop people from making mistakes.but basicly what this is doing is, when someone enters a username/password it opens the the TblLogin and checks the LoginName to see if the username they entered is in the database to begin with then if it is a matching username it will then check to see if the password matches. Thus creating a login form!I hope this helped and feel free to correct me if i made any mistakes

Edited by Karmen (see edit history)

Share this post


Link to post
Share on other sites

Note: i would just like to say that if you do use this is can be easily be bypassed if they really want to attack you. this will only stop people from making mistakes.

Can you post more information about this??? I'm a bit interesting on how you could do it.
Best regards,

Share this post


Link to post
Share on other sites

Can you post more information about this??? I'm a bit interesting on how you could do it.
Best regards,


all they would need to do was exploit the database so it could be remotely downloaded, then you would be able to open it up and look at the user name/passwords. Go back to the site and enter them in. I would recommend using php / SQL if you want it to be done securely.

Kind Regards
- Karmen

Share this post


Link to post
Share on other sites

all they would need to do was exploit the database so it could be remotely downloaded, then you would be able to open it up and look at the user name/passwords. Go back to the site and enter them in. I would recommend using php / SQL if you want it to be done securely.

I think by exploiting the database is not by having what kind of database, rather how you work on your SQL structure, eg. one-way-hash all password for security. But in the first place, they need to get into the server to download the database. So if they do, then even MySQL can be downloaded.

Or is there another easier way to exploit Access database compare to MySQL? Just curious. :rolleyes:

Cheers

Share this post


Link to post
Share on other sites

well theres varies ways a website can be compromised.One of the most popular methods is an RFI which is a Remote File Inclusion. Basically this lets you remotely add a file called a "Shell" to a website. This shell is basically like a FTP client on site itself. Once the Shell has been included you can upload a permanent shell like http://forums.xisto.com/no_longer_exists/?'>http://forums.xisto.com/no_longer_exists/? Now to access the shell you simply go to that url. Once your shell has been uploaded you basically have root access to the server and you can control it as if you were using an FTP. This would allow you to download the database.Another method would be LFI which is a local file inclusion which is like http://forums.xisto.com/no_longer_exists/ what that will do would dump the username/password file onto that page so you can read the username/passwords. Although with this method it dumps the MD5 hash which is the encrypted password but these can be cracked very easily. So in theory both methods work if your wanted to get admin access on a website.

Share this post


Link to post
Share on other sites

We just learned the basics of Microsoft Access in school and I have no idea of how it is used for other than organize information for companies. It isn't very flexible and is quite confusing to use. I think it is best suited for info that doesn't need to be "accessed" often as adding/editing records are easy enough, but for people logging on and off of it noone can seem to find anything like that.
I highly recommend using MySQL and PHP (or ASP + MSSQL if you are on Windows) and doing a database from there. That's what I use and that is what major companies use.


I also agree in not using MS Access I have seen some pages with ASP that work with this database and they work very slow. Access is not intended to work in web, it is only useful If you want to create a simple and single user system and you want it to be working in very few time and in a local environment. It is easy to use because it has a graphic environment and wizards to create the user interface. However there are many tool for working with other database systems (like PhpMyAdmin) so I prefer not to work with access in any case, unless is the only option (because of licenses or host configuration).

I also agree to use MySQL, Microsoft Sql Server or Oracle that are more scalable and powerful databases. MySQL is free and is going better in each release, so is a very good option for many websites.

Share this post


Link to post
Share on other sites

all they would need to do was exploit the database so it could be remotely downloaded, then you would be able to open it up and look at the user name/passwords. Go back to the site and enter them in. I would recommend using php / SQL if you want it to be done securely.

 

Kind Regards

- Karmen

Hi, i think that you have good knowledge of Access and hope that you may help me with a problem i have with an Access 97 database.

 

I have an Access 97 database that seems to be crashed because i can't work with it, the only posible thing that i can do with it is to open it and view all the tables, queries, etc. that it have, but for example, if i try to open any of its tables or queries either in design or data mode Access shows up an error window with the following message: Couldn't read definitions; no read definitions permissions for table or query 'table_name'.

 

Also, i'm not be able to export any thing of this database, or convert it to another version of Access like Access 2000 or 2003, when i try to do it Access shows up another error window but in this case saying something related with the user permissions, exactly i don't remember right now the complete message but is more or less like the previous one.

 

Another thing that i notice is that when i enter to the security options located on the tools menu i view that this database don't have any owner, it shows up that the owner of the database is unknow.

 

In the topic Access 97 to Access 2003 that i post two weeks ago the user faulty.lee give me a solution to this but unfortunately it doesn't work too.

 

I hope that my explanation is enough and you understand it completely, if not, please ask me whatever you want or need.

 

Best regards,

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.