Hi,

I am new to VB6, in fact I'm trying to teach myself how to use it.
Here is my problem. I am trying to code a login screen. The screen has one input field along with a login button and a cancel button.
I want to verify the password with the password stored in the Password table in access. There is only one field in the table(Password) and there will only ever be 1 record. Also I would like to have the password appear in asteriks as the user is typing it in.

Here is what I've got so far:

Dim dbCon As ADODB.Connection
Dim dbCom As ADODB.Command
Dim commandString As String

Private Sub btnCancel_Click()
frmLogin.Hide
frmMainMenu.Show
End Sub

Private Sub btnLogin_Click()
Dim passwd As String
Set dbCon = New ADODB.Connection
Set dbCon = New ADODB.Connection
Set dbCom = New ADODB.Command
On Error GoTo ErrorHandler
dbCon.Open (dbConnectionModule.GetConnectionString)
Set dbCom.ActiveConnection = dbCon

Set rsPassword = Server.dbCon("ADODB.Recordset")
rsPassword.Open "Select Password From Password"

passwd = rsPassword("Password")

If txtPassword.Text <> passwd Then
MsgBox "Please enter a valid password"
Else
dbCom.Execute
dbCon.Close
frmLogin.Hide
frmManagementTools.Show
End If
Exit Sub
ErrorHandler:
MsgBox Err.Description
If dbCon.State = adStateOpen Then 'Check the open state of the connection
dbCon.Close 'If it is open then close it
End If
End Sub

Any suggestions will be greatly appreciate,

Thanks in advance!!

If you are going to have only one password, why store it in a table? It would be far easier to store the password as a constant or string in the routine that reads the password textbox. Then all you have do is use an IF statement such as "if data in password textbox is not exactly equal to my password then end program else continue." Also the program will be much faster. Some programmers encrypt "master" passwords and store them in the system registry, and place the more numerous "user" passwords in hidden or protected tables. If you use a textbox for dataentry, set the "password char" property "*" to hide the data as it's being entered.

The problem with the password being stored in the registry is that it would have to be stored in every registry that accessed the database - plus if you allowed the password to be modified that would create problems. The problem with access is that it is not secure - sure you can encrypt and password it but that is it. The other item I would add is a maximum number of attempts at the password - then lock it.

The reason we are storing it in a table is because we want the ability to change the password whenever we want. But thank you for the suggestion.