I have created a form Users whereby I do a dblookup in a view which look at the view Users. Everything is working ok when the users enter their username and password but it enables the users to specify his username and use someone else password. For example I have two users A and B, users A’s password is C and user B’s password is D, but when I use user A and type in user B’s password my program accepts it and vica versa.
What I would like is that the dblookup must only accept user A’s password and not user B’s password also
Subject: RE: Create a dblookup(“Urgent please”!!!)
If you are entering both username and password, then I think you need to do the
following…
username:=@prompt([OKCANCELEDIT];“Please enter your username”);
password:=@prompt([OKCANCELEDIT];“Please enter your password”);
stored_password:=@DbLookup(“”:“NoCache”;“xxx”:“xxx”;“Users”;username;2); @if(password<>stored_password;i>failure code goes here;success code goes
here])
Subject: RE: Create a dblookup(“Urgent please”!!!)
Don;t forget that if you are referencing a field in your DbLookup, don;t put it in quotes - otherwise Notes will search for the value within the quotes
Subject: RE: Create a dblookup(“Urgent please”!!!)
Thanks guys for replying so soon
All i want is that it must lookup the username’s password if it can’t find the right password for that username it must not allow the user. In my view currently I have the following
First sort column User Password
Admin User
A C
B D
So the program needs to have a dblookup if the username = A then the password must be C and not D as what is currently happening.
Subject: RE: Create a dblookup(“Urgent please”!!!)
Your key in @DBLookup is password (field Enterpassword) so you can’t lookup for for key which isn’t in first sorted column in view (please take a look in Domino Designer).
Subject: RE: Create a dblookup(“Urgent please”!!!)
I think username should be known value so don’t need to lookup for username - you have username then you lookup for password, if password is OK then go in (something like in Mike’s post).
Subject: RE: Create a dblookup(“Urgent please”!!!)
Why I want to let the password lookup against the username is because there is users that will use somebody else username and use their password. This will then in my programe log the username and say they have never opened the document, and blame it on somebody else.
Subject: RE: Create a dblookup(“Urgent please”!!!)
My reaction to this would be to tell the user that they are responsible for the actions of anyone they’ve given their identity to, so that when they blame someone else, I’d say, “Too bad. You’re the one who violated company policy and Notes security by giving your identity to someone sle, so you’re responsible for their actions. Deal with it.”
Of course, this assumes that there is such a company policy, and that the company takes Notes security seriously in the first place. If this isn’t true; if the sharing of identities and the resulting impersonation is a casual, commonly accepted practice, then you’re in big trouble, and attempting code-around solutions like the one you’re trying will be a partial solution at best; such attempts at coding security are notoriously easy to get around.
So the big question is why users share their identities in the first place? This has simply got to be stopped.