Password Instructions

=================================================================
General program procedure:

1. Copy the XXXXUSER.DBF and XXXXUSER.CDX to the name of the user file you want to create:

	XXXXUSER.*  -->  TESTUSER.*
	
2. Run CODER.PRG. It will ask you what user file you want to work on. It will then ask you for the system password. For this program the system password is GROT (you can change it if you want). The system name is SYS and it has a level of 4, which is the top level. Once you enter the correct password the CODEMENU screen will be displayed where you can do maintenance on the user file.

The user file's structure is as follows:

		Structure for database: XXXXUSER.DBF 
		Field  Field Name  Type       Width    Dec    Index   
		    1  NAME        Character     30            Asc    
		    2  USER        Character      3            Asc    
		    3  DEPT        Numeric        1                   
		    4  CCNTR       Character      8                   
		    5  IDLEVEL     Numeric        1                   
		    6  IDCODE      Character      4                   
		** Total **                      48
		
The IDCODE field for any user is encrypted and displays as random ASCII characters if you look at the field. 

The five files necessary for you to work on this file is CODER.PRG, GETPASSW.PRG, CODEMENU.SPR, CODEENTR.SPR and CODE_LIB.PRG.

-------------------------

CODER.PRG is the main program that sets the procedure file CODE_LIB.PRG, asks for the user file you want to use, calls GETPASSW.PRG that uses the system password record to allow entry into the rest of the program, and then calls CODEMENU.SPR, which is the main menu screen that the developer uses to create names in the user name file, XXXXUSER.DBF, and to do other work such as print out user names, and code forms that can be given to the user with their names and passwords on them. CODEENTER.SPR is the data table entry screen.

-------------------------

The CODER.PRG program prints out a sheet that can be given to the user. It displays the user's name and password. This should be given to the user in a sealed envelope. The sheet information is hard coded in the program. You'll want to change my name and number to your own name and number.

The report CODEFORM.FRX is an alternate method of printing the user code sheet. You can change it for your own name and number. You can modify CODER.PRG to include it instead of the hard code.

The report USERLIST prints out a list of all the user records.
IMPORTANT NOTE:  This list will print out an un-encrypted password, so that you can quickly refer to it if required. You don't want it hanging around for others to view.

=================================================================
Password entry

If you want to have a user enter a password before they can even run an application you have to have some means of checking that entry against a file of coded passwords. If you plan this out, you can have names, departments, user levels, and any number of fields of information passed to your application. You can do this with a user table and a mechanism to encrypt and decrypt passwords that are kept in the table.

Because the user table is unique to any application you would call this procedure with the name of the table. Also, by adding a filter level, you can determine who the user is only by the password, and you can use the same password for a person who is at two or more different levels.

You would do this through a call early on in your application:

-->	* Check for correct password for program entry
-->	DO CHKPASWD WITH 'KEYSUSER',1

The file A_TEST.PRG shows how this can be done.
NOTE: If using this basic method, all the user levels should be 1.

-------------------------

The CHKPASWD.PRG program gets the user's password and checks it against the user file.

Some notes on this file:

CHKPASWD sets the procedure file to CODE_LIB. It will display the password entry window, and will display '*' for each key press (I got most of this keypress entry routine from somewhere in the FOXFORUM libraries, and can't find and don't remember who originally developed it. Thank you whoever you are, I'm sorry I can't put your name here. I modified it slightly to make sure only four characters can be entered). 

If the password is incorrect the user has another chance to enter the correct one. If it's wrong again the program QUIT's. If you are the developer, change all instance of 'ATS' to your own DOS environment "USER" name. This helps you to stay in the development process.

If the user is found in the table, the user's Initials, ID level, Department, and Cost Center are put into the memory variables. You can add or eliminate any of the fields for your own use.

=================================================================

The A_TEST program shows a couple of ways to use these password rountines. Set the A_TEST to the top program in the project and recompile the PASSWORD.APP to run them.

=================================================================

List of files in project:

AMAIN          Screen Set  	A test menu screen for program demo
A_TEST         Program     	A test program to try things out
CHKPASWD       Program     	Checks user entry against table
CODEENTR       Screen Set  	XXXXUSER table entry screen
CODEFORM       Report      	Optional user Initials/Password form
CODEMENU       Screen Set  	Developer's maintenance menu
CODER         Program     	Developer's main password program
CODE_LIB       Program     	Procedure file with encryption codes
GETPASSW       Program     	Developer's password entry
GETPASWD       Screen Set  	User's password entry screen
INSTRUCT.TXT  File        	This file
RESET         Program     	Handy developer's program
TRAPWIND       Program     	On Escape window
USERLIST       Report      	Developer's list of users
XXXXUSER      Index       	
XXXXUSER      Database    	Startup user table

=================================================================

If you have any comments or questions or find bugs or have improvements, please let me know. This is a basic program that I had to put together to get some form of password entry. It can give the illusion of safety, but you know that others can access your data in a multitude of ways. _You_ have to assure this program will protect your data to the limit it is capable of. This program can't stop everyone from getting into your databases, and you get this program as is. I won't accept any responsibility for the evils of mankind or what others do to your data. Good luck.

Tony Scarpelli
Clinical Engineering Dept.
Maine Medical Center
Portland ME 04102

CIS: 71535,306
