Thudo Posted July 22, 2010 Posted July 22, 2010 (edited) My code: Func _PasswordCheck() $bPasswordHash=(FileReadLine($sav, 5)) $bMasterPasswordHash=(FileReadLine($sav, 6)) $sPassword=InputBox("Login","Enter Password "&(FileReadLine($sav, 5)),"",'',320,100) If _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bPasswordHash or _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bMasterPasswordHash Then Else MsgBox(16,"Access Denied","Password Incorrect!") EndIf EndFuncSo when a user continues to get the MsgBox "Access Denied" I want to lock them out after a certain # of attempts has passed. Essentially, I want after X times to have a pop-up happen saying "too many failed attempted logins have occurred". I feel like a dolt I know this is simple somewhere. Thanks everyone! Edited July 22, 2010 by Thudo
Yoriz Posted July 22, 2010 Posted July 22, 2010 (edited) Something like this ? Switch _PasswordCheck() Case 1 MsgBox(0, "Result", "Login Correct") Case 0 MsgBox(0, "Result", "Login Cancelled ") case -1 MsgBox(0, "Result", "Failed 3 times lock out user") EndSwitch Func _PasswordCheck() Local $iXTimes = 3, $iCount = 1 While 1 Local $sPassword = InputBox("Login", "Enter Password", "", "", 320, 100) Select Case $sPassword = "Correct" Return 1 Case $iCount = $iXTimes MsgBox(16, "Access Denied", "Too many failed attempted logins have occurred !") Return -1 Case $sPassword = "" If @error = 1 Then Return 0 Case Else MsgBox(16, "Access Denied", "Password Incorrect!" & @CR & "You have " & $iXTimes - $iCount & " trys left") $iCount += 1 EndSelect WEnd EndFunc ;==>_PasswordCheck Edited July 23, 2010 by Yoriz GDIPlusDispose - A modified version of GDIPlus that auto disposes of its own objects before shutdown of the Dll using the same function Syntax as the original.EzMySql UDF - Use MySql Databases with autoit with syntax similar to SQLite UDF.
EdWilson Posted July 23, 2010 Posted July 23, 2010 Thanks - this helped me out - I was looking for exactly this tonight. Do you want to reverse the order of two of the cases such that checking for the proper password comes first? This way if you get it on the last attempt it still recognizes it. Case $sPassword = "Correct" Return 1 Case $iCount = $iXTimes MsgBox(16,"Access Denied", "Too many failed attempted logins have occurred !") Return -1 Ed
Yoriz Posted July 23, 2010 Posted July 23, 2010 Well spotted EdWilson, i have switched them around in the original post, as suggested. GDIPlusDispose - A modified version of GDIPlus that auto disposes of its own objects before shutdown of the Dll using the same function Syntax as the original.EzMySql UDF - Use MySql Databases with autoit with syntax similar to SQLite UDF.
Thudo Posted July 23, 2010 Author Posted July 23, 2010 (edited) Forgive my ignorance but where does: If _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bPasswordHash or _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bMasterPasswordHash Thenfit in there? Password has to be validated by the encryption. Ah and can you also compensate for the user hitting the ESC key and when user hits OK just leaving the input box blank it should count as an invalid login? Hitting ESC bypasses the prompt. Huge security flaw. Now have to figure out how to lock the user's mouse/keyboard to the login prompt during and after the logins have failed. Really appreciate this help! Edited July 23, 2010 by Thudo
Yoriz Posted July 23, 2010 Posted July 23, 2010 I dont know what _Crypt_HashData returns but the code checks the password is correct with this line so alter it to suit. Case $sPassword = "Correct" To have ESC key and when user hits OK just leaving the input box blank count as an attempt to login just comment out the following. Case $sPassword = "" If @error = 1 Then Return 0 Locking the mouse/keyboard sounds a bit harsh, why not just set that user to disabled , then once that user account has been investigated it can be reanabled or lock it out for a certain time or something. GDIPlusDispose - A modified version of GDIPlus that auto disposes of its own objects before shutdown of the Dll using the same function Syntax as the original.EzMySql UDF - Use MySql Databases with autoit with syntax similar to SQLite UDF.
Thudo Posted July 23, 2010 Author Posted July 23, 2010 I dont know what _Crypt_HashData returns but the code checks the password is correct with this line so alter it to suit.Case $sPassword = "Correct"Return ValueSuccess: Returns hash or hash object if $fFinal=False Sets @error to 0 Failure: Returns -1 and sets @error: 1 - Failed to create hash object 2 - Failed to hash data 3 - Failed to get hash size 4 - Failed to get hash I'm still figuring out where to put it in your code. To have ESC key and when user hits OK just leaving the input box blank count as an attempt to login just comment out the following.Case $sPassword = ""If @error = 1 Then Return 0Yep worked great!Locking the mouse/keyboard sounds a bit harsh, why not just set that user to disabled , then once that user account has been investigated it can be reanabled or lock it out for a certain time or something. Yeah harsh I know but security wants this locked up so noone can use it. They don't have Windows authentication via AD enabled on such boxes hence the need to fully simulate it. We'll likely work out a compromise.
Thudo Posted July 23, 2010 Author Posted July 23, 2010 Ah gotcha.. If _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bPasswordHash or _Crypt_HashData($sPassword,$CALG_MD5)="0x"&$bMasterPasswordHash Then Return $sPasswordWorks great..
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now