Simple, Clean Password GUI with Password Validation

[Readysound]

I needed a simple, smart looking password prompt GUI that users would see when logging on, so got to work on AutoIt. Features are:

Locks Mouse Pointer Within GUI Preventing User From Clicking Anywhere Else

Borderless GUI With No Buttons So User Can't Close

GUI Always On Top, Warns User If No Password Entered

Verifies Password : Warns If Password Is Incorrect

Writes Password To %temp%\pw.txt In CLEAR TEXT (Be Sure To Delete From BAT Script For Example

Thought I'd share it. Code below (with comments). Don't forget to set the domain variable before running or you'll need to use Task Manager to close. You also need to create the JPG image for the background (details in comments).

I used this as part of a BAT script to collect and process the users password for a plugin that we purchased - however the plugin needs to be installed using the users credntials... long story! Bot the most secure way of handling the users password, so be sure to delete the output file when done.

expandcollapse popup

; -------------------------------------------------------------------------------------------------------
; GUI FOR USER PASSWORD PROMPT : 06/02/2011
; FEATURES :
;           Locks Mouse Pointer Within GUI Preventing User From Clicking Anywhere Else
;           Borderless GUI With No Buttons So User Can't Close
;           GUI Always On Top, Warns User If No Password Entered
;           Verifies Password : Warns If Password Is Incorrect
;           Writes Password To %temp%\pw.txt In CLEAR TEXT (Be Sure To Delete From BAT Script For Example
; -------------------------------------------------------------------------------------------------------

#NoTrayIcon
Opt("ExpandEnvStrings", 1)  ;  Makes DOS Env Variables Usable In AutoIt
FileInstall("MCPW.jpg","%temp%\MCPW.jpg",1)  ; Include GUI Background Image in Compiled EXE: 444 x 168 pixels
#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
#include <Misc.au3>
FileDelete('%temp%\pw.txt')  ;  Removes Output File If It Remains From Previous Run
#Region ### GUI ###
GUICtrlSetDefBkColor(0xFFFFFF)
$Form1 = GUICreate("TITLE - GUI", 445, 169, -1, -1,BitOR($WS_POPUP,$WS_BORDER), $WS_EX_TOPMOST)
$Pic1 = GUICtrlCreatePic("%temp%\MCPW.jpg", 0, 0, 444, 168, BitOR($SS_NOTIFY,$WS_GROUP,$WS_CLIPSIBLINGS))
GUICtrlSetState(-1, $GUI_DISABLE)
$Input1 = GUICtrlCreateInput("", 42, 120, 289, 24, $ES_PASSWORD)
GUICtrlSetFont(-1, 10, 400, 0, "Ariel")
GUICtrlSetBkColor(-1, 0xf6f6f6)
$Label1 = GUICtrlCreateLabel("Please Enter Your Windows Password", 52, 88, 358, 26)
GUICtrlSetFont(-1, 14, 800, 0, "Arial")
GUICtrlSetColor(-1, 0x001593)
GUICtrlSetBkColor(-1, 0xFFFFFF)
$Button1 = GUICtrlCreateButton("OK", 344, 120, 57, 25, $BS_DEFPUSHBUTTON)
GUISetState(@SW_SHOW)
#EndRegion ### END GUI###

$domain = "enter your domain here" ; Sets Domain variable for Auth Function
$username = "%username%" ; Sets Username variable for Auth Function

While 1
    $nMsg = GUIGetMsg()
    $coords = WinGetPos($Form1)
    _MouseTrap($coords[0]+10, $coords[1]+10, $coords[0] + $coords[2]-10, $coords[1] + $coords[3]-10) ; Traps the mouse in the GUI

    Switch $nMsg
        Case $Button1
            $pw = GUICtrlRead($Input1,0)
            If $pw <> "" Then  ;  If PW Text Was Entered...
                If _ValidUserPass($username,$domain,$pw) == "True" Then  ;  If Domain User Password Is Correct...
                    ToolTip("")  ;  Removes Any Tool Tips If Present
                    GUICtrlDelete($Input1)  ;  Removes The Input, Button and Label Controls...
                    GUICtrlDelete($Button1)
                    GUICtrlDelete($Label1)
                    $Label2 = GUICtrlCreateLabel("Thank You", 92, 90, 256, 64)  ;  Says Thank You In Place Of The Above Controls
                    GUICtrlSetFont(-1, 40, 400, 0, "Arial")
                    GUICtrlSetColor(-1, 0xC0C0C0)
                    GUICtrlSetBkColor(-1, 0xFFFFFF)
                    FileWrite( '%temp%\pw.txt', $pw)
                    FileDelete('%temp%\MCPW.jpg')  ;  Deletes Extracted Background JPG
                    Sleep(1500)  ;  Time To Show The Thank You Message
                    Exit
                Else  ;  Password Was Incorrect....
                    ToolTip("")
                    GUICtrlSetData($input1,"")
                    GUICtrlDelete($Label1)
                    $Label3 = GUICtrlCreateLabel("Incorrect Password:  Please Try Again", 52, 88, 358, 26)
                    GUICtrlSetFont(-1, 14, 800, 0, "Arial")
                    GUICtrlSetColor(-1, 0xFFFFFF)
                    GUICtrlSetBkColor(-1, 0xFFFFFF)
                    Sleep(100) ; Below Colour Entries Flash The Warning Text
                    GUICtrlSetColor(-1, 0xFFFFFF)
                    Sleep(100)
                    GUICtrlSetColor(-1, 0xFF0000)
                    Sleep(100)
                    GUICtrlSetColor(-1, 0xFFFFFF)
                    Sleep(100)
                    GUICtrlSetColor(-1, 0xFF0000)
                EndIf
            Else  ;  Password Text Was Not Entered
                ;  NOTE : Below ToolTip can't be set for a finite time, Need to use ToolTip("") to remove
                ToolTip("Please enter your Windows password" & @CRLF & "Blah blah blah blah" & @CRLF & "blah blah blah blah",$coords[0]+320,$coords[1]+143,"GUI Message:",1,1)
            EndIf
    EndSwitch
WEnd

; Function to validate Users password with AD
Func _ValidUserPass($user, $dom, $pass)
    Local $valid = True
    RunAs($user, $dom, $pass, 0, @ComSpec & " /c  echo test", @SystemDir, @SW_Hide)
    If @error Then $valid = False
    Return $valid
EndFunc

[MAS]

it's good

[spudw2k]

Password Authentication without using encryption or hashes equals bad security practices; I cannot stress this enough. It would be worth your while to look at the help file for the Crypt_Hash funcs.