sak Posted March 9, 2011 Posted March 9, 2011 (edited) hi! You're try. Your password = 'AutoIt' If password ok. It's run Calculator program. #NoTrayIcon Opt("MustDeclareVars", 1) LoginPassword() Func LoginPassword() Local $VarWord, $RetWord, $Pass = 'AutoIt' While 1 $RetWord = InputBox("Password Confirm", "Enter:Your Password", Default, "*", 200, 100, 370, 300) Select Case @error ExitLoop Case $RetWord = '' MsgBox(0, "", "Please push password in to the inputbox.") Case $RetWord <> $Pass MsgBox(48, "", "Password corret.") Case Else MsgBox(64, "", "Password ok.") Run("Calc.exe") ExitLoop EndSelect WEnd EndFunc Edited March 9, 2011 by sak
spudw2k Posted March 9, 2011 Posted March 9, 2011 This is a more Secure Login mechanism straight from the help file. #include <Crypt.au3> ; Example of hashing data and using it to authenticate password ; This is the MD5-hash of the correct password $bPasswordHash="0xCE950A8D7D367B5CE038E636893B49DC" $sPassword=InputBox("Login","Please type the correct password.","Yellow fruit that is popular among monkeys") If _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHash Then MsgBox(64,"Access Granted","Password correct!") Else MsgBox(16,"Access Denied","You entered the wrong password!") EndIf Never embed a cleartext password in a script. At the very least encrypt it, but using a hash is the most secure. Reveal hidden contents Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
Charlz Posted March 10, 2011 Posted March 10, 2011 whats wrong with using something like $pass = InputBox ("","input password","","*") if $pass = "password" Then MsgBox (1,"","correct") Else Exit EndIf (hey, I am relatively new here, but I would love any suggestions! ) BTW is it possible to create a "username - password" database which Autoit could read from, and others could create new "accounts"?
spudw2k Posted March 10, 2011 Posted March 10, 2011 (edited) On 3/10/2011 at 12:01 AM, 'Charlz said: whats wrong with using something like $pass = InputBox ("","input password","","*") if $pass = "password" Then MsgBox (1,"","correct") Else Exit EndIf AutoIt Scripts are not secure. Anyone smart enough to examine the source code will see your "password". A Hash is calculated, so even if a smart guy gets the source with the hash value, it doesn't tell them what password was used to create it. On 3/10/2011 at 12:01 AM, 'Charlz said: BTW is it possible to create a "username - password" database which Autoit could read from, and others could create new "accounts"? Sure, you could use SQLLite or ADODB. There are several examples to working with DBs that can be found by searching. Edited March 10, 2011 by spudw2k Reveal hidden contents Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
Charlz Posted March 11, 2011 Posted March 11, 2011 aaaahhhh... I understand now... Thanks, apparently I have much to learn
sak Posted March 11, 2011 Author Posted March 11, 2011 On 3/9/2011 at 7:17 AM, 'sak said: hi! Invite you to experiment more. Your password = 'AutoIt' If the correct password. 'll Run the calculator. #NoTrayIcon Opt("MustDeclareVars", 1) LoginPassword() Func LoginPassword() Local $VarWord, $RetWord, $Pass = 'AutoIt' While 1 $RetWord = InputBox("Password Confirm", "Enter:Your Password", Default, "*", 200, 100, 370, 300) Select Case @error ExitLoop Case $RetWord = '' MsgBox(0, "", "Please enter your password in the box.") Case $RetWord <> $Pass MsgBox(48, "", "The password is incorrect .. Try.") Case Else MsgBox(64, "", "The correct password.") Run("Calc.exe") ExitLoop EndSelect WEnd EndFunc
sak Posted March 11, 2011 Author Posted March 11, 2011 If I posted the message and not be meaningful to apologize for mistakes. Because not know English.
stray Posted July 1, 2011 Posted July 1, 2011 On 3/9/2011 at 7:31 PM, 'spudw2k said: This is a more Secure Login mechanism straight from the help file. #include <Crypt.au3> ; Example of hashing data and using it to authenticate password ; This is the MD5-hash of the correct password $bPasswordHash="0xCE950A8D7D367B5CE038E636893B49DC" $sPassword=InputBox("Login","Please type the correct password.","Yellow fruit that is popular among monkeys") If _Crypt_HashData($sPassword,$CALG_MD5)=$bPasswordHash Then MsgBox(64,"Access Granted","Password correct!") Else MsgBox(16,"Access Denied","You entered the wrong password!") EndIf Never embed a cleartext password in a script. At the very least encrypt it, but using a hash is the most secure. you're saying to save the hash right above it? you know they can use your next few lines using _Crypt_HashData with a param used $CALG_MD5. they know what you used to get that hash.
spudw2k Posted July 1, 2011 Posted July 1, 2011 (edited) On 7/1/2011 at 8:26 PM, 'stray said: you're saying to save the hash right above it?you know they can use your next few lines using _Crypt_HashData with a param used $CALG_MD5. they know what you used to get that hash.In this particular example yes, but I wouldn't recommend leaving the correct password as the default for the inputbox. edit: in fact, you wouldn't want any default...right?You don't even have to store the hash in the script if you don't want too.All depends on the end goal I 'spose. This was just a lesson in storing secure passwords. Edited July 5, 2011 by spudw2k Reveal hidden contents Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
Deskoft Posted July 9, 2011 Posted July 9, 2011 On 7/1/2011 at 11:36 PM, 'spudw2k said: In this particular example yes, but I wouldn't recommend leaving the correct password as the default for the inputbox. edit: in fact, you wouldn't want any default...right?You don't even have to store the hash in the script if you don't want too.All depends on the end goal I 'spose. This was just a lesson in storing secure passwords.Aren't compiled scripts (.exe) relatively safe?
Developers Jos Posted July 9, 2011 Developers Posted July 9, 2011 On 7/9/2011 at 4:00 PM, 'Deskoft said: Aren't compiled scripts (.exe) relatively safe?Lets be clear: NO SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now