FaridAgl Posted September 12, 2011 Posted September 12, 2011 (edited) expandcollapse popup#include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $Title = "Secure Online Login" $Form_Login = GUICreate($Title, 251, 137) $Label_Username = GUICtrlCreateLabel("Username:", 10, 10, 55, 15) $Input_Username = GUICtrlCreateInput("", 10, 25, 121, 21) GUICtrlSetLimit(-1, 15) $Label_Password = GUICtrlCreateLabel("Password:", 10, 55, 53, 15) $Input_Password = GUICtrlCreateInput("", 10, 70, 121, 21, $ES_PASSWORD) $Button_Login = GUICtrlCreateButton("Login", 10, 100, 75, 25, $BS_DEFPUSHBUTTON) $Button_BuyNow = GUICtrlCreateButton("Buy Now", 165, 100, 75, 25) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button_Login If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($Input_Password) = "" Then ;If fields are empty don't proceed. MsgBox(48, $Title, "Enter both Username & Password and then try again.", 0, $Form_Login) Else GUISetState(@SW_HIDE) ;Temporary hide GUI SplashTextOn($Title, "Verifying Username && Password, please wait...", 300, 50, -1, -1, 33, "Comic Sans MS", 10) If InetRead("http://yourdomain.com/users/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($Input_Password) Then ;If you typed your Username "demo" here, it will read this URL: http://yourdomain.com/users/demo.dat" and if the content readed is = GUICtrlRead($Input_Password) then ... SplashOff() GUIDelete($Form_Login) ExitLoop Else SplashOff() GUISetState(@SW_SHOW) MsgBox(16, $Title, "Wrong Username or Password." & @CRLF & "Remember Username and Password are case sensitive.", 0, $Form_Login) EndIf EndIf Case $Button_BuyNow ShellExecute("http://www.autoitscript.com/forum/") ;Your site here! EndSwitch WEnd ;You should uplad a file like this: "YourUsername.dat", and this file should have your password in it. ;Sorry for bad english, correct me. If you see any bug or weakness in this script plz post here coz i'm using it in one of my programs. Edited September 12, 2011 by D4RKON3 http://faridaghili.ir
rcmaehl Posted September 12, 2011 Posted September 12, 2011 (edited) expandcollapse popup#include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <WindowsConstants.au3> $Title = "Secure Online Login" $Form_Login = GUICreate($Title, 251, 137) $Label_Username = GUICtrlCreateLabel("Username:", 10, 10, 55, 15) $Input_Username = GUICtrlCreateInput("", 10, 25, 121, 21) GUICtrlSetLimit(-1, 15) $Label_Password = GUICtrlCreateLabel("Password:", 10, 55, 53, 15) $Input_Password = GUICtrlCreateInput("", 10, 70, 121, 21, $ES_PASSWORD) $Button_Login = GUICtrlCreateButton("Login", 10, 100, 75, 25, $BS_DEFPUSHBUTTON) $Button_BuyNow = GUICtrlCreateButton("Buy Now", 165, 100, 75, 25) GUISetState(@SW_SHOW) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $Button_Login If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($Input_Password) = "" Then ;If these fields are empty then don't proceed. MsgBox(48, $Title, "Enter both Username & Password, then try again.", 0, $Form_Login) Else GUISetState(@SW_HIDE) ;Temporary hide GUI SplashTextOn($Title, "Verifying Username && Password, please wait...", 300, 50, -1, -1, 33, "Comic Sans MS", 10) If InetRead("http://yourdomain.com/users/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($Input_Password) Then ;If you typed the Username "demo" here, it will read this URL: http://yourdomain.com/users/demo.dat" and if the content read is = GUICtrlRead($Input_Password) then ... SplashOff() GUIDelete($Form_Login) ExitLoop Else SplashOff() GUISetState(@SW_SHOW) MsgBox(16, $Title, "Wrong Username or Password." & @CRLF & "Remember, Username and Password are case sensitive.", 0, $Form_Login) EndIf EndIf Case $Button_BuyNow ShellExecute("http://www.autoitscript.com/forum/") ;Your site here! EndSwitch WEnd ;You should upload a file like this: "YourUsername.dat", and this file should have your password in it. Corrected some grammar and spelling. EDIT: You should have the file encrypted on your site using some form of automated encryption key generation that is unique to each PC/Account. Then have the client decrypt and check the password. Edited September 12, 2011 by rcmaehl My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.My Projects WhyNotWin11Cisco Finesse, Github, IRC UDF, WindowEx UDF
FaridAgl Posted September 13, 2011 Author Posted September 13, 2011 tnx. what do you think about security of this method? do you think it's easy to hack? and what do you suggest to make it more secure? http://faridaghili.ir
retaly Posted September 29, 2012 Posted September 29, 2012 hi, how does it work? i uploaded one bat file to my site as: test123.bat, and password in it test321, need any code in this test123.bat? or only password.. i mean: test321 ??? please help :/
JohnOne Posted September 29, 2012 Posted September 29, 2012 Weaknesses - It's a simple matter of looking at which url your script reads, and opening it in a browser to view usernames and passwords. Store encrypted usernames and passwords in an sql database. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
FaridAgl Posted September 29, 2012 Author Posted September 29, 2012 I was using this code for a short period of time long time ago, it's not secure even if you are on a simple project! I suggest you to create a php script on your server that takes the username and md5 of the password with the GET method, then validate it with the sql database and return the valid value, for example 1 if account is valid (using "echo 1;"). Take a look at InetRead too. http://faridaghili.ir
JohnOne Posted September 29, 2012 Posted September 29, 2012 I was using this code for a short period of time long time ago, it's not secure even if you are on a simple project!I suggest you to create a php script on your server that takes the username and md5 of the password with the GET method, then validate it with the sql database and return the valid value, for example 1 if account is valid (using "echo 1;").Take a look at InetRead too.You're giving yourself advice now, or did you login with the wrong account. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
FaridAgl Posted September 29, 2012 Author Posted September 29, 2012 Wut?! I posted the script in the first post about 1 year ago. http://faridaghili.ir
JohnOne Posted September 29, 2012 Posted September 29, 2012 Wut?!I posted the script in the first post about 1 year ago.So you did, Now don't I look foolish.<stares at floor and shuffles feet>Sorry D4RKON3. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
retaly Posted September 29, 2012 Posted September 29, 2012 hm, i done with it after i posted here so im sorry, it working very well, i hope its safe.
FaridAgl Posted September 29, 2012 Author Posted September 29, 2012 It's not safe, as I said. http://faridaghili.ir
ClzTimothy Posted March 17, 2013 Posted March 17, 2013 how to make this script cant duplicate login ?
Moderators JLogan3o13 Posted March 18, 2013 Moderators Posted March 18, 2013 ClzTimothy, have you not read through the thread to see that this method is not safe? Even the script's creator has recognized the error of his ways. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now