Sign in to follow this  
Followers 0
FaridAgl

Secure online login for your script [Source Code].

13 posts in this topic

#1 ·  Posted (edited)

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
 
$Title = "Secure Online Login"
$Form_Login = GUICreate($Title, 251, 137)
$Label_Username = GUICtrlCreateLabel("Username:", 10, 10, 55, 15)
$Input_Username = GUICtrlCreateInput("", 10, 25, 121, 21)
GUICtrlSetLimit(-1, 15)
$Label_Password = GUICtrlCreateLabel("Password:", 10, 55, 53, 15)
$Input_Password = GUICtrlCreateInput("", 10, 70, 121, 21, $ES_PASSWORD)
$Button_Login = GUICtrlCreateButton("Login", 10, 100, 75, 25, $BS_DEFPUSHBUTTON)
$Button_BuyNow = GUICtrlCreateButton("Buy Now", 165, 100, 75, 25)
GUISetState(@SW_SHOW)
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Button_Login
If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($Input_Password) = "" Then ;If fields are empty don't proceed.
MsgBox(48, $Title, "Enter both Username & Password and then try again.", 0, $Form_Login)
Else
GUISetState(@SW_HIDE) ;Temporary hide GUI
SplashTextOn($Title, "Verifying Username && Password, please wait...", 300, 50, -1, -1, 33, "Comic Sans MS", 10)
If InetRead("http://yourdomain.com/users/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($Input_Password) Then ;If you typed your Username "demo" here, it will read this URL: http://yourdomain.com/users/demo.dat" and if the content readed is = GUICtrlRead($Input_Password) then ...
SplashOff()
GUIDelete($Form_Login)
ExitLoop
Else
SplashOff()
GUISetState(@SW_SHOW)
MsgBox(16, $Title, "Wrong Username or Password." & @CRLF & "Remember Username and Password are case sensitive.", 0, $Form_Login)
EndIf
EndIf
Case $Button_BuyNow
ShellExecute("http://www.autoitscript.com/forum/") ;Your site here!
EndSwitch
WEnd
;You should uplad a file like this: "YourUsername.dat", and this file should have your password in it.
;Sorry for bad english, correct me.

If you see any bug or weakness in this script plz post here coz i'm using it in one of my programs.

Edited by D4RKON3

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

#include <ButtonConstants.au3>
#include <EditConstants.au3>
#include <GUIConstantsEx.au3>
#include <StaticConstants.au3>
#include <WindowsConstants.au3>
 
$Title = "Secure Online Login"
$Form_Login = GUICreate($Title, 251, 137)
$Label_Username = GUICtrlCreateLabel("Username:", 10, 10, 55, 15)
$Input_Username = GUICtrlCreateInput("", 10, 25, 121, 21)
GUICtrlSetLimit(-1, 15)
$Label_Password = GUICtrlCreateLabel("Password:", 10, 55, 53, 15)
$Input_Password = GUICtrlCreateInput("", 10, 70, 121, 21, $ES_PASSWORD)
$Button_Login = GUICtrlCreateButton("Login", 10, 100, 75, 25, $BS_DEFPUSHBUTTON)
$Button_BuyNow = GUICtrlCreateButton("Buy Now", 165, 100, 75, 25)
GUISetState(@SW_SHOW)
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Button_Login
If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($Input_Password) = "" Then ;If these fields are empty then don't proceed.
MsgBox(48, $Title, "Enter both Username & Password, then try again.", 0, $Form_Login)
Else
GUISetState(@SW_HIDE) ;Temporary hide GUI
SplashTextOn($Title, "Verifying Username && Password, please wait...", 300, 50, -1, -1, 33, "Comic Sans MS", 10)
If InetRead("http://yourdomain.com/users/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($Input_Password) Then ;If you typed the Username "demo" here, it will read this URL: http://yourdomain.com/users/demo.dat" and if the content read is = GUICtrlRead($Input_Password) then ...
SplashOff()
GUIDelete($Form_Login)
ExitLoop
Else
SplashOff()
GUISetState(@SW_SHOW)
MsgBox(16, $Title, "Wrong Username or Password." & @CRLF & "Remember, Username and Password are case sensitive.", 0, $Form_Login)
EndIf
EndIf
Case $Button_BuyNow
ShellExecute("http://www.autoitscript.com/forum/") ;Your site here!
EndSwitch
WEnd
;You should upload a file like this: "YourUsername.dat", and this file should have your password in it.

Corrected some grammar and spelling.

EDIT: You should have the file encrypted on your site using some form of automated encryption key generation that is unique to each PC/Account. Then have the client decrypt and check the password.

Edited by rcmaehl

My UDFs are generally for me. If they aren't updated for a while, it means I'm not using them myself. As soon as I start using them again, they'll get updated.

MY PROJECTS


Active: IRC UDF, WindowEx UDF
Discontinued: GithubBubbleSort UDF

Share this post


Link to post
Share on other sites

tnx.

what do you think about security of this method? do you think it's easy to hack?

and what do you suggest to make it more secure?

Share this post


Link to post
Share on other sites

hi, how does it work?

i uploaded one bat file to my site as: test123.bat, and password in it test321, need any code in this test123.bat? or only password.. i mean: test321

???

please help :/

Share this post


Link to post
Share on other sites

I was using this code for a short period of time long time ago, it's not secure even if you are on a simple project!

I suggest you to create a php script on your server that takes the username and md5 of the password with the GET method, then validate it with the sql database and return the valid value, for example 1 if account is valid (using "echo 1;").

Take a look at InetRead too.

Share this post


Link to post
Share on other sites

I was using this code for a short period of time long time ago, it's not secure even if you are on a simple project!

I suggest you to create a php script on your server that takes the username and md5 of the password with the GET method, then validate it with the sql database and return the valid value, for example 1 if account is valid (using "echo 1;").

Take a look at InetRead too.

You're giving yourself advice now, or did you login with the wrong account.


AutoIt Absolute Beginners    Require a serial    Pause Script    Video Tutorials by Morthawt   ipify 

Monkey's are, like, natures humans.

Share this post


Link to post
Share on other sites

hm, i done with it after i posted here so im sorry, it working very well, i hope its safe.

Share this post


Link to post
Share on other sites

how to make this script cant duplicate login ?

Share this post


Link to post
Share on other sites

ClzTimothy, have you not read through the thread to see that this method is not safe? Even the script's creator has recognized the error of his ways.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0