Iceman682 Posted November 1, 2012 Share Posted November 1, 2012 (edited) expandcollapse popup#include <AD.au3> #include <TreeviewConstants.au3> #include <WindowsConstants.au3> #include <GUIConstants.au3> #include <GuiTreeView.au3> #include <ButtonConstants.au3> #include <GUIConstantsEx.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <StaticConstants.au3> #include <GUIButton.au3> #include <GuiToolTip.au3> #include <Process.au3> #include <Crypt.au3> Global $LoginGUI, $tCancel, $tStart, $tPassword, $Input_Username $Title = "Login" $LoginGUI = GUICreate($Title, 225, 180, -1, -1, $WS_DLGFRAME) GUICtrlCreateLabel("Internet Connection Required!", 5, 5, 180, 17) GUICtrlSetFont(-1, 9, 800, 0, "MS Sans Serif") GUICtrlSetColor(-1, 0xff0000) ; Red GUICtrlCreateLabel("User Name:", 5, 30) $Input_Username = GUICtrlCreateInput("", 65, 25, 155, 20) GUICtrlSetTip(-1, "Case Sensitive", "", 0, 1) GUICtrlCreateLabel("Password:", 5, 55) $tPassword = GUICtrlCreateInput("", 65, 50, 155, 20, $ES_PASSWORD) GUICtrlSetTip(-1, "Case Sensitive", "", 0, 1) $tCancel = GUICtrlCreateButton(" Cancel", 5, 75, 100, 64) GUICtrlSetImage(-1, "shell32.dll", 28) $tStart = GUICtrlCreateButton("Login", 120, 75, 100, 64) GUICtrlSetImage(-1, "shell32.dll", 48) GUISetState() GUICtrlSetState($tStart, $GUI_DEFBUTTON) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE, $tCancel Exit Case $tStart If GUICtrlRead($Input_Username) = "" Or GUICtrlRead($tPassword) = "" Then ;If these fields are empty then don't proceed. MsgBox(0, "Whoops!", "Enter both Username & Password, then try again.", 0, $LoginGUI) Else GUISetState(@SW_HIDE) ;Temporary hide GUI SplashTextOn($Title, "Verifying Username && Password, please wait...", 320, 50, -1, -1, 33, "Comic Sans MS", 10) If InetRead("http://AWebsite.com/" & GUICtrlRead($Input_Username) & ".dat", 1) = _Crypt_HashData GUICtrlRead($tPassword, $CALG_MD5) Then SplashOff() GUIDelete($LoginGUI) ExitLoop Else SplashOff() GUISetState(@SW_SHOW) MsgBox(0, "Login Failure", "Wrong Username or Password." & @CRLF & "Remember, Username and Password are case sensitive.", 0, $LoginGUI) EndIf EndIf EndSwitch WEndHi EveryoneI am trying to get my login part of my script to read the hash password on my my website. I have tried all permitations and I'm unable to get it to work.I have a funny feeling I'm way off base. Reading a plain text password is fine with this:If InetRead("http://AWebsite.com/" & GUICtrlRead($Input_Username) & ".dat", 1) = GUICtrlRead($tPassword) ThenIf there is a better way to control passwords I would love to know how this can be done.Any assistance most welcome.BTW: has anyone come across while running a script everything works fine, expected results are correct but after you have complied it including obfuscator, running the compiled exe gives different results? Edited November 1, 2012 by Iceman682 Link to comment Share on other sites More sharing options...
FireFox Posted November 1, 2012 Share Posted November 1, 2012 Hi, If the password stored is encrypted with a non reversing algorithm (like MD5), you must check the password stored on the DB and compare it to the encrypted password with the same algorithm, which is what you did. Br, FireFox. Link to comment Share on other sites More sharing options...
Iceman682 Posted November 1, 2012 Author Share Posted November 1, 2012 The hash is stored in a dat file I.e username.dat. How can I get it to read the hash password contained in the dat file? Link to comment Share on other sites More sharing options...
FireFox Posted November 1, 2012 Share Posted November 1, 2012 The hash is stored in a dat file I.e username.dat. How can I get it to read the hash password contained in the dat file?The best way would to use a database combined with sqlite udf/make a get request to have the password.But it's more a database question than an autoit one.Br, FireFox. Link to comment Share on other sites More sharing options...
dany Posted November 1, 2012 Share Posted November 1, 2012 I agree with FireFox that a database would be a better place to store passwords, files named after the users are dead giveaways... But ok. If you've stored the hash as a hexadecimal string then I'm guessing InetRead is seeing the hash as plaintext and returns that in binary format, e.g. converts each individual hex character to a byte: Global $bTest = _Crypt_HashData('a test pass phrase...', $CALG_MD5) MsgBox(0, 'Binary and Hex String', $bTest & @CRLF & Hex($bTest)) ; How the hash looks, note the 0x. MsgBox(0, 'Binary and Hex String cast as Binary', $bTest & @CRLF & Binary(Hex($bTest))) ; How InetRead returns the hash. MsgBox(0, 'Binary compared to Hex String cast as Binary', $bTest = Binary(Hex($bTest))) ; False. In that case you'll first have to convert the return value of InetRead back to a plaintext string with BinaryToString, prepend '0x' and cast to binary again. Then compare with the return value of _Crypt_HashData. [center]Spiderskank Spiderskank[/center]GetOpt Parse command line options UDF | AU3Text Program internationalization UDF | Identicon visual hash UDF Link to comment Share on other sites More sharing options...
Iceman682 Posted November 2, 2012 Author Share Posted November 2, 2012 Many thanks for the information, I had no idea this was a viable route and I would have no idea where to start with storing credentails in a database, could someone point me in the right direction or give an example? The only database I have access to is one supplied by my website hosting company, could this be used? Link to comment Share on other sites More sharing options...
FireFox Posted November 2, 2012 Share Posted November 2, 2012 The only database I have access to is one supplied by my website hosting company, could this be used?Of course. Link to comment Share on other sites More sharing options...
Iceman682 Posted November 3, 2012 Author Share Posted November 3, 2012 Anyone able to assist please? Link to comment Share on other sites More sharing options...
FireFox Posted November 3, 2012 Share Posted November 3, 2012 Anyone able to assist please?For what? Link to comment Share on other sites More sharing options...
Iceman682 Posted November 3, 2012 Author Share Posted November 3, 2012 (edited) As pointed out in post #6 I have no idea where to start could someone point me in the right direction? Edited November 3, 2012 by Iceman682 Link to comment Share on other sites More sharing options...
FireFox Posted November 4, 2012 Share Posted November 4, 2012 As pointed out in post #6 I have no idea where to start could someone point me in the right direction?Maybe you should start by learning how to store password in a database (quite easy) with some php and mysql.Then do as I said in the post #4.Br, FireFox. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now