Help on password-protecting a script

[allSystemsGo]

I set up many computers a week and have to download the same programs for them every time. So, to speed up the process I have wrote a script that will download them for me. However, some of the files and programs that are required rest on our server, so I would like to password protect this script. I have tried a method that I found in the forums...but it does not seem to be working for me. Please help!

#include <crypt.au3>

$sInput = InputBox(@ScriptName, "Enter your password...")
_AutoMD5_Data_Decrypt($sInput)
;;;from here the rest of the script works on getting the downloads
Func _AutoMD5_Data_Decrypt($sInput) ; Returns true if passwords match, or false if they don't.

Global $sPass = FileReadLine("\\server\folder\password.txt", 1) ; Retrieve the password via whatever method you choose to store it...actual directory changed for posting
_Crypt_Startup()
$sEncryptedInput = _Crypt_HashData($sInput, $CALG_MD5)
_Crypt_Shutdown()
If String($sEncryptedInput) = String($sPass) Then
Return True
Else
Return False
EndIf
EndFunc ;==>_AutoMD5_Data_Decrypt

The input box appears and I can type in a password...but even if it is wrong it still allows the script to continue. Also, if I click Cancel on the input box, it still allows the script to run.

This is what I used to generate the encryption and the _AutoMD5_Data_Decrypt Function...

expandcollapse popup

#include <Crypt.au3>

$vData = InputBox(@ScriptName, "Enter a password to encrypt.")
$sOutFile = FileSelectFolder("Select folder to output your encrypted key to.", "", 6)
If @error Then Exit
$sOutFile&="\EncryptedPass.txt"
_AutoMD5_Data_Create($vData, $sOutFile)
If msgbox(4 + 32 + 262144, @ScriptName, "Do you wish to view your encrypted key?") = 6 Then ShellExecute($sOutFile)
Exit

Func _AutoMD5_Data_Create($vData, $sOutFile)
    _Crypt_StartUp()
    $sEncryptedString = _Crypt_HashData($vData, $CALG_MD5)
    If $sEncryptedString = -1 Then
        msgbox(16 + 262144, @ScriptName, "Failed to create MD5 hash. Error in command. " & @error)
        Exit
    Else
        $hFile = FileOpen($sOutFile, 2)
        FileWrite($hFile, String($sEncryptedString) & @CRLF)
        FileClose($hFile)
    EndIf
    _Crypt_Shutdown()
    If msgbox(4 + 32 + 262144, @ScriptName, "Do you wish to test the output?") = 6 Then
        $sInput = InputBox(@ScriptName, "Enter your password...")
        _AutoMD5_Test_Decryption($sInput, $sEncryptedString, $sOutFile)
    EndIf
    _AutoMD5_Create_Commands($sOutFile)
    Return $sEncryptedString
EndFunc

Func _AutoMD5_Test_Decryption($sInput, $sEncryptedString, $sOutFile)
    _Crypt_Startup()
    $sInputEncryptedString = _Crypt_HashData($sInput, $CALG_MD5)
    _Crypt_Shutdown()
    If String($sInputEncryptedString) = String($sEncryptedString) Then
        msgbox(64 + 262144, @ScriptName, "WORKS!" &@LF&@LF& _
            "Encrypted Password Shows As: " & @TAB & $sEncryptedString &@LF&@LF& _
            "The Input Password Shows As: " & @TAB & $sInputEncryptedString)
    Else
        msgbox(64 + 262144, @ScriptName, "FAILED!" &@LF&@LF& _
        "Encrypted Password Shows As: " & @TAB & $sEncryptedString &@LF&@LF& _
            "The Input Password Shows As: " & @TAB & $sInputEncryptedString)
    EndIf
EndFunc

Func _AutoMD5_Create_Commands($sOutFile)
    $hFile = FileOpen($sOutFile, 1)
    FileWrite($hFile,  @CRLF & '#include <Crypt.au3>' & @CRLF & @CRLF & _
        '$sInput = InputBox(@ScriptName, "Enter your password...")' & @CRLF & @CRLF & _
        'Func _AutoMD5_Data_Decrypt($sInput) ; Returns true if passwords match, or false if they don''t.' & @CRLF & @TAB & _
        '$sPass = _Get_Stored_Encrypted_Password() ; Retrieve the password via whatever method you choose to store it.' & @CRLF & @TAB & _
        '_Crypt_Startup()' & @CRLF & @TAB & _
        '$sEncryptedInput = _Crypt_HashData($sInput, $CALG_MD5)' & @CRLF & @TAB & _
        '_Crypt_Shutdown()' & @CRLF & @TAB & _
        'If String($sInputEncryptedString) = String($sEncryptedString) Then' & @CRLF & @TAB & @TAB & _
        'Return True' & @CRLF & @TAB & _
        'Else' & @CRLF & @TAB & @TAB & _
        'Return False' & @CRLF & @TAB & _
        'EndIf' & @CRLF & _
        'EndFunc')
    FileClose($hFile)
EndFunc

[allSystemsGo]

How about adding something like this at the start of your script:

#Region --- CodeWizard generated code Start ---
;MsgBox features: Title=Yes, Text=Yes, Buttons=OK and Cancel, Icon=None
If Not IsDeclared("iMsgBoxAnswer") Then Local $iMsgBoxAnswer
$iMsgBoxAnswer = MsgBox(1,"test","custom text")
Select
Case $iMsgBoxAnswer = 1 ;OK
;Continue Script
Case $iMsgBoxAnswer = 2 ;Cancel
Exit

EndSelect
#EndRegion --- CodeWizard generated code End ---

It would help as far as the correct action when Cancel is clicked...but at this point I am more concerned about the actual password working.

[DOTCOMmunications]

Maybe it is just me but it looks like you are just returning true or false for the password and then not acting on that information to either end the script or continue its execution.

You might want to have it return something that you can then check with an If..Else.. statement to then either close the script with a message box or continue it (the code below is untested and based simply on your code)

#include
; Set to false so even if box is cancelled will return as password incorrect
Global $sReturn = "False"

$sInput = InputBox(@ScriptName, "Enter your password...")
_AutoMD5_Data_Decrypt($sInput)
If $sReturn = "False" Then
MsgBox(0, "", "Password incorrect")
Exit
Else
;;;from here the rest of the script works on getting the downloads
EndIf
Func _AutoMD5_Data_Decrypt($sInput) ; Returns true if passwords match, or false if they don't.

Global $sPass = FileReadLine("\\server\folder\password.txt", 1) ; Retrieve the password via whatever method you choose to store it...actual directory changed for posting
_Crypt_Startup()
$sEncryptedInput = _Crypt_HashData($sInput, $CALG_MD5)
_Crypt_Shutdown()
If String($sEncryptedInput) = String($sPass) Then
$sReturn = "True"
Else
$sReturn = "False"
EndIf
EndFunc ;==>_AutoMD5_Data_Decrypt

Edited February 25, 2013 by DOTCOMmunications

[allSystemsGo]

Maybe it is just me but it looks like you are just returning true or false for the password and then not acting on that information to either end the script or continue its execution.

You might want to have it return something that you can then check with an If..Else.. statement to then either close the script with a message box or continue it (the code below is untested and based simply on your code)

#include
; Set to false so even if box is cancelled will return as password incorrect
Global $sReturn = "False"

$sInput = InputBox(@ScriptName, "Enter your password...")
_AutoMD5_Data_Decrypt($sInput)
If $sReturn = "False" Then
MsgBox(0, "", "Password incorrect")
Exit
Else
;;;from here the rest of the script works on getting the downloads
EndIf
Func _AutoMD5_Data_Decrypt($sInput) ; Returns true if passwords match, or false if they don't.

Global $sPass = FileReadLine("\\server\folder\password.txt", 1) ; Retrieve the password via whatever method you choose to store it...actual directory changed for posting
_Crypt_Startup()
$sEncryptedInput = _Crypt_HashData($sInput, $CALG_MD5)
_Crypt_Shutdown()
If String($sEncryptedInput) = String($sPass) Then
$sReturn = "True"
Else
$sReturn = "False"
EndIf
EndFunc ;==>_AutoMD5_Data_Decrypt

Thanks for the help! However, this tells me that the password is incorrect either way. It doesn't let me get into the goods of the script, so thats a start...

[allSystemsGo]

Changed the key to an INI file, changed FileReadLine to INIRead and all is well!

[DOTCOMmunications]

Glad you got it working now, it might of been the CRLF at the end of the password in the encrypted file that was preventing it from verifying, you could of stripped that and whitespace out of both strings to make sure (just guessing that was the cause as i have had this happen to me when comparing strings before)

Edited February 25, 2013 by DOTCOMmunications