Jump to content
Sign in to follow this  
MyEarth

Best - Secure way to store passwords

Recommended Posts

Hi, someone is so gentle to show me the Best - Secure way to store locally a passwords saved from a basic InpuBox()?

I have read to don't store the password in the compiled script but put the password crypted in a file, but not in as plain text can be easyly opened :D

Thanks to all

Edited by MyEarth

Share this post


Link to post
Share on other sites

Did you try a forum search? If you had you would have found this thread that was just opened.

 

'?do=embed' frameborder='0' data-embedContent>>


"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

Never ever store passwords. Store only salted hashes.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

Yes write the password with FileWrite(@ScriptDir & "file.ext", GuiCtrlRead($input)) wasn't a good idea :D

"Store only salted hashes", can you show me how to do? And this is the secure way to store a password? Thanks

Share this post


Link to post
Share on other sites

Obviously you didn't read through it very well. There were several other options, such as using _Crypt functions and writing a hash to the registry.


"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Share this post


Link to post
Share on other sites

Wait, i don't need to mix the crypt UDF for crypt the password and the save it on a file using a salted hashes?

Or i can write directly the crypted password on the file? Don't seems a good idea.

I have some language problem because i'm not a english mother language so, if possible, i prefer something i can read like an example. Thanks to all for the help.

Edited by MyEarth

Share this post


Link to post
Share on other sites

A basic Google search on "store password hash salt" easily points to countless good explanations and informative pages. For instance this one.

You can probably read from there or perform a similar search in your native language.


This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.
Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe here
RegExp tutorial: enough to get started
PCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta.

SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.
SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.
An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.
SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)
A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!
SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt)

Share this post


Link to post
Share on other sites

jchd i don't have found nothing in my language :(

Anyway this are the results of my research.

This script is do with the classic _Crypt UDF:

#include <Crypt.au3>

_Crypt_Startup()

$aPass = "My Password" ; testing purporse
$hKey = _Crypt_DeriveKey($aPass, $CALG_AES_256)
$bEncrypted = _Crypt_EncryptData($aPass, $hKey, $CALG_AES_256)
$bDeCrypted = BinaryToString(_Crypt_DecryptData($bEncrypted, $hKey, $CALG_AES_256))

MsgBox(0, "Crypted", $bEncrypted)
MsgBox(0, "Decrypted", $bDeCrypted)

_Crypt_DestroyKey($hKey)
_Crypt_Shutdown()

And this with the password hash salt:

#include <Crypt.au3>

$aPass = "My Password" ; testing purporse
$aHash = _HashPassword($aPass)
MsgBox(0, "Crypted", $aHash)

If _CheckPassword($aPass, $aHash) = True Then
    MsgBox(0, "Decrypted", "Well done")
Else
    MsgBox(0, "Wrong Password", "Something goes wrong")
EndIf

Func _HashPassword($inPwd, $inSalt = "", $sDelimitator = "|", $inSalt_Number = 40)
    Local Const $CALG_SHA512 = 0x0000800e
    Local $sSalt, $sHash, $sPassword
    Local $sPassword = StringStripWS($inPwd, 3)
    Local $aSalt = StringSplit("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", "")
    If $inSalt = "" Then
        For $i = 1 To $inSalt_Number
            $sSalt &= $aSalt[Random(1, $aSalt[0], 1)]
        Next
    Else
        $sSalt = $inSalt
    EndIf
    _Crypt_Startup()
    $sHash = $sPassword & $sSalt
    For $i = 1 To 256
        $sHash = _Crypt_HashData($sHash, $CALG_SHA512)
        If $sHash = -1 Then
            Return SetError(-1, 0, 0)
        Else
            $sHash = StringMid($sHash, 3)
        EndIf
    Next
    _Crypt_Shutdown()
    Return $sHash & $sDelimitator & $sSalt
EndFunc   ;==>_HashPassword

Func _CheckPassword($inPwd, $inHash, $sDelimitator = "|")
    Local $sHash, $sSalt
    $aHash = StringSplit($inHash, $sDelimitator)
    If Not IsArray($aHash) Or $aHash[0] <> 2 Then Return SetError(1, 0, 0)
    $sHash = $aHash[1]
    $sSalt = $aHash[2]
    If _HashPassword($inPwd, $sSalt, $sDelimitator) <> $inHash Then Return SetError(2, 0, 0)
    Return True
EndFunc   ;==>_CheckPassword

You guys are absolutely more expert then me, so what do you think? I'll should use the hash salt? Is both well coded or there are errors? What is the most secure?

Edited by MyEarth

Share this post


Link to post
Share on other sites

I have edited the hash salt function, i have forget to add the custom delimitator when decrypt the password and i have add SetError instead of Return False

My questions are always the same:

 

You guys are absolutely more expert then me, so what do you think? I'll should use the hash salt? Is both well coded or there are errors? What is the most secure?

Thanks to anyone what to partecipate

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Stormgrade
      Hello.
      I'm french, sorry for my english.
      I release my project, a password manager : Password Keeper
      First I would like to thanks Guinness and Melba23 for their help, and I'm very sorry for those I forget, please remind me to add you.
      Well my program manage and crypt passwords, first I understand if you don't trust me for this kind of sensible software, but I remember you that all the the source files are at your disposal, fell free to explore them.
      The login is : admin and you can change it later
      How it work ? see Methode de cryptage en BDD.pdf in french
      login

       
      The main interface
      You can obviously add,modify and delete your entry, also you can search with keywords

      A password generator is included

      I won't update it anymore.
      It's a BSD license.
      Autoit version : 3.3.14.5
      Have a good day.
      Methode de cryptage en BDD.pdf Passwordkeeper.7z
    • By nacerbaaziz
      hello all, and welcome to this tool
      the NB-Password_generator is a small tool which allow you to create a strong passwords
      with this tool you can create a random passwords using :
      1. capital letters
      2. small letters
      3. numbers
      4. symbols
      be sure that you can check any option that  you want and uncheck what you don't want to use
      this tool allow you to create a password from 6 letters to 150 lettersNB-Password_generator.zip
      at the end please accept my greetings
      am waiting for your commants
    • By Gowrisankar
      Dear members of the forum,
      I need to open excel files that may or may not need a password and finally move the files that needs password to manual queue.
      Is there a fastest way to do this?
       
      PS: I have a huge respect for the rules of this forum. I am not asking assistance to override any security measure. I just need to segregate the files that needs passwords.
    • By t0nZ
      Today I want to share this little project made to check and  notify the expiration of domain users password, in a Microsoft domain.
      Briefly, the script check users domain password expiration and takes actions.
      The script can work on multiple domain groups, taking different actions for every group, there is an .ini file with some options.
      Groups to be checked are defined in the .ini, and the groups must contain only users no other groups.
      The list of users of every group is obtained and if the password expiration in (remaining) days is matched (two possibilities) an email is sent.
      It can be a mail sent directly to the user (ini file : tomail=user) or it can be a mail sent to only one address (ini file : tomail=the@mail.it) (like domain admins...) and in this case the mail contains a report with the users approaching expiration.
      An operation log is always generated.
      In the ini (also the posted one) you can set to have no mail sent (for testing) and/or to have a GUI, but also the GUI is intended only for test, this script is scheduled on a server not logged in, so normally no GUI .
      Update 2018/03/16 : added switch to reset the password expiration, useful if you have for example an user (or 500) with psw expiration withing 3 days and you want to restore expiration within 90 days WITHOUT changing password.
      Used the way as advised by Microsoft  (see the link), but with sth AD.au3 , the fantastic Active Directory UDF
      # First change the pwdlastset to 0 because Microsoft wants it this way $todouser.pwdLastSet = 0 Set-ADUser -Instance $todouser # Change the pwdlastset to the current date/time of the associate DC $todouser.pwdLastSet = -1 Set-ADUser -Instance $todouser Why you should act this way ? Big companies have strange policies listen to me ...
      The code:
      #Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_Icon=Icone\Faenza\117.ico #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** ; PEG ; Password Expiration Guardian ; (C) NSC 2018 ; check user domain password expiration and takes actions ; the script can work on multiple domain groups, taking differente actions for every group. ; the groups must contains only users no other groups ; the list of users of every group is obtained and if the password expiration in day is matched (two possibilities) an email is sent. ; It can be a mail sent directly to the user (ini file : tomail=user) ; or it can be a mail sent to only one address (ini file : tomail=the@mail.it) ; and in this case the mail contains a report with the users approaching expiration ; V.0.5 check based on one domain group ; V.1.0 ini file and check based on multiple domain groups ; V.1.5 ini file with general section to activate "test" GUI, and to enable disable mail send ; V.1.6 march 2018 italian "home made" translation of days and months in date ; V.1.7 added flag pwdLastSet to reset pass expiration - intended to use like a one time on/off switch to reset psw expiration #include <AD.au3> #include <File.au3> #include <GuiEdit.au3> #include <_zip.au3> #include <Date.au3> #include <Inet.au3> #include <GUIConstantsEx.au3> #include <GuiEdit.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <Debug.au3> Global $appname = "PEG", $appver = "V.1.7" Global $inifile = @ScriptDir & "\" & $appname & ".ini" Global $geleft = 5, $getop = 5, $gewidth = 790, $geheight = 540 Global $gollogcount = 0, $lastlog = "sicrlf", $cachelog = "", $guititle = "PEG " & $appver, $Gollogedit, $logfile = @ScriptDir & "\" & $appname & "_LOG_", $months2NOTzip = 3 Global $INIgroup, $INItomail, $INImailsubject, $INIsmpt, $INIfromname, $INIfromaddress, $INIdays1, $INIdays2, $INItosend, $arrayINIsections, $guiactive, $flagITA, $flagpwdLastSet ; START program GOLLOG(">>>>>> " & $appname & " " & $appver & " START >>>>>>") CFGctrl() If $guiactive = 1 Then GUI() $groupnumber = 0 While $groupnumber < $arrayINIsections[0] $groupnumber += 1 If $arrayINIsections[$groupnumber] <> "general" Then CFGload($arrayINIsections[$groupnumber]) loaduserS() EndIf WEnd If $guiactive = 1 Then While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE GOLLOG("<<<< STOP <<<<") Exit EndSwitch WEnd EndIf GOLLOG("<<<<<< PEG STOP <<<<<<<") Exit ;STOP program Func GUI() GUICreate($guititle, 800, 560, 100, 200, -1) GUISetBkColor(0x693F54) ; will change background color $Gollogedit = GUICtrlCreateEdit("", $geleft, $getop, $gewidth, $geheight, BitOR($ES_AUTOVSCROLL, $ES_AUTOHSCROLL, $ES_WANTRETURN, $WS_BORDER, $WS_VSCROLL)) GUICtrlSetBkColor(-1, 0xC7BBC1) GUICtrlSetData(-1, "" & @CRLF) GUICtrlSetFont(-1, 9, 800, 0, "consolas") GUICtrlSetColor(-1, 0x090608) GUISetState(@SW_SHOW) GOLLOG("PEG " & $appver & " gui STARTED") EndFunc ;==>GUI Func loaduserS() GOLLOG("workin on group: " & $INIgroup) Local $Nscad = 0 Dim $report[1] = ["Report:"] Local $singlereport = "" Local $usermail = "" Local $username = "" Local $datediff = "" Local $arrayuserpsw Local $iErr _AD_Open() $search1 = _AD_GetGroupMembers($INIgroup) ;$search1 = _AD_RecursiveGetGroupMembers($INIgroup); testing recursive .. in the future maybe If @error = 0 Then Local $conta1 = 0 While $search1[0] > $conta1 $conta1 += 1 $arrayuserpsw = _AD_GetPasswordInfo($search1[$conta1]) $datediff = _DateDiff("D", _NowCalc(), $arrayuserpsw[9]) GOLLOG("USER: " & $search1[$conta1]) GOLLOG("Password expires on: " & $arrayuserpsw[9] & " in " & $datediff & " days") If $datediff = $INIdays1 Or $datediff = $INIdays2 Then GOLLOG("expiration match !") If $INItomail = "user" Then ; this IF is relative to .ini file parameter TOSEND $usermail = _AD_GetObjectAttribute($search1[$conta1], "mail") GOLLOG("sending mail to: " & $usermail) If $flagITA = 1 Then $dataITA = dataITA($arrayuserpsw[9]) Else $dataITA = _DateTimeFormat($arrayuserpsw[9], 1) EndIf Dim $report[1] = ["La tua password scadra' " & $dataITA & ", entro " & $datediff & " giorni."] _ArrayAdd($report, "Modificala per tempo !") If $INItosend = 0 Then GOLLOG("Not sent mail " & $Nscad & ": ") GOLLOG("from :" & $INIfromname & " | " & $INIfromaddress) GOLLOG("to :" & $usermail & " | subject: " & $INImailsubject) Local $reporttext = _ArrayToString($report) GOLLOG("text :" & $reporttext) Else Local $iResponse = _INetSmtpMail($INIsmpt, $INIfromname, $INIfromaddress, $usermail, $INImailsubject, $report, "EHLO " & @ComputerName, "-1") ; perla pearl mail send HS smtp (ehlo required) $iErr = @error If $iResponse = 1 Then GOLLOG("Success! " & "Mail to user sent") Else GOLLOG("Error! " & "Mail failed with error code " & $iErr) EndIf EndIf Else $username = _AD_GetObjectAttribute($search1[$conta1], "displayname") _ArrayAdd($report, "USER: " & $username) _ArrayAdd($report, "Password expires on: " & $arrayuserpsw[9] & " in " & $datediff & " days") $Nscad += 1 If $flagpwdLastSet = 1 Then ; warning : auto pass set GOLLOG("Re-set password expiration for " & $search1[$conta1]) If _AD_ModifyAttribute($search1[$conta1], "pwdLastSet", "0") Then GOLLOG("pwdLastSet to 0 - OK") Else GOLLOG("pwdLastSet to 0 - ERROR " & @error) EndIf If _AD_ModifyAttribute($search1[$conta1], "pwdLastSet", "-1") Then GOLLOG("pwdLastSet to -1 - OK") Else GOLLOG("pwdLastSet to -1 - ERROR " & @error) EndIf EndIf EndIf EndIf WEnd If $Nscad > 0 And $INItomail <> "user" Then _ArrayAdd($report, $Nscad & " user passwords near expiration") If $INItosend = 0 Then GOLLOG("Not sent mail " & $Nscad & ": ") GOLLOG("from :" & $INIfromname & " | " & $INIfromaddress) GOLLOG("to :" & $INItomail & " | subject: " & $INImailsubject) Local $reporttext = _ArrayToString($report) GOLLOG("text :" & $reporttext) Else Local $iResponse = _INetSmtpMail($INIsmpt, $INIfromname, $INIfromaddress, $INItomail, $INImailsubject, $report, "EHLO " & @ComputerName, "-1") ; perla pearl mail send HS smtp (ehlo required) Local $iErr = @error If $iResponse = 1 Then GOLLOG("Success! " & "Mail sent") Else GOLLOG("Error! " & "Mail failed with error code " & $iErr) EndIf EndIf EndIf GOLLOG("checked n° " & $conta1 & " users") Else GOLLOG("error in user search " & @error) EndIf _AD_Close() EndFunc ;==>loaduserS Func dataITA($inputdate) ; Input date in the format "YYYY/MM/DD[ HH:MM:SS]", and translates Tuesday 8 May 2018 -> Martedì 8 maggio 2018 - perla pearl Local $stringaDATAita = _DateTimeFormat($inputdate, 1) Select Case StringInStr($stringaDATAita, "Monday") $stringaDATAita = StringReplace($stringaDATAita, "Monday", "lunedi'") Case StringInStr($stringaDATAita, "Tuesday") $stringaDATAita = StringReplace($stringaDATAita, "Tuesday", "martedi'") Case StringInStr($stringaDATAita, "Wednesday") $stringaDATAita = StringReplace($stringaDATAita, "Wednesday", "mercoledi'") Case StringInStr($stringaDATAita, "Thursday") $stringaDATAita = StringReplace($stringaDATAita, "Thursday", "giovedi'") Case StringInStr($stringaDATAita, "Friday") $stringaDATAita = StringReplace($stringaDATAita, "Friday", "venerdi'") Case StringInStr($stringaDATAita, "Saturday") $stringaDATAita = StringReplace($stringaDATAita, "Saturday", "sabato") Case StringInStr($stringaDATAita, "Sunday") $stringaDATAita = StringReplace($stringaDATAita, "Sunday", "Domenica") EndSelect Select Case StringInStr($stringaDATAita, "January") $stringaDATAita = StringReplace($stringaDATAita, "January", "gennaio") Case StringInStr($stringaDATAita, "February") $stringaDATAita = StringReplace($stringaDATAita, "February", "febbraio") Case StringInStr($stringaDATAita, "March") $stringaDATAita = StringReplace($stringaDATAita, "March", "marzo") Case StringInStr($stringaDATAita, "April") $stringaDATAita = StringReplace($stringaDATAita, "April", "aprile") Case StringInStr($stringaDATAita, "May") $stringaDATAita = StringReplace($stringaDATAita, "May", "maggio") Case StringInStr($stringaDATAita, "June") $stringaDATAita = StringReplace($stringaDATAita, "June", "giugno") Case StringInStr($stringaDATAita, "July") $stringaDATAita = StringReplace($stringaDATAita, "July", "luglio") Case StringInStr($stringaDATAita, "August") $stringaDATAita = StringReplace($stringaDATAita, "August", "agosto") Case StringInStr($stringaDATAita, "September") $stringaDATAita = StringReplace($stringaDATAita, "September", "settembre") Case StringInStr($stringaDATAita, "October") $stringaDATAita = StringReplace($stringaDATAita, "October", "ottobre") Case StringInStr($stringaDATAita, "November") $stringaDATAita = StringReplace($stringaDATAita, "November", "novembre") Case StringInStr($stringaDATAita, "December") $stringaDATAita = StringReplace($stringaDATAita, "December", "dicembre") EndSelect Return ($stringaDATAita) EndFunc ;==>dataITA Func GOLLOG($logtext) ; Gollog V.2.3 gestione CRLF si o no ; gestione a capo automatico oltre i xx caratteri; gestione pulitura ogni totmila char Perla pearl ; basta aggiungere |nocrlf50 a fine stringa, dove 50 sono gli xx caratteri, conta la prima riga dove si supera quel limite. ; to declare $gollogcount = 0,$lastlog="sicrlf",$cachelog="",$guititle = "nomegui",$Gollogedit,$logfile = @ScriptDir & "\GOLLOG_LOG_", $months2NOTzip = 3 ; e anche le misure dell'edit: $geleft = 32, $getop = 32, $gewidth = 553, $geheight = 377 ; #include <File.au3> #include <GuiEdit.au3> #include <_zip.au3> ; to insert FUNCs: GOLLOG CLEANEDIT GOLzipZIP $gollogcount += StringLen($logtext) ;Local $logfile = @ScriptDir & "\GOLLOG_LOG_" ; now global Local $logfiletimerange = @YEAR & @MON Local $linelimit = StringRight($logtext, 2) If StringRight($logtext, 9) = "|nocrlf" & $linelimit Then $logtext = StringTrimRight($logtext, 9) Local $acapo = "no" Else Local $acapo = "si" $gollogcount += 4 If $gollogcount > 13000 Then Sleep(3000) cleanedit() ; MsgBox(64, "debug", $conta) $gollogcount = 0 EndIf EndIf If $acapo = "no" And (StringLen($cachelog) <= $linelimit) Then ;pearl perla non a capo se If $lastlog = "nocrlf" Then If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, $logtext) EndIf Else If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, @MDAY & "/" & @MON & "_" & @HOUR & ":" & @MIN & " " & $logtext) EndIf EndIf $cachelog = $cachelog & $logtext $lastlog = "nocrlf" Else If $lastlog = "nocrlf" Then If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, $logtext & @CRLF) EndIf $cachelog = $cachelog & $logtext _FileWriteLog($logfile & $logfiletimerange & ".txt", $cachelog) $cachelog = "" Else If WinExists($guititle) Then ; per non scrivere in gui se questa non esiste _GUICtrlEdit_AppendText($Gollogedit, @MDAY & "/" & @MON & "_" & @HOUR & ":" & @MIN & " " & $logtext & @CRLF) EndIf _FileWriteLog($logfile & $logfiletimerange & ".txt", $logtext) EndIf $lastlog = "sicrlf" EndIf EndFunc ;==>GOLLOG Func cleanedit() ; cleaning of edit every n° lines (in program put if $nlines > xlines then this function) GUICtrlDelete($Gollogedit) $Gollogedit = GUICtrlCreateEdit("", $geleft, $getop, $gewidth, $geheight) ;, BitOR($ES_AUTOVSCROLL, $ES_AUTOHSCROLL, $ES_WANTRETURN, $WS_BORDER)) GUICtrlSetData(-1, "" & @CRLF) GUICtrlSetFont(-1, 9, 800, 0, "consolas") GUICtrlSetColor(-1, 0090608) GUICtrlSetBkColor(-1, 0xF0DAE5) GUICtrlSetCursor(-1, 3) EndFunc ;==>cleanedit Func GOLzipLOG($months2NOTzip) ; zipping old log leaving unzipped only n months GOLLOG("Starting old logs zipping..") ; path extraction zone Local $logfiletimerange = @YEAR & @MON Local $sDrive = "", $sDir = "", $sFileName = "", $sExtension = "" Local $arraylogpath = _PathSplit($logfile & $logfiletimerange & ".txt", $sDrive, $sDir, $sFileName, $sExtension) Local $logpath = $arraylogpath[1] & $arraylogpath[2] Local $hSearch = FileFindFirstFile($logfile & "*.txt") ; searching for logs Local $logconta = 0 While 1 ; single file processing cycle Local $sFileName = FileFindNextFile($hSearch) ; If there is no more file matching the search. If @error Then ExitLoop Local $stringtime = StringTrimRight(StringRight($sFileName, 10), 4) ;obtaining year-month like 201609 If $logfiletimerange - $stringtime > $months2NOTzip Then ;zipping If Not FileExists($logfile & ".zip") Then If Not _Zip_Create($logfile & ".zip", 1) Then GOLLOG("Error " & @error & " creating " & $logfile & ".zip") Else GOLLOG("Created new log archive: " & $logfile & ".zip") EndIf Else GOLLOG("adding to archive: " & $logfile & ".zip") EndIf If Not _zip_additem($logfile & ".zip", $logpath & $sFileName) Then GOLLOG("Error " & @error & " zipping: " & $logpath & $sFileName) Else GOLLOG("Added: " & $logpath & $sFileName) $logconta += 1 If Not FileDelete($logpath & $sFileName) Then GOLLOG("ERROR - Unable to DELETE log file " & $logpath & $sFileName) EndIf EndIf EndIf WEnd GOLLOG("Finished = " & $logconta & " log files zipped") EndFunc ;==>GOLzipLOG Func CFGctrl() ; check ini files and load section names GOLLOG("checkin' INI file..|nocrlf50") If FileExists($inifile) Then $guiactive = IniRead($inifile, "general", "GUI", "?") If $guiactive = "?" Then GOLLOG("INI incomplete, missing section 'general', value GUI") ExitwithError() EndIf $flagITA = IniRead($inifile, "general", "dataITA", "?") If $flagITA = "?" Then GOLLOG("INI incomplete, missing section 'general', value dataITA") ExitwithError() EndIf $flagpwdLastSet = IniRead($inifile, "general", "pwdLastSet", "?") If $flagpwdLastSet = "?" Then GOLLOG("INI incomplete, missing section 'general', value pwdLastSet") ExitwithError() EndIf GOLLOG("reading section names...|nocrlf50") $arrayINIsections = IniReadSectionNames($inifile) GOLLOG("N°" & $arrayINIsections[0] - 1 & " groups to process") Else $message1 = "error: no saved settings !?" GOLLOG($message1) ExitwithError() EndIf GOLLOG("..completed") EndFunc ;==>CFGctrl Func CFGload($section) ; load single ini file section values $INIgroup = IniRead($inifile, $section, "group", "?") $INItomail = IniRead($inifile, $section, "tomail", "?") $INItosend = IniRead($inifile, $section, "tosend", "?") $INIdays1 = IniRead($inifile, $section, "days1", "?") $INIdays2 = IniRead($inifile, $section, "days2", "?") $INImailsubject = IniRead($inifile, $section, "mailsubject", "?") $INIsmpt = IniRead($inifile, $section, "smtp", "?") $INIfromname = IniRead($inifile, $section, "fromname", "?") $INIfromaddress = IniRead($inifile, $section, "fromaddress", "?") EndFunc ;==>CFGload Func ExitwithError() GOLLOG("**********ERROR and STOP****************") Exit EndFunc ;==>ExitwithError The example .ini:
       
      [group1] group=G_IT_PASSWORD_MONITORED days1=5 days2=2 tomail=yourgroup@yourdomain.it ;tosend=user; send mails to the domain user mail address, otherwise send to specified address tosend=0 ;tosend ;1 send mails, 0 disable mails for testing mailsubject=Domain users going to expire passwords smtp=smtp.your.own.server fromname=Password Expiration Guardian fromaddress=PEG@NSC.it [group2] group=G_IT_PASSWORD_NOTIFIED days1=5 days2=2 tomail=user ;tosend=user; send mails to the domain user mail address, otherwise send to specified address tosend=0 ;tosend ;1 send mails, 0 disable mails for testing mailsubject=Password is expiring ! smtp=smtp.your.own.server fromname=Password Expiration Guardian fromaddress=PEG@NSC.it [general] GUI=1 ;1 gui ON for testing, 0 gui disabled dataITA = 1 ;1 translates datetime in italian, 0 for ENG pwdLastSet = 0 ;1 tries to reset the 'pwdLastSet' attribute (you must have permissions), 0 do nothing  
       
    • By Overkill
      Hi all,
      I am working on a GUI program to update Google's Dynamic DNS (API at https://support.google.com/domains/answer/6147083?authuser=1&hl=en if you scroll to bottom). I am not a programmer by any means - just a sysadmin who has picked up on some things along the way. I am sure that there's better ways to do a lot of things in this script; I'm just going with what I know.
      My challenge right now is that I'd like a better way to store the credentials both in memory as well as in system registry or INI file (not sure which way I want to go for local storage). How should I convert the passwords to a secure string in a manner that can't be easily reversed, yet is still accessible to the script? Is that even an option in AutoIt?
      Can anybody provide me with links to good reference posts, or coding suggestions for how best to achieve this in the script below? I am using the WinHTTP UDF (https://github.com/dragana-r/autoit-winhttp/releases) to make my API calls.
      #include<WinHTTP.au3> #include<GUIConstantsEx.au3> #include<EditConstants.au3> #include<iNet.au3> #include<Array.au3> DIM $aDomainList[1][4] $aDomainList[0][0] = 0 $gMainGUI = GUICreate("Overkill's Google DNS Updater",800,800) $gDomainLabel = GUICtrlCreateLabel("FQDN",21,8) $gDomainInput = GUICtrlCreateInput("",60,5,300) $gUserLabel = GUICtrlCreateLabel("Username",5,36) $gUserInput = GUICtrlCreateInput("",60,32,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gPasswordLabel = GUICtrlCreateLabel("Password",6,64) $gPassInput = GUICtrlCreateInput("",60,60,130,Default,BitOR($GUI_SS_DEFAULT_INPUT,$ES_PASSWORD)) $gAddButton = GUICtrlCreateButton("ADD DOMAIN",200,31,160,52) $gCurrentIP = GUICtrlCreateLabel("Current IP: " & _CheckIP(),5,780) $gDomainList = GUICtrlCreateListView("Domain | Resolved IP | Update Status",5,120,600,600) GUISetState(@SW_SHOW,$gMainGUI) while 1 $m = GUIGetMsg() IF $M = $GUI_EVENT_CLOSE then Exit IF $M = $gAddButton Then $sAddDomain = GUICtrlRead($gDomainInput) $sAddUser = GUICtrlRead($gUserInput) $sAddPass = GUICtrlRead($gPassInput) $sResolveIP = _DNSCheck($sAddDomain) ;Google wants you to avoid sending updates when there are no changes If StringCompare($sResolveIP,_CheckIP()) = 0 Then $sStatus = "No change, not sending update" Else $sStatus = _DNSUpdate($sAddDomain,$sAddUser,$sAddPass) EndIf ;Check to make sure all fields are completed before continuing IF StringLen($sAddDomain) = 0 OR StringLen($sAddUser) = 0 OR StringLen($sAddPass) = 0 Then MsgBox(0,"","Please complete all fields") Else ; If the fields all have data, then continue ;Check to see if the entry exists in the array already $iSanity = _ArraySearch($aDomainList,$sAddDomain) IF $iSanity = 0 Then _ArrayAdd($aDomainList,$sAddDomain & "|" & $sAddUser & "|" & $sAddPass ) If @error = 0 Then $aDomainList[0][0] += 1 $aDomainList[$aDomainList[0][0]][3] = GUICtrlCreateListViewItem($sAddDomain & "|" & $sResolveIP & "|" & $sStatus,$gDomainList) Else MsgBox(0,"","Error adding input to list") EndIf Else ; If $iSanity <> 0 ; Update existing info in array and listviewitem $aDomainList[$iSanity][0] = $sAddDomain $aDomainList[$iSanity][1] = $sAddUser $aDomainList[$iSanity][2] = $sAddPass GUICtrlSetData($aDomainList[$iSanity][3],$sAddDomain & "|" & $sResolveIP & "|" & $sStatus) EndIf ; If $iSanity = 0 EndIf ; If StringLen... EndIf ; If $m = $gaddbutton WEnd ;---------------------------------------------------------------------------------------- Func _DNSCheck($sFQDN) $sJSON = _INetGetSource("https://dns.google.com/resolve?name=" & $sFQDN & "&cd=1") ConsoleWrite($sJSON & @CRLF) $sIPAddress = StringRegExpReplace($sJSON,'^.*data": "(.*?)".*?$',"\1") Return $sIPAddress EndFunc ;---------------------------------------------------------------------------------------- Func _DNSUpdate($sFQDN,$sUser,$sPass) Local $sGoogleAPIURI = "https://domains.google.com" Local $hOpen = _WinHttpOpen() Local $hConnect = _WinHttpConnect($hOpen, $sGoogleAPIURI) Local $sHeader = _ 'Authorization: Basic ' & _Base64Encode($sUser & ":" & $sPass) & @CRLF & _ 'Accept: */*' & @CRLF & _ 'User-Agent: AutoITScript/' & @AutoItVersion & @CRLF & _ 'Content-Type: application/x-www-form-urlencoded' Local $aHTTPResponse = _WinHttpSimpleSSLRequest($hConnect, "POST", "/nic/update", Default, "hostname=" & $sFQDN, $sHeader, True, Default, Default, Default, True) _WinHttpCloseHandle($hConnect) _WinHttpCloseHandle($hOpen) If IsArray($aHTTPResponse) Then $sHTTPResponse = "Header:" & @CRLF & $aHTTPResponse[0] & @CRLF & "Data:" & @CRLF & $aHTTPResponse[1] & @CRLF & @CRLF & @CRLF Return $aHTTPResponse[1] Else $sHTTPResponse = "NO REPLY" Return "No reply from " & $sGoogleAPIURI EndIf EndFunc ;---------------------------------------------------------------------------------------- Func _Base64Encode($sData) Local $oXml = ObjCreate("Msxml2.DOMDocument") If Not IsObj($oXml) Then SetError(1, 1, 0) EndIf Local $oElement = $oXml.createElement("b64") If Not IsObj($oElement) Then SetError(2, 2, 0) EndIf $oElement.dataType = "bin.base64" $oElement.nodeTypedValue = Binary($sData) Local $sReturn = $oElement.Text If StringLen($sReturn) = 0 Then SetError(3, 3, 0) EndIf Return $sReturn EndFunc ;---------------------------------------------------------------------------------------- Func _CheckIP() Return _INetGetSource("https://domains.google.com/checkip") EndFunc ;----------------------------------------------------------------------------------------  
×
×
  • Create New...