Jump to content

Special Characters and passwords

Recommended Posts

I have a script running originally on Server 2012 R2 that had stopped working. Essentially the script will launch Quickbooks, enter in the password for the company file, and launch the file in multi user mode. This script had been working just fine up until a couple months ago.

The way the script works is that it keys in the password in two parts, first the initial part of the password, and then the special character.

As it sits currently, the script now only enters in the special character, and the script fails.

The script is added below (I have masked the password and company file name with *'s) :

#ce ----------------------------------------------------------------------------
#Include <Array.au3>
#Include <WinAPIEx.au3>
#include <MsgBoxConstants.au3>
$pass = "********" ;password without '!' symbol

$prompt = MsgBox(1,"Auto-launch", "Auto launch starting in: 20 seconds.  Press cancel to abort", 20)
If $prompt = 1 or $prompt = -1 Then
   WinMinimizeAll();Minimize all open windows
   Run("rundll32.exe user32.dll,LockWorkStation") ; Lock user session
ElseIf $prompt = 2 Then

Func _launchQB();Launch Quickbooks
   $iPID = Run('"C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32EnterpriseContractor.exe" -QFM Q:\*******.QBW -NoShowLoadingQBWnd') ;Launch quickbooks using correct datafile
   $update = WinWait("[CLASS:MauuiMessage]","",20) ;Check if qb prompts for update
      if $update <> 0 Then ;if update prompt
         $hWnd = WinGetHandle("[CLASS:MauuiMessage]")
         WinClose($hWnd) ;close window and proceed
   $login = WinWait("[CLASS:MauiForm]","",20) ; wait for login prompt
   $hWnd = WinGetHandle("[CLASS:MauiForm]") ;find login form
   WinActivate($hWnd) ; activate login form
   ControlSend($hWnd,"","[CLASS:Edit; INSTANCE:2]",$pass) ; activate password textbox and send password
   Send("{!}");send special symbol
   Send("{enter}") ; send enter key after password entered
   $hWnd3 = WinGetHandle("[CLASS:MauiFrame]")
   WinSetState($hWnd3,"",@SW_MINIMIZE) ;minimize QB

Func _launchacowin() ;Launch acowin
   $iPID = Run("C:\Program Files (x86)\Acowin\LicenseMgr.exe","C:\Program Files (x86)\Acowin") ; Launch acowin *must give in start in path or app will error
   $login2 = WinWait("[CLASS:WindowsForms10.Window.8.app.0.141b42a_r12_ad1]","",30) ; wait for Acowin window
   $hWnd4 = WinGetHandle("Acowin License Manager","") ; Activate Acowin Window
   WinActivate($hWnd4) ;Activate Acowin window
   $hWnd5 = ControlGetHandle($hWnd4,"","[NAME:button_qb_connect]"); find "Connect to QB" button
   WinActivate($hWnd5) ;Activate Window
   ControlClick($hWnd4, "", "[NAME:button_qb_connect]") ; Press "Connect to QB" button
   WinSetState($hWnd4, "", @SW_MINIMIZE) ;minimize QB



Any help would be most appreciated



Link to post
Share on other sites

your password is sent using ControlSend() and the special symbol is sent with just a Send()

So, i'm assuming you need to verify that the $hWnd is actually being returned when you use WinGetHandle with some actual error checking and maybe double check with the Au3Info tool to make sure the Class:edit instance 2 is still valid.

Link to post
Share on other sites

Off topic about password management, but a STRONG warning that usually hard coding a plain text password into your code is VERY, VERY bad security. It will come back to bite you HARD, especially if somebody else changes the QuickBooks password and your code does not work any more, you edit your source code, and then leave it lying around for nefarious types to find it. System dumps and logs may also have traces left in them for casual perusal. Where do you keep the AutoIt source code, in case you are hit by a bus? GitHub, for all the world to see?

Does the enterprise version of QuickBooks have facilities to do what you need without having to launch it with an AutoIt wrapper? If not, maybe ask for it as a feature in their next version. I'm sure you are not the first person needing this type of functionality. Their security folks will have a more secure approach to storing the password securely, rather than plain text.

I know I haven't helped answer your code question, but maybe the question you are asking about is not the question that is appropriate for your organisation. Hackers do not sleep and search engines such as Shodan can make skript kiddies lives very easy to hack you. Hindsight can be a harsh teacher!

Link to post
Share on other sites

I understand the security risks associated with having the passwords in plain text, especially for those who seek to infiltrate the network. They basically want automation in the event of server reboots. If there is a better way to achieve this securely I am all for it.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...