在批处理文件中登录和注册系统

时间:2017-06-17 18:33:18

标签: batch-file

所以,我非常想在批处理文件中创建登录和注册系统。我成功注册,只是回复了.dll文件或.txt文件的用户名和密码,但我不知道如何登录。我尝试了很多代码,而且我不理解我在互联网上找到的登录/注册码。

例如,我尝试了什么:

@echo off
title Login and Register
cls

:register
cls
set /p name="Username: "
echo %name% >> username.txt
cls
set /p password="Password: "
echo %password% >> password.txt
goto :login

:login
cls
set /p uname="Username: "
if %uname% EQU %name% goto :program
if not %uname% EQU %name% goto :error
cls
set /p pass="Password: "
if %pass% EQU %password% goto :program
if not %pass% EQU %password% goto :error

:program
cls
echo Welcome!
echo.
pause

所以,这只是我的登录代码的样子。我尝试了很多东西,但它仍然是一样的。我在编程方面很开心,所以我没有多少经验,希望大家都明白。谢谢。

1 个答案:

答案 0 :(得分:1)

创建批处理脚本来处理身份验证的问题在于,某人编辑批处理脚本并在顶部附近插入goto program非常容易。你为自己创造了很多工作,但收效甚微。

您的上述脚本缺少的是:login部分中您没有读取存储在password.txt中的值。因此"%uname%"永远不会等于"%name%"。还有很多其他的东西丢失了,其中最重要的是将纯文本密码存储在文本文件中是危险的。

如果你坚持继续走这条路,那试试吧。它将密码存储为Base64编码的SHA512哈希值,并使用用户名进行加密。这样,您的项目至少会降低危险性(假设攻击者不知道用户名)。

<# : Batch portion
@echo off & setlocal disabledelayedexpansion

set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login

:registration
echo Welcome to %~nx0!  Please register.
set /P "user=Username? "
call :passwordPrompt hash plain "%user%"

if defined user if defined hash (
    >> "%loginfile%" echo(%hash%
    goto main
)
goto registration

:login
echo Welcome to %~nx0!  Please log in.  Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration
call :passwordPrompt hash plain "%user%"
find "%hash%" "%loginfile%" >NUL || (
    echo Invalid credentials.
    goto login
)

:main
rem // In case you need it, the entered password is stored in %plain%
echo Login successful.  Enjoy the fruits of your labor.
wmic os get localdatetime /value

rem // end main runtime
goto :EOF

:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b

: end Batch / begin PowerShell hybrid code #>
$env:user = $env:user.toLower()
[console]::Error.Write("Password for $($env:user)? ")
$i = read-host -AsSecureString
$m = [Runtime.InteropServices.Marshal]
$p = $m::PtrToStringAuto($m::SecureStringToBSTR($i))
"h={0}" -f [Convert]::ToBase64String([Security.Cryptography.HashAlgorithm]::Create(`
    'SHA512').ComputeHash([Text.Encoding]::UTF8.GetBytes("$($env:user)`n$p")))
"p=$p"

这是用注释注释的相同脚本。如果您想进一步解释任何事情,请告诉我。

<# : Batch portion
@rem # The previous line does nothing in Batch, but begins a multiline comment block
@rem # in PowerShell.  This allows a single script to be executed by both interpreters.
@echo off

rem # setlocal limits the scope of variables to this script.
rem # disabledelayedexpansion prevents exclamation marks from being mangled
setlocal disabledelayedexpansion

rem # set "loginfile=drive:\path\to\BatFileBaseName.data"
set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login

:registration
echo Welcome to %~nx0!  Please register.
set /P "user=Username? "

rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"

if defined user if defined hash (
    >> "%loginfile%" echo(%hash%
    goto main
)
goto registration

:login
echo Welcome to %~nx0!  Please log in.  Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration

rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"

rem # If hash doesn't exist in login file, then fail auth.
find "%hash%" "%loginfile%" >NUL || (
    echo Invalid credentials.
    goto login
)

:main
rem # In case you need it, the entered password is stored in %plain%
echo Login successful.  Enjoy the fruits of your labor.
wmic os get localdatetime /value

rem # end main runtime
goto :EOF

rem # :passwordPrompt function
rem # The first two args are the names of empty vars to be populated with return values.
rem # The third arg is the username.  It's not modified.
:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"

rem # Use "for /f" to capture the output of the powershell command.  This powershell
rem # command executes the hybrid portion at the bottom of this script.
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"

rem # To learn more about returning values from Batch functions, see this tutorial:
rem # http://www.dostips.com/DtTutoFunctions.php
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b

rem # End multi-line PowerShell comment block.  Begin PowerShell scripting.
: end Batch / begin PowerShell hybrid code #>

# Make username case-insensitive
$env:user = $env:user.toLower()

# Output to stderr to avoid being captured or silenced by for /f
[console]::Error.Write("Password for $($env:user)? ")

# Get user input.  Hide keystrokes with stars.  Store as a secure object
$secure = read-host -AsSecureString

# Marshal direct access to RAM
$marshal = [Runtime.InteropServices.Marshal]

# Get pointer to RAM location containing entered string
$PTR = $marshal::SecureStringToBSTR($secure)

# Retrieve contents of RAM at that pointer
$plain = $marshal::PtrToStringAuto($PTR)

# Convert salt + line feed + $plain to a byte array
$bytes = [Text.Encoding]::UTF8.GetBytes("$($env:user)`n$plain")

# Create SHA512 hash algorithm
$SHA512 = [Security.Cryptography.HashAlgorithm]::Create('SHA512')

# Compute hash
$hash = $SHA512.ComputeHash($bytes)

# Convert hash to Base64
$b64 = [Convert]::ToBase64String($hash)

# Output results
"h=$b64"
"p=$plain"
相关问题
最新问题