創建批處理腳本來處理身份驗證的問題在於,對於某人編輯批處理腳本並簡單地在頂部附近插入goto program
非常容易。你正在爲自己創造大量的工作,而收益甚微。
你上面缺少的腳本是在:login
部分,你沒有讀取存儲在password.txt中的值。所以"%uname%"
永遠不會等於"%name%"
。還有很多其他缺失的東西,其中最重要的是將純文本密碼存儲在文本文件中是危險的。
如果你堅持繼續這條路,那麼試試這個。它將密碼存儲爲基於Base64編碼的SHA512散列,並用用戶名進行醃製。這樣你的項目至少不會那麼危險(假設攻擊者不知道用戶名)。
<# : Batch portion
@echo off & setlocal disabledelayedexpansion
set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login
:registration
echo Welcome to %~nx0! Please register.
set /P "user=Username? "
call :passwordPrompt hash plain "%user%"
if defined user if defined hash (
>> "%loginfile%" echo(%hash%
goto main
)
goto registration
:login
echo Welcome to %~nx0! Please log in. Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration
call :passwordPrompt hash plain "%user%"
find "%hash%" "%loginfile%" >NUL || (
echo Invalid credentials.
goto login
)
:main
rem // In case you need it, the entered password is stored in %plain%
echo Login successful. Enjoy the fruits of your labor.
wmic os get localdatetime /value
rem // end main runtime
goto :EOF
:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b
: end Batch/begin PowerShell hybrid code #>
$env:user = $env:user.toLower()
[console]::Error.Write("Password for $($env:user)? ")
$i = read-host -AsSecureString
$m = [Runtime.InteropServices.Marshal]
$p = $m::PtrToStringAuto($m::SecureStringToBSTR($i))
"h={0}" -f [Convert]::ToBase64String([Security.Cryptography.HashAlgorithm]::Create(`
'SHA512').ComputeHash([Text.Encoding]::UTF8.GetBytes("$($env:user)`n$p")))
"p=$p"
下面是帶註釋註釋相同的腳本。如果您想進一步解釋任何事情,請告訴我。
<# : Batch portion
@rem # The previous line does nothing in Batch, but begins a multiline comment block
@rem # in PowerShell. This allows a single script to be executed by both interpreters.
@echo off
rem # setlocal limits the scope of variables to this script.
rem # disabledelayedexpansion prevents exclamation marks from being mangled
setlocal disabledelayedexpansion
rem # set "loginfile=drive:\path\to\BatFileBaseName.data"
set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login
:registration
echo Welcome to %~nx0! Please register.
set /P "user=Username? "
rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"
if defined user if defined hash (
>> "%loginfile%" echo(%hash%
goto main
)
goto registration
:login
echo Welcome to %~nx0! Please log in. Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration
rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"
rem # If hash doesn't exist in login file, then fail auth.
find "%hash%" "%loginfile%" >NUL || (
echo Invalid credentials.
goto login
)
:main
rem # In case you need it, the entered password is stored in %plain%
echo Login successful. Enjoy the fruits of your labor.
wmic os get localdatetime /value
rem # end main runtime
goto :EOF
rem # :passwordPrompt function
rem # The first two args are the names of empty vars to be populated with return values.
rem # The third arg is the username. It's not modified.
:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"
rem # Use "for /f" to capture the output of the powershell command. This powershell
rem # command executes the hybrid portion at the bottom of this script.
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"
rem # To learn more about returning values from Batch functions, see this tutorial:
rem # http://www.dostips.com/DtTutoFunctions.php
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b
rem # End multi-line PowerShell comment block. Begin PowerShell scripting.
: end Batch/begin PowerShell hybrid code #>
# Make username case-insensitive
$env:user = $env:user.toLower()
# Output to stderr to avoid being captured or silenced by for /f
[console]::Error.Write("Password for $($env:user)? ")
# Get user input. Hide keystrokes with stars. Store as a secure object
$secure = read-host -AsSecureString
# Marshal direct access to RAM
$marshal = [Runtime.InteropServices.Marshal]
# Get pointer to RAM location containing entered string
$PTR = $marshal::SecureStringToBSTR($secure)
# Retrieve contents of RAM at that pointer
$plain = $marshal::PtrToStringAuto($PTR)
# Convert salt + line feed + $plain to a byte array
$bytes = [Text.Encoding]::UTF8.GetBytes("$($env:user)`n$plain")
# Create SHA512 hash algorithm
$SHA512 = [Security.Cryptography.HashAlgorithm]::Create('SHA512')
# Compute hash
$hash = $SHA512.ComputeHash($bytes)
# Convert hash to Base64
$b64 = [Convert]::ToBase64String($hash)
# Output results
"h=$b64"
"p=$plain"
很不錯的代碼!我剛剛測試過它,我喜歡使用PowerShell功能的技巧。我正在從你那裏學習新東西,就像你有時間給我添加一些關於你的代碼的評論!再次感謝您;) – Hackoo
@Hackoo這很難寫,所以它也應該很難閱讀。 (我在開玩笑。)有沒有特別要註釋的地方?如果它是您感興趣的Batch + PowerShell多語言格式,[此論壇主題](http://www.dostips.com/forum/viewtopic.php?f=3&t=5526)有不同的示例。 – rojo
你的代碼工作,很好,謝謝你的努力,但有什麼辦法可以讓代碼更簡單嗎?我的朋友告訴我,我可以通過命令「echo << C:\ Program」來加載txt或dll文件,或者類似的東西......我甚至都沒有開始理解你的代碼。 :'D – miragetv7