在批处理文件中登录和注册系统 [英] Login and Register system in Batch File

问题描述

因此，我非常想尝试在Batch文件中创建Login and Register系统.我成功进行了注册，只是将用户名和密码回显到.dll文件或.txt文件，但我不知道如何进行登录.我尝试了很多代码，但我不明白我在互联网上找到的登录/注册代码.

So, I was so badly trying to make Login and Register system in Batch file. I succeded at Registering, simply echoed username and password to .dll files or .txt files, but I don't know how to make to login. I tried much codes, and I don't understand the Login/Register codes I found on the internet.

例如，我尝试过的事情:

For example, what I tried:

@echo off
title Login and Register
cls

:register
cls
set /p name="Username: "
echo %name% >> username.txt
cls
set /p password="Password: "
echo %password% >> password.txt
goto :login

:login
cls
set /p uname="Username: "
if %uname% EQU %name% goto :program
if not %uname% EQU %name% goto :error
cls
set /p pass="Password: "
if %pass% EQU %password% goto :program
if not %pass% EQU %password% goto :error

:program
cls
echo Welcome!
echo.
pause

因此，这只是有关我的登录代码的示例.我尝试了很多事情，但还是一样.我是编程的开始者，所以我没有太多经验，希望大家都明白.谢谢.

So, this is just example on how my login code would look like. I tried much things but it's still the same. I am begginer in programming so I am not experienced much, I hope you all understand. Thank you.

推荐答案

创建用于处理身份验证的批处理脚本的问题是，有人编辑批处理脚本并简单地插入 goto程序靠近顶部.您为自己创造了很多工作，却没有什么好处.

The problem with creating a batch script to handle authentication is that it's trivially easy for someone to edit the batch script and simply insert goto program near the top. You're creating a lot of work for yourself for very little benefit.

上面的脚本缺少的是，在:login 部分中，您没有读取password.txt中存储的值.因此％uname％" 永远不会等于％name％" .还有很多其他遗漏的东西，其中最重要的一点是在文本文件中存储纯文本密码是很危险的.

What your script above is missing is, within the :login section, you are not reading the values stored in password.txt. So "%uname%" will never equal "%name%". There's lots of other stuff missing as well, not the least of which is that storing plain text passwords in a text file is dangerous.

如果您坚持要走这条路，请尝试一下.它将密码存储为Base64编码的SHA512哈希，并与用户名一起使用.这样，您的项目至少可以减少危险(假设攻击者不知道用户名).

If you insist on continuing down this road, then try this. It stores passwords as Base64-encoded SHA512 hashes, salted with the usernames. This way your project will at least be less dangerous (assuming the usernames are not known to the attacker).

<# : Batch portion
@echo off & setlocal disabledelayedexpansion

set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login

:registration
echo Welcome to %~nx0!  Please register.
set /P "user=Username? "
call :passwordPrompt hash plain "%user%"

if defined user if defined hash (
    >> "%loginfile%" echo(%hash%
    goto main
)
goto registration

:login
echo Welcome to %~nx0!  Please log in.  Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration
call :passwordPrompt hash plain "%user%"
find "%hash%" "%loginfile%" >NUL || (
    echo Invalid credentials.
    goto login
)

:main
rem // In case you need it, the entered password is stored in %plain%
echo Login successful.  Enjoy the fruits of your labor.
wmic os get localdatetime /value

rem // end main runtime
goto :EOF

:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b

: end Batch / begin PowerShell hybrid code #>
$env:user = $env:user.toLower()
[console]::Error.Write("Password for $($env:user)? ")
$i = read-host -AsSecureString
$m = [Runtime.InteropServices.Marshal]
$p = $m::PtrToStringAuto($m::SecureStringToBSTR($i))
"h={0}" -f [Convert]::ToBase64String([Security.Cryptography.HashAlgorithm]::Create(`
    'SHA512').ComputeHash([Text.Encoding]::UTF8.GetBytes("$($env:user)`n$p")))
"p=$p"

---

这里是带有注释的相同脚本.让我知道您是否想要进一步解释.

---

Here's the same script annotated with comments. Let me know if you'd like further explanation of anything.

<# : Batch portion
@rem # The previous line does nothing in Batch, but begins a multiline comment block
@rem # in PowerShell.  This allows a single script to be executed by both interpreters.
@echo off

rem # setlocal limits the scope of variables to this script.
rem # disabledelayedexpansion prevents exclamation marks from being mangled
setlocal disabledelayedexpansion

rem # set "loginfile=drive:\path\to\BatFileBaseName.data"
set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login

:registration
echo Welcome to %~nx0!  Please register.
set /P "user=Username? "

rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"

if defined user if defined hash (
    >> "%loginfile%" echo(%hash%
    goto main
)
goto registration

:login
echo Welcome to %~nx0!  Please log in.  Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration

rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"

rem # If hash doesn't exist in login file, then fail auth.
find "%hash%" "%loginfile%" >NUL || (
    echo Invalid credentials.
    goto login
)

:main
rem # In case you need it, the entered password is stored in %plain%
echo Login successful.  Enjoy the fruits of your labor.
wmic os get localdatetime /value

rem # end main runtime
goto :EOF

rem # :passwordPrompt function
rem # The first two args are the names of empty vars to be populated with return values.
rem # The third arg is the username.  It's not modified.
:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"

rem # Use "for /f" to capture the output of the powershell command.  This powershell
rem # command executes the hybrid portion at the bottom of this script.
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"

rem # To learn more about returning values from Batch functions, see this tutorial:
rem # http://www.dostips.com/DtTutoFunctions.php
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b

rem # End multi-line PowerShell comment block.  Begin PowerShell scripting.
: end Batch / begin PowerShell hybrid code #>

# Make username case-insensitive
$env:user = $env:user.toLower()

# Output to stderr to avoid being captured or silenced by for /f
[console]::Error.Write("Password for $($env:user)? ")

# Get user input.  Hide keystrokes with stars.  Store as a secure object
$secure = read-host -AsSecureString

# Marshal direct access to RAM
$marshal = [Runtime.InteropServices.Marshal]

# Get pointer to RAM location containing entered string
$PTR = $marshal::SecureStringToBSTR($secure)

# Retrieve contents of RAM at that pointer
$plain = $marshal::PtrToStringAuto($PTR)

# Convert salt + line feed + $plain to a byte array
$bytes = [Text.Encoding]::UTF8.GetBytes("$($env:user)`n$plain")

# Create SHA512 hash algorithm
$SHA512 = [Security.Cryptography.HashAlgorithm]::Create('SHA512')

# Compute hash
$hash = $SHA512.ComputeHash($bytes)

# Convert hash to Base64
$b64 = [Convert]::ToBase64String($hash)

# Output results
"h=$b64"
"p=$plain"

这篇关于在批处理文件中登录和注册系统的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！