创建批处理脚本来处理身份验证的问题在于,对于某人编辑批处理脚本并简单地在顶部附近插入goto program
非常容易。你正在为自己创造大量的工作,而收益甚微。
你上面缺少的脚本是在:login
部分,你没有读取存储在password.txt中的值。所以"%uname%"
永远不会等于"%name%"
。还有很多其他缺失的东西,其中最重要的是将纯文本密码存储在文本文件中是危险的。
如果你坚持继续这条路,那么试试这个。它将密码存储为基于Base64编码的SHA512散列,并用用户名进行腌制。这样你的项目至少不会那么危险(假设攻击者不知道用户名)。
<# : Batch portion
@echo off & setlocal disabledelayedexpansion
set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login
:registration
echo Welcome to %~nx0! Please register.
set /P "user=Username? "
call :passwordPrompt hash plain "%user%"
if defined user if defined hash (
>> "%loginfile%" echo(%hash%
goto main
)
goto registration
:login
echo Welcome to %~nx0! Please log in. Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration
call :passwordPrompt hash plain "%user%"
find "%hash%" "%loginfile%" >NUL || (
echo Invalid credentials.
goto login
)
:main
rem // In case you need it, the entered password is stored in %plain%
echo Login successful. Enjoy the fruits of your labor.
wmic os get localdatetime /value
rem // end main runtime
goto :EOF
:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b
: end Batch/begin PowerShell hybrid code #>
$env:user = $env:user.toLower()
[console]::Error.Write("Password for $($env:user)? ")
$i = read-host -AsSecureString
$m = [Runtime.InteropServices.Marshal]
$p = $m::PtrToStringAuto($m::SecureStringToBSTR($i))
"h={0}" -f [Convert]::ToBase64String([Security.Cryptography.HashAlgorithm]::Create(`
'SHA512').ComputeHash([Text.Encoding]::UTF8.GetBytes("$($env:user)`n$p")))
"p=$p"
下面是带注释注释相同的脚本。如果您想进一步解释任何事情,请告诉我。
<# : Batch portion
@rem # The previous line does nothing in Batch, but begins a multiline comment block
@rem # in PowerShell. This allows a single script to be executed by both interpreters.
@echo off
rem # setlocal limits the scope of variables to this script.
rem # disabledelayedexpansion prevents exclamation marks from being mangled
setlocal disabledelayedexpansion
rem # set "loginfile=drive:\path\to\BatFileBaseName.data"
set "loginfile=%~dpn0.data"
if exist "%loginfile%" goto login
:registration
echo Welcome to %~nx0! Please register.
set /P "user=Username? "
rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"
if defined user if defined hash (
>> "%loginfile%" echo(%hash%
goto main
)
goto registration
:login
echo Welcome to %~nx0! Please log in. Enter "new" to register a new account.
set /P "user=Username? "
if /I "%user%"=="new" goto registration
rem # calls the :passwordPrompt function, which will set %hash% and %plain%
call :passwordPrompt hash plain "%user%"
rem # If hash doesn't exist in login file, then fail auth.
find "%hash%" "%loginfile%" >NUL || (
echo Invalid credentials.
goto login
)
:main
rem # In case you need it, the entered password is stored in %plain%
echo Login successful. Enjoy the fruits of your labor.
wmic os get localdatetime /value
rem # end main runtime
goto :EOF
rem # :passwordPrompt function
rem # The first two args are the names of empty vars to be populated with return values.
rem # The third arg is the username. It's not modified.
:passwordPrompt <return_hash> <return_plain> <username>
setlocal disabledelayedexpansion
set "user=%~3"
rem # Use "for /f" to capture the output of the powershell command. This powershell
rem # command executes the hybrid portion at the bottom of this script.
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I"
rem # To learn more about returning values from Batch functions, see this tutorial:
rem # http://www.dostips.com/DtTutoFunctions.php
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b
rem # End multi-line PowerShell comment block. Begin PowerShell scripting.
: end Batch/begin PowerShell hybrid code #>
# Make username case-insensitive
$env:user = $env:user.toLower()
# Output to stderr to avoid being captured or silenced by for /f
[console]::Error.Write("Password for $($env:user)? ")
# Get user input. Hide keystrokes with stars. Store as a secure object
$secure = read-host -AsSecureString
# Marshal direct access to RAM
$marshal = [Runtime.InteropServices.Marshal]
# Get pointer to RAM location containing entered string
$PTR = $marshal::SecureStringToBSTR($secure)
# Retrieve contents of RAM at that pointer
$plain = $marshal::PtrToStringAuto($PTR)
# Convert salt + line feed + $plain to a byte array
$bytes = [Text.Encoding]::UTF8.GetBytes("$($env:user)`n$plain")
# Create SHA512 hash algorithm
$SHA512 = [Security.Cryptography.HashAlgorithm]::Create('SHA512')
# Compute hash
$hash = $SHA512.ComputeHash($bytes)
# Convert hash to Base64
$b64 = [Convert]::ToBase64String($hash)
# Output results
"h=$b64"
"p=$plain"
很不错的代码!我刚刚测试过它,我喜欢使用PowerShell功能的技巧。我正在从你那里学习新东西,就像你有时间给我添加一些关于你的代码的评论!再次感谢您;) – Hackoo
@Hackoo这很难写,所以它也应该很难阅读。 (我在开玩笑。)有没有特别要注释的地方?如果它是您感兴趣的Batch + PowerShell多语言格式,[此论坛主题](http://www.dostips.com/forum/viewtopic.php?f=3&t=5526)有不同的示例。 – rojo
你的代码工作,很好,谢谢你的努力,但有什么办法可以让代码更简单吗?我的朋友告诉我,我可以通过命令“echo << C:\ Program”来加载txt或dll文件,或者类似的东西......我甚至都没有开始理解你的代码。 :'D – miragetv7