批处理文件中的登录和注册系统

Question

因此，我非常想在批处理文件中创建登录和注册系统。我成功注册后，只是将用户名和密码回复到.dll文件或.txt文件，但我不知道如何进行登录。我尝试了很多代码，并且我不明白我在互联网上找到的登录/注册代码。

例如，我的尝试：

@echo off 
title Login and Register 
cls 

:register 
cls 
set /p name="Username: " 
echo %name% >> username.txt 
cls 
set /p password="Password: " 
echo %password% >> password.txt 
goto :login 

:login 
cls 
set /p uname="Username: " 
if %uname% EQU %name% goto :program 
if not %uname% EQU %name% goto :error 
cls 
set /p pass="Password: " 
if %pass% EQU %password% goto :program 
if not %pass% EQU %password% goto :error 

:program 
cls 
echo Welcome! 
echo. 
pause 

所以，这是我的登入码会是什么样子只是例子。我尝试了很多东西，但它仍然是一样的。我在编程方面比较成熟，所以我没有经历太多，我希望你们都明白。谢谢。

Answer 1

创建批处理脚本来处理身份验证的问题在于，对于某人编辑批处理脚本并简单地在顶部附近插入goto program非常容易。你正在为自己创造大量的工作，而收益甚微。

你上面缺少的脚本是在:login部分，你没有读取存储在password.txt中的值。所以"%uname%"永远不会等于"%name%"。还有很多其他缺失的东西，其中最重要的是将纯文本密码存储在文本文件中是危险的。

如果你坚持继续这条路，那么试试这个。它将密码存储为基于Base64编码的SHA512散列，并用用户名进行腌制。这样你的项目至少不会那么危险（假设攻击者不知道用户名）。

<# : Batch portion 
@echo off & setlocal disabledelayedexpansion 

set "loginfile=%~dpn0.data" 
if exist "%loginfile%" goto login 

:registration 
echo Welcome to %~nx0! Please register. 
set /P "user=Username? " 
call :passwordPrompt hash plain "%user%" 

if defined user if defined hash (
    >> "%loginfile%" echo(%hash% 
    goto main 
) 
goto registration 

:login 
echo Welcome to %~nx0! Please log in. Enter "new" to register a new account. 
set /P "user=Username? " 
if /I "%user%"=="new" goto registration 
call :passwordPrompt hash plain "%user%" 
find "%hash%" "%loginfile%" >NUL || (
    echo Invalid credentials. 
    goto login 
) 

:main 
rem // In case you need it, the entered password is stored in %plain% 
echo Login successful. Enjoy the fruits of your labor. 
wmic os get localdatetime /value 

rem // end main runtime 
goto :EOF 

:passwordPrompt <return_hash> <return_plain> <username> 
setlocal disabledelayedexpansion 
set "user=%~3" 
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I" 
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b 

: end Batch/begin PowerShell hybrid code #> 
$env:user = $env:user.toLower() 
[console]::Error.Write("Password for $($env:user)? ") 
$i = read-host -AsSecureString 
$m = [Runtime.InteropServices.Marshal] 
$p = $m::PtrToStringAuto($m::SecureStringToBSTR($i)) 
"h={0}" -f [Convert]::ToBase64String([Security.Cryptography.HashAlgorithm]::Create(` 
    'SHA512').ComputeHash([Text.Encoding]::UTF8.GetBytes("$($env:user)`n$p"))) 
"p=$p" 

---

下面是带注释注释相同的脚本。如果您想进一步解释任何事情，请告诉我。

<# : Batch portion 
@rem # The previous line does nothing in Batch, but begins a multiline comment block 
@rem # in PowerShell. This allows a single script to be executed by both interpreters. 
@echo off 

rem # setlocal limits the scope of variables to this script. 
rem # disabledelayedexpansion prevents exclamation marks from being mangled 
setlocal disabledelayedexpansion 

rem # set "loginfile=drive:\path\to\BatFileBaseName.data" 
set "loginfile=%~dpn0.data" 
if exist "%loginfile%" goto login 

:registration 
echo Welcome to %~nx0! Please register. 
set /P "user=Username? " 

rem # calls the :passwordPrompt function, which will set %hash% and %plain% 
call :passwordPrompt hash plain "%user%" 

if defined user if defined hash (
    >> "%loginfile%" echo(%hash% 
    goto main 
) 
goto registration 

:login 
echo Welcome to %~nx0! Please log in. Enter "new" to register a new account. 
set /P "user=Username? " 
if /I "%user%"=="new" goto registration 

rem # calls the :passwordPrompt function, which will set %hash% and %plain% 
call :passwordPrompt hash plain "%user%" 

rem # If hash doesn't exist in login file, then fail auth. 
find "%hash%" "%loginfile%" >NUL || (
    echo Invalid credentials. 
    goto login 
) 

:main 
rem # In case you need it, the entered password is stored in %plain% 
echo Login successful. Enjoy the fruits of your labor. 
wmic os get localdatetime /value 

rem # end main runtime 
goto :EOF 

rem # :passwordPrompt function 
rem # The first two args are the names of empty vars to be populated with return values. 
rem # The third arg is the username. It's not modified. 
:passwordPrompt <return_hash> <return_plain> <username> 
setlocal disabledelayedexpansion 
set "user=%~3" 

rem # Use "for /f" to capture the output of the powershell command. This powershell 
rem # command executes the hybrid portion at the bottom of this script. 
for /f "delims=" %%I in ('powershell -noprofile "iex (${%~f0}|out-string)"') do set "%%I" 

rem # To learn more about returning values from Batch functions, see this tutorial: 
rem # http://www.dostips.com/DtTutoFunctions.php 
endlocal && set "%~1=%h%" && set "%~2=%p%" && exit /b 

rem # End multi-line PowerShell comment block. Begin PowerShell scripting. 
: end Batch/begin PowerShell hybrid code #> 

# Make username case-insensitive 
$env:user = $env:user.toLower() 

# Output to stderr to avoid being captured or silenced by for /f 
[console]::Error.Write("Password for $($env:user)? ") 

# Get user input. Hide keystrokes with stars. Store as a secure object 
$secure = read-host -AsSecureString 

# Marshal direct access to RAM 
$marshal = [Runtime.InteropServices.Marshal] 

# Get pointer to RAM location containing entered string 
$PTR = $marshal::SecureStringToBSTR($secure) 

# Retrieve contents of RAM at that pointer 
$plain = $marshal::PtrToStringAuto($PTR) 

# Convert salt + line feed + $plain to a byte array 
$bytes = [Text.Encoding]::UTF8.GetBytes("$($env:user)`n$plain") 

# Create SHA512 hash algorithm 
$SHA512 = [Security.Cryptography.HashAlgorithm]::Create('SHA512') 

# Compute hash 
$hash = $SHA512.ComputeHash($bytes) 

# Convert hash to Base64 
$b64 = [Convert]::ToBase64String($hash) 

# Output results 
"h=$b64" 
"p=$plain"