display text as stars (password)

[BM]

Hi,

I'm using the following set /p pass= where we should insert a word to be saved in "pass" variable, I want to display starts instead of the characters (it is a password and I want it to be displayed as starts while I insert it to be saved in variable)

[Sidewinder]

I found a copy of this both on the internet and in my snippet closet. It doesn't produce stars but it does hide the password. BTW, the password is password and is saved in the variable pass.

Code: [Select]

@echo off
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com

:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i %pass%==password goto next
cls
echo Try again. You are not logged in!
goto retry

:next
echo. & echo You are logged in!
del hide.com

There are other ways to do this, most notably with IE and HTML or with Powershell.

Good luck. 

[Salmon Trout]

There is a third party utility called Editvar by Bill Stewart which can be used to get masked input in command scripts.

http://www.westmesatech.com/editv.html

It is in a zip with another utility called Choose

Archive has 32 bit and 64 bit versions of both utils

EditVar is similar to the Cmd.exe Set /p command in Windows 2000 and later, but it may be preferable for the following reasons:

    * It allows you to edit a variable, not just set one.
    * It can limit the length of the typed variable.
    * It can mask the typed input for simple password security.
    * It can limit typed input to numbers only.
    * It offers a timeout feature (useful when a script needs to run unattended).
    * It can automatically "escape" reserved shell characters in variables it creates.
    * It provides useful exit codes: For example, an exit code of 4 means that the user pressed Ctrl-C to abort.
    * It comes with an MS-DOS version that works in Windows 9x/Me as well as on MS-DOS boot media.

Choose is similar to the Microsoft Choice tool, but it has more features. Here are some reasons why it might be preferable to Choice:

    * It doesn't beep when the user makes an invalid choice.
    * It offers a "default key" feature, which lets a user press Enter to select a default choice.
    * It comes with a real-mode DOS version (useful for MS-DOS boot media).
    * The Win32 version's timeout feature doesn't get confused when you run multiple instances
       in separate console windows (this was a problem with earlier Win32 console versions of Microsoft's Choice tool).
    * A 64-bit version is provided.
    * It can suppress the display of the user's choice.
    * It offers a "line input" mode where the user must press Enter after making a choice.

[gregflowers]

Save this as with a vbs extension. Call it from your batch file using:
cscript /b filename.vbs

Code: [Select]

Set objPassword = CreateObject("ScriptPW.Password")
WScript.Echo "Please enter your password:"

strPassword = objPassword.GetPassword()


[Salmon Trout]

I don't think that is what the OP asked for, gregflowers. I think they meant "stars" or "asterisks" when they wrote "starts".

[Bukhari1986]

@sidewinder   or someone else

can you explain the line

for /f "tokens=*" %%i in ('hide.com') do set pass=%%i


why it uses hide.com here.


Thanks

[Salmon Trout]

@sidewinder   or someone else

can you explain the line

for /f "tokens=*" %%i in ('hide.com') do set pass=%%i


why it uses hide.com here.


Thanks

FOR /F %%i in (dataset) do set pass=%%i

means

run the FOR command. The /F switch means treat (dataset) as a series of one or more lines.

assign the line or lines in turn to the %%i loop variable.

set the variable %pass% equal to the last (or only) line processed.

(dataset) is the 'hide.com' - the name of a program in single quotes, so FOR will run the command and assign its output via %%i to %pass%.

hide.com is a command line program which accepts typed in text without echoing it on screen.

[Bukhari1986]

in this case i think that the pass variable will never be equal to password

as in the if condition

and according to my thinking, it will never validate the pass variable as password

(correct me if i am wrong)

and so the required result may not be fulfilled from the above batch code

so please explain further

[Salmon Trout]

in this case i think that the pass variable will never be equal to password

as in the if condition

What?

and according to my thinking, it will never validate the pass variable as password

(correct me if i am wrong)

The code does not know the password. You have to write that part.

and so the required result may not be fulfilled from the above batch code

so please explain further

Seems like you are not understanding.

The pass variable will be equal to the password if the user types the password correctly.

Nothing to explain.

[Bukhari1986]

pardon me annoying you but i want to learn a bit more

in the if condition, it is checking that if pass variable is equal to password then you go to next which shows that you are loged in

and you explained that in the statement

for /f "tokens=*" %%i in ('hide.com') do set pass=%%i

all what is in or the last line in hide.com is assigned to pass variable

so if the value of pass variable is the line from hide.com then how can it validate the pass=password

got my point

am i wrongly understanding it?

or am i correct in what i am saying
if i am wrong then can you take a moment to clarify it to me

thanks brother for your help

[Salmon Trout]

The code so far askes the user to type a password. What they type is placed in the variable %pass%.

Now you need to check if this is the real password.

So let us pretend the real password is Qyr1zupZ

Code: [Select]

if "%pass%"=="Qyr1zupZ" goto good
goto bad

:bad

echo Wrong password!
pause
exit

:good

echo Correct password



[Bukhari1986]

salmon Brother

I understood that point

the point where i am getting confused is that Mr. SideWinder is checking the password with if statement

but

he is assigning the variable pass, a value from hide.com through

for /f "tokens=*" %%i in ('hide.com') do set pass=%%i


(I keep in mind what you explained about the above line)

So if the variable pass is assigned a value from hide.com then will the following be validated

if /i %pass%==password goto next

Full code of sidewinder is:

@echo off
echo hP1X500P[PZBBBfh#b##fXf-V@`$fPf]f3/f1/5++u5>hide.com

:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i %pass%==password goto next
cls
echo Try again. You are not logged in!
goto retry

:next
echo. & echo You are logged in!
del hide.com

[Salmon Trout]

So if the variable pass is assigned a value from hide.com then will the following be validated

if /i %pass%==password goto next

If the entered password contained in the variable %pass% is identical to the stored password in %password% then the IF test will be satisfied.

Personally I would not use the /i switch when checking a password. For obvious reasons.

In fact personally I would not be using a batch file to verify a password in a real life working situation where protection of data or preventing unauthorised access were important.

[Sidewinder]

If the entered password contained in the variable %pass% is identical to the stored password in %password% then the IF test will be satisfied.

Personally I would not use the /i switch when checking a password. For obvious reasons.

In fact personally I would not be using a batch file to verify a password in a real life working situation where protection of data or preventing unauthorised access were important.

Agreed about the /i switch and doubly agree with using a batch file for password authentication. However this was simple a response to the OP who volunteered he was using set /p pass= which implied he wanted a batch solution.

One small note: there is no %password% variable. password is a literal that is  the actual password.

If the OP has to have stars, a Powershell solution will accommodate him but the prerequisites seem a bit steep for such a simple request.

 

Between password protection using batch files and converting simple text file scripts into executable files, I wonder why all this is necessary. Paranoia runs deep I guess.

[Geek-9pm]

:retry
set /p userid=Enter UserId:
set /p pass=Enter password: < nul
for /f "tokens=*" %%i in ('hide.com') do set pass=%%i
if /i %pass%==password goto next

Logical error, password was not defined. Otherwise, it works if password was already defined in the system earlier.