More Windows Scripting Workarounds from Nilpo - More on Password Masking without ScriptPW
(Page 4 of 4 )
Next, we'll take a look at the VBS code that uses this HTML page. It's a simple login script that requires the user to enter a password using the HTML page you've just created.
strPath = Left(WScript.ScriptFullName, Len(WScript.ScriptFullName) - Len(WScript.ScriptName))
To begin, we're going to need to know the path to the HTML page. Assuming it's in the same directory as the current script, this line is a very efficient way of finding that path.
On Error Resume Next
Set objIE = WScript.CreateObject("InternetExplorer.Application", "IE_")
objIE.Navigate "file:///" & strPath & "Password.htm"
objIE.ToolBar = 0
objIE.StatusBar = 0
objIE.Width = 400
objIE.Height = 350
objIE.Left = 300
objIE.Top = 200
objIE.Visible = 1
Next, we're going to create an instance of Internet Explorer and load the HTML page. I've added the On Error Resume Next statement to prevent any problems if outside errors occur. Now we need the script to wait for the user to enter information in the form.
Do While (objIE.Document.Body.All.OKClicked.Value = "")
WScript.Sleep 250
Loop
This Do loop does that quite nicely. It checks the value of the OKClicked element and loops around a Sleep statement until that value is not empty. (If you look back at the HTML, we're assigning a distinct value for both button responses. If OKClicked is empty, it's because neither button has been clicked yet.)
strPassword = objIE.Document.Body.All.UserPassword.Value
strButton = objIE.Document.Body.All.OKClicked.Value
objIE.Quit
WScript.Sleep 250
With the form submitted, it's time to retrieve the contents of the password field. Notice that I'm also retrieving the OKClicked value. This will allow me to determine if the user clicked the Cancel button.
If strButton = "Cancelled" Then
WScript.Quit
Else
WScript.Echo strPassword
End If
Finally, a simple check against OKClicked determines whether the user canceled or entered a password. Of course, in a production environment, you wouldn't stop here. You would want to verify that the password field isn't empty and validate it.
But that's enough for today, and that also wraps up the second volume of Nilpo's Scripting Secrets. Stick around for even more great scripting tips. Until next time, keep coding!
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
