Username / Password entry with masking 2

[PScottC]

I cobbled together some code from different sources and I'd like to hear comments about my approach and methodology. This script is fully functional.

The main point that bugs me about this script is that I have to generate a temporary file to get it to run. It also runs into issues on Windows Server 2003 when the IE Hardening is enabled.

Please forgive the funky formatting on the HTML, I was trying to keep the lines to less than 80 chars.

[green]'===============================================================================
' 
'       NAME: CredentialsSub.vbs
' 
'       DATE: 3/27/2008
' 
'       URLS: [URL unfurl="true"]http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb05/hey0204.mspx[/URL]
'             [URL unfurl="true"]http://msdn2.microsoft.com/en-us/library/ms537628.aspx[/URL]
' 
'    COMMENT: Script creates an IE based credentials input window.  Masks user's
' password.  Script creates a temporary .htm file, calls it, then deletes it when
' complete.
'
' sUserName and sPassword are passed to sub "ByRef" and are modified by the sub.
'
' HTM file is permitted to run scripts due to "Mark of the Web" placed at the top.
' 
'===============================================================================[/green]
Option Explicit

Dim oFSO, sUserName, sPassword

Const sHTMDir = "C:\"
Set oFSO = CreateObject("Scripting.FileSystemObject")

Call GetPWInfo(oFSO, sUserName, sPassword)
	    WScript.Echo "UserName: " & sUserName
	    Wscript.Echo "Password: " & sPassword

[blue]Sub[/blue] GetPWInfo(oFSO, sUserName, sPassword)
	Call WriteHTML(oFSO)
	Dim oIEPW, strButton, sPWHTML, sPWHTMLVBS

	Set oIEPW = WScript.CreateObject("InternetExplorer.Application", "IE_")

	With oIEPW
		.Navigate "file:///" & sHTMDir & "\password.htm"   
		.ToolBar = 0
		.StatusBar = 0
		.Width = 325
		.Height = 160
		.Left = 72
		.Top = 72
		.Visible = 1
	End With

	On Error Resume Next
	Do While (oIEPW.Document.Body.All.OKClicked.Value = "")
[green]		' If Window is manually closed by user an error will be 
			' generated, exit sub[/green]
		If Err <> 0 Then
			Call DelHTML(oFSO)
			Exit Sub
		End If
		Wscript.Sleep 250
	Loop 
	On Error GoTo 0

	sUserName = oIEPW.Document.Body.All.UserName.Value
	sPassword = oIEPW.Document.Body.All.UserPassword.Value
	oIEPW.Quit
	Call DelHTML(oFSO)
[blue]End Sub

Sub[/blue] WriteHTML(oFSO)
	Dim sPWHTML, oTS

	sPWHTML = _
		"<!-- saved from url=(0054)[URL unfurl="true"]http://msdn2.microsoft.com/en-us/"[/URL] & _
			"library/ms537628.aspx -->" & VbCrLf & _
		"<head><title>Input Credentials</title></head>" & VbCrLf & _
		"<SCRIPT LANGUAGE=" & Chr(34) & "VBScript" & Chr(34) & ">" & VbCrLf & _
		VbCrLf & _
		"	Sub RunScript" & VbCrLf & _
		"	    OKClicked.Value = " & Chr(34) & "OK" & Chr(34) & VbCrLf & _
		"	End Sub" & VbCrLf & _
		VbCrLf & _
		"	Sub CancelScript" & VbCrLf & _
		"	    OKClicked.Value = " & Chr(34) & "Cancelled" & Chr(34) & _
		VbCrLf & _
		"	End Sub" & VbCrLf & _
		VbCrLf & _
		"</SCRIPT>" & VbCrLf & _
		 VbCrLf & _
		"<BODY>" & VbCrLf & _
			"<font size=" & Chr(34) & "2" & Chr(34) & " face=" & Chr(34) & _
				"Arial" & Chr(34) & ">UserName:&nbsp;&nbsp; </font>" & VbCrLf & _
			"<font face=" & Chr(34) & "Arial" & Chr(34) & "><input type=" & _
				Chr(34) & "text" & Chr(34) & " name=" & Chr(34) & "UserName" _
				& Chr(34) & " size=" & Chr(34) & "25" & Chr(34) & _
				"></font><br>" & VbCrLf & _
			"<font size=" & Chr(34) & "2" & Chr(34) & " face=" & Chr(34) & _
				"Arial" & Chr(34) & ">Password:&nbsp;&nbsp;&nbsp; </font>" _
				& VbCrLf & _
			"<font face=" & Chr(34) & "Arial" & Chr(34) & "><input type=" _
				& Chr(34) & "password" & Chr(34) & " name=" & Chr(34) & _
				"UserPassword" & Chr(34) & " size=" & Chr(34) & "25" & _
				Chr(34) & "></font></p>" & VbCrLf & _
			"<input type=" & Chr(34) & "hidden" & Chr(34) & " name=" & _
				Chr(34) & "OKClicked" & Chr(34) & " size = " & Chr(34) & _
				"20" & Chr(34) & ">" & VbCrLf & _
			"<center><input id=runbutton class=" & Chr(34) & "button" & _
				Chr(34) & " type=" & Chr(34) & "button" & Chr(34) & _
				" value=" & Chr(34) & " OK " & Chr(34) & " name=" & Chr(34) _
				& "ok_button" & Chr(34) & " onClick=" & Chr(34) & "RunScript" _
				& Chr(34) & ">" & VbCrLf & _
			"&nbsp;&nbsp;&nbsp;" & VbCrLf & _
			"<input id=runbutton class=" & Chr(34) & "button" & Chr(34) & _
				" type=" & Chr(34) & "button" & Chr(34) & " value=" & _
				Chr(34) & "Cancel" & Chr(34) & " name=" & Chr(34) & _
				"cancel_button" & Chr(34) & " onClick=" & Chr(34) & _
				"CancelScript" & Chr(34) & "></center>" & VbCrLf & _
		"</BODY>" & VbCrLf


	If oFSO.FolderExists(sHTMDir) = False Then oFSO.CreateFolder(sHTMDir)

	Set oTS = oFSO.OpenTextFile(sHTMDir & "\password.htm", 2, True)
	oTS.Write sPWHTML
	oTS.Close
[blue]End Sub

Sub[/blue] DelHTML(oFSO)
	If oFSO.FileExists(sHTMDir & "\password.htm") Then oFSO.DeleteFile sHTMDir & "\password.htm", True
[blue]End Sub[/blue]

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[tsuji]

You can and should build the html directly from a string and sparing everywhere fso.

[1] change the writehtml to a function and simply return the spwhtml.
[tt]
'Sub WriteHTML(oFSO)
function WriteHTML()
sPWHTML = [red]"<html>" &[/red] _
'etc etc
"</BODY>" & [red]"</html>"[/red]
[red]'[/red]If oFSO.FolderExists(sHTMDir) = False Then oFSO.CreateFolder(sHTMDir)

[red]'[/red]Set oTS = oFSO.OpenTextFile(sHTMDir & "\password.htm", 2, True)
[red]'[/red]oTS.Write sPWHTML
[red]'[/red]oTS.Close

[blue]WriteHTML=sPWHTML[/blue]
[red]'[/red]End Sub
[blue]end function[/blue]
[/tt]
[2] Take out reference to oFSO in GetPWInfo and modify the script
[tt]
[red]'[/red]Sub GetPWInfo(oFSO, sUserName, sPassword)
[blue]Sub GetPWInfo(sUserName, sPassword)[/blue]
[red]'[/red]Call WriteHTML(oFSO)
[blue]dim s
s=WriteHTML()[/blue]
'etc etc
With oIEPW
[red]'[/red].Navigate "file:///" & sHTMDir & "\password.htm"
[blue].Navigate "about:blank"
do while .readystate<>4 : wscript.sleep 50 : loop
.document.open
.document.write (s) 'must put parentheses around s
.document.close[/blue]
.ToolBar = 0
.StatusBar = 0
.Width = 325
.Height = 160
.Left = 72
.Top = 72
[blue]do while .readystate<>4 : wscript.sleep 50 : loop[/blue]
.Visible = 1
End With
'etc etc
End Sub
[/tt]
[3] Delete completely the DelHTML sub, never need it.

[4] Take out all reference to oFSO in the main.
[tt]
[red]'[/red]Const sHTMDir = "C:\"
[red]'[/red]Set oFSO = CreateObject("Scripting.FileSystemObject")

[red]'[/red]Call GetPWInfo(oFSO, sUserName, sPassword)
[blue]Call GetPWInfo(sUserName, sPassword)[/blue]
WScript.Echo "UserName: " & sUserName
Wscript.Echo "Password: " & sPassword
[/tt]
And you're done.

 

[PScottC]

That works well. Gets rid of the temp file which I didn't like for the solution. I'll check on 2003 Server later today.

Quick follow up... Is there a way to bring the IE window into the foreground?


PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[PHV]

a way to bring the IE window into the foreground
You may consider the WshShell.AppActivate method.

Hope This Helps, PH.
FAQ219-2884
FAQ181-2886

 

[PScottC]

Thanks PHV. Works as suggested.

I will be posting the finalized script the FAQ section. I've seen similar threads requesting this type of functionality.


PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[PScottC]

I have posted the final script in this FAQ: faq329-6910

Thanks for your insights tsuji and PHV.


PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers