I am currently making password protected batch file,
and the problem is when I type @echo on or %@echo on% it shows the password, (one moment, but if you do video you can see it clearly).
When I changed 3rd line to this if "%pwd%"==somepassword, then by typing @echo on again shows the password.
I have some few ideas. For ex. make @echo off unchangeable, or character escaping, but I am not that good at batch scripting so I can't write it by code.
Is there anyone who can help me with this?
@echo off
set /p pwd="Enter password: "
if %pwd%==somepassword (cmd /k) else (exit)
CodePudding user response:
There could be used:
@echo off
setlocal EnableExtensions DisableDelayedExpansion
set "pwd="
:PwdPrompt
set /P "pwd=Enter password: " || goto PwdPrompt
setlocal EnableDelayedExpansion
if not "!pwd!" == "somepassword" exit /B
endlocal
echo The password is correct!
echo/
pause
endlocal
There is first defined the required execution environment completely with
- turning off command echo mode and
- enabling command extensions and
- disabling delayed variable expansion.
The environment variable pwd is next explicitly undefined. The user must enter a password.
The user is prompted for the password and this is done in a loop as long as the user does not enter a string at all. So no input is not accepted by the batch file.
Then delayed variable expansion is enabled before doing the string comparison with making use of delayed variable expansion to prevent a modification of the batch file code for execution by the string input by the user.
If the two compared strings are not equal, the batch file processing (not necessarily the command process) is exited which results in implicit execution of endlocal twice by cmd.exe for the two setlocal before really exiting the processing of the batch file.
Otherwise on input password string being equal the password string in the batch file the previous local environment with disabled delayed expansion is restored before the batch file processing is continued with the next commands.
For understanding the used commands and how they work, open a command prompt window, execute there the following commands, and read entirely all help pages displayed for each command very carefully.
echo /?endlocal /?goto /?if /?pause /?set /?setlocal /?
I strongly recommend to read also:
- How to stop Windows command interpreter from quitting batch file execution on an incorrect user input?
It explains in full details why this code is fail-safe and secure. - Single line with multiple commands using Windows batch file
It explains in full details the meaning of the command operator||. - Symbol equivalent to NEQ, LSS, GTR, etc. in Windows batch files
It explains in full details how a string comparison is done with command IF. - How to pass environment variables as parameters by reference to another batch file?
It explains in full details the commands SETLOCAL and ENDLOCAL. - DosTips forum topic: ECHO. FAILS to give text or blank line - Instead use ECHO/