Validating password 21st century dating tips

My Domain Controller run on Advance Server 2000, and Client run on Professional Windows 2000. The main stumbling block is that you cannot retrieve any user's Windows password through any means.Think about it, its a hacker's dream if you could write a program to look up a user and get his/her password.Larry Asher Doug, I don't know if you're still interested in this but, for the sake of the archive, I stumbled across this interesting piece of code which uses the Logon User Win API function to validate a given user name and password (note, though, that it does not get the current password of the user) Private Declare Function Logon User Lib "Advapi32" Alias "Logon User A" (By Val _ lpsz User Name As String, By Val lpsz Domain As String, _ By Val lpsz Password As String, By Val dw Logon Type As Long, _ By Val dw Logon Provider As Long, ph Token As Long) As Long Private Declare Function Close Handle Lib "kernel32" (By Val h Object As Long) As _ Long Const LOGON32_PROVIDER_DEFAULT = 0& Const LOGON32_LOGON_NETWORK = 3& ' Check whether a username/password pair is correct ' ' if DOMAIN is omitted, it uses the local account database ' and then asks trusted domains to search their account databases ' until it finds the account or the search is exhausted ' use DOMAIN="." to search only the local account database Private Function Check Windows User(By Val User Name As String, _ By Val Password As String, Optional By Val Domain As String) As Boolean Dim h Token As Long, ret As Long ' provide a default for the Domain name If Len(Domain) = 0 Then Domain = vb Null String ' check the username/password pair ' using LOGON32_LOGON_NETWORK delivers the best performance ret = Logon User(User Name, Domain, Password, LOGON32_LOGON_NETWORK, _ LOGON32_PROVIDER_DEFAULT, h Token) ' a non-zero value means success If ret Then Check Windows User = True Close Handle h Token End If End Function I agree with pgtipsb also!It's not easy to get the active directory accounts and their passwords.Note though this is like logging in on a mashine, after X failed attempt it's likely that the account is locked/disabled!Yours Truly Mårten :-) Yours sincerely Marten I agree with pgtips "Nobody does this sort of thing.Looks like you need your get_int function to loop until the input is acceptable.

I use a level of encryption and have created a dll and a standard interface.When the user enters a password into another textbox i just want to make sure to validate that password and that this is the correct user. Assume that ur passwd field text box name is txt Passwd Private Function Find User() as Boolean dim Cn as new Adodb.connection dim Rs as recordset"Dsn=#; Uid=#; Pwd=#;") set rs=new recordset"Sqlstatement#",cn,adopenstatic,adlockopti mistic) if trim(txt Passwd.text)=rs("Fieldname#").value then Find User=True else Find User=False endif if cn.state then 'checking the connection wether it is opened cn.close end if set cn=nothing if rs.state then rs.close end if set rs=nothing exit funtion Err Hand: msgbox err.description end function 'Call this function from ur valid events to check wether pwd is correct or not, if password exists it returns true else it returns false Hope this solution help you B. Think about it, its a hacker's dream if you could write a program to look up a user and get his/her password.Even Windows doesn't know what the actual passwords are because it uses a common cryptographic technique known as "hashing".A fundamental of the windows user interface is that you only log-on once - how fed-up would you be if every time you opened a program it asked you to provide your password again?" I think you need to define what they are trying to accomplish.

Leave a Reply