Batch Browser V. 1.8

[Joey2bost]

Please leave feedback

Code: Select all

@echo off
title Batch Browser
cls
set mask=huswydfwgueweui21j
set mask2=3uhvlafhewkuwh3
set mask3=22324h494gh8ig8hgwaal4
set mask4=373gy74g437iwgw74wfg
set 
goto menu

:menu
cls
echo Batch Internet Browser
echo.
echo 1)Login
echo 2)Continue without login
echo 3)Register
echo 4)Recover Account
echo 5)Privacy and Use of terms
echo 6)Exit
set /p huh=

if %huh% == 1 goto login
if %huh% == 2 goto Ad
if %huh% == 3 goto reg
if %huh% == 4 goto recover
if %huh% == 5 goto terms
if %huh% == 6 exit
goto menu

:terms
cls
echo To use this software this means you agree to the terms.
echo Here with this browser we have no histroy or cookie tracker but we 
echo have the main key words for any threats. We will get emailed for certain keywords which 
echo we have choosen by what terrorist might use.
echo.
echo The priacy is not the hardest for some can open the info_browse_new.sav file but windows has no 
echo software avaliable to open it so you should be good on that. 
echo.
echo Changing the code a lttle and saying it is yours is against the law for plagerizum
echo Which has a big fine.
echo.
echo Making a account will not email to any servers yet, this is also another way to protect
echo your acccount info and all the data. We the owners are not responsible for you forgetting 
echo ourinfo for your account and we do not know the info. We have a recovery account section to
echo Try and help get your account back. Your account can not be hacked unless someone else is 
echo using your computer.
pause
cls
goto menu

:games 
cls
echo No games have been posted
pause
cls
goto search

:recover
cls
echo We are now running recovery...
cls
if exist info_browse_new.sav goto here
if not exist info_browse_new.sav goto nothere
goto recover

:here
cls
echo we have found the saved file!
echo We need to confirm that it is you, enter needed info below
echo.
set /p use=Username:
set /p ema=Email:
echo.
echo with the info above we can confirm that it is you and we can help find your account
pause
< info_browse_new.sav (
  set /p user=
  set /p pass=
  set /p email=  
)

cls
if %use% == %user% goto good1
goto here

:good1
cls
if %ema% == %email% goto good2
goto good1

:good2
cls
echo info above was correct
echo We will now display data.
echo.
echo Username:%user%
echo Password:%pass%
echo Email:%email%
echo.
echo info above was found with the provided info
pause
cls
goto menu

:nothere
cls
echo We have found out a posible error, we did not find 
echo the file info_browse_new.sav
echo this error may occur if you deleted info_browse_new.sav
echo if you still have this problem when you have info_browse_new.sav 
echo then please contact anonymousgamer752@gmail.com
echo.
pause
cls
goto menu

:Ad
cls
echo You did not logged in or register so you will be viewing this Ad 
echo.
echo AD: Want your game or software well known
echo AD: Have it posted on here free! Just Email
echo AD: anonymousgamer752@gmail.com with your game link and a message.
pause
cls
goto not_login search

:reg
cls
echo To become a member and enjoy the most of this browser 
echo We reccomend that you would register.
echo.
echo Do not worry, it's FREE
echo.
echo You Cannot use spaces, ampersands, percents, or parentheses 
echo.

set /p user=Username:
set /p pass=Password:
set /p email=Email:

if %email% == somebody@somebody.com goto fake
if %email% == Fake@Fake.com goto fake
if %email% == Something@Something.com goto fake

echo Please confirm that the info above is what was wanted.
echo.
echo 1)Yes, please continue
echo 2)No, Redo registration
set /p bu=

if %bu% == 1 goto register
if %bu% == 2 goto reg
goto reg 

:fake
cls
echo These are not real email adresses, please enter a real email
echo.
pause
cls
goto reg

:register
cls
echo Thank you for registering
echo Here is your info
echo Username:%user%
echo Password:%pass%
echo Email:%email%
echo.
echo Do not lose any info above or you can not login.
pause
cls
goto saveinfo

:saveinfo
cls
(
  echo %user%
  echo %pass%
  echo %email%
) > info_browse_new.sav

echo We are saving all info with your login.
echo please do not delete info_browse
echo for it is containing all your info needed for the browser.
pause
cls
echo Thank you for registering 
pause
cls
goto search

:login
cls
< info_browse_new.sav (
  set /p user=
  set /p pass=  
  set /p email=  
  set /p search=
)

set mask=
set mask2=
set mask3=
set mask4=
cls

echo If no file found please register first.
echo.
echo Please enter info to continue.
echo.
set /p usertry=Username:
set /p passtry=Password:
set /p emailtry=Email:
echo. 
echo checking info
if %usertry% == %user% goto passverify
else goto failed
goto login

:passverify
cls
if %passtry% == %pass% goto emailverify
else goto failed
goto passverify

:emailverify
cls
if %emailtry% == %email% goto done
else goto failed

goto emailverify

:failed
cls
echo Seems as if you have entered something wrong.
echo Check the info and enter again.
pause
goto menu 

:done
cls
echo Done
pause
cls
goto search

:search
cls
echo Welcome %user%
echo.
echo 1)Search 
echo 2)Games
echo 3)Change Info
echo 4)Delete account
echo 5)Bookmarks
echo 6)Last Searched
echo 7)Sign Out
set /p choose=

if %choose% == 1 goto lookforit
if %choose% == 2 goto games
if %choose% == 3 goto change
if %choose% == 4 goto delete
if %choose% == 5 goto book
if %choose% == 6 goto history
if %choose% == 7 goto signout
goto search

:signout
cls
echo Warning, you are signing out
echo Do you want to continue?
echo.
echo 1)Sign Out
echo 2)Back
set /p nud=

if %nud% == 1 goto menu
if %nud% == 2 goto search
goto signout

:history
cls
echo We only will record one word.
echo.
echo Last Entered:%search%
pause
cls
goto search

:book
cls
echo Choose to view or to make new.
echo you can only book mark 1 thing until further updates.
echo.
echo 1)View
echo 2)Mark
echo 3)Back
set /p gun=

if %gun% == 1 goto view_mark
if %gun% == 2 goto mark
if %gun% == 3 goto search
goto book

:mark
cls
echo Please enter link.
echo.
set /p mark1=
echo %mark1% is bookmarked
pause
cls
goto search

:view_mark
cls
echo If you see no bookmarks then you have boomarked nothing.
echo.
echo %mark1%
echo.
echo 1)Goto Bookmark
echo 2)Back
set /p huh=

if %huh% == 1 goto check_book
if %huh% == 2 goto book
goto view_mark

:check_book
cls
if %mark1% ==  goto need_book
else
(goto search_mark)

:need_book
cls
echo You do not have anything book marked yet
echo Please enter something to go to.
pause
cls
goto book

:search_mark
cls
explorer "http://%mark1%"
cls
goto search

:lookforit
cls
echo AD: Want a game to be advertise here, geton the list for every update 
echo AD: and have your game link and message here, just email anonymousgamer752@gmail.com
echo AD: with the link and message
echo.
set /p search=Search:
cls
(
  echo %user%
  echo %pass%
  echo %email%
  echo %search% 
) > info_browse_new.sav

explorer "http://www.google.com/search?q=%search%
goto search

:delete
cls
echo Seems you want to delete your account!
echo All info like bookmarks and login info will be deleted. 
echo.
echo 1)Delete Account
echo 2)Go Back
set /p kok=

if %kok% == 1 goto delaccount
if %kok% == 2 goto search
goto delete 

:delaccount
cls
del info_browse_new.sav 
echo Your info was delete, you can register again if you want.
pause
cls
goto menu


:change
cls
echo Please enter your old password to confirm its you
echo.
echo Type 1 to go back
echo.
set /p pas=Old Password:
cls
if %pas% == 1 goto search
if %pas% == %pass% goto new
goto change

:new
cls
echo Enter New Info
echo.
set /p user=New Username:
set /p pass=New Password:
set /p email=New Email:
cls
(
  echo %user%
  echo %pass%
  echo %email%
) > info_browse_new.sav

echo New info has been saved
pause
goto search


:not_login search 
cls
echo You are using the browser without being logged in.
echo We cannot save any book marks you want and you cannot play 
echo games that was made for this browser.
echo.
set /p look=Search:
echo Looking for %look%
explorer "http://www.google.com/search?q=%look%

[Joey2bost]

Please leave feedback

Well since you asked...

General Notes

• Version numbers greater than 1.0 are generally for finished products, or at least software that has all of its features in place. At least finish the script before showing it off.
• This is not a browser, this is a batch wrapper for a browser.
• Change the name; I've found that things with "Best" in the name are generally garbage.
• This is slower than a regular browser since I have to "log in" before I can "use" it.
• Redirect your ping commands to nul. Or better yet, get rid of them since they serve no purpose other than to slow down the script - something you probably don't want the "Fastest Batch Internet Browser" to do.
• A lot of your messages don't fit in a standard 80-column command prompt screen.
• Literally every message you show the user has either spelling or grammatical errors.
• Use the CHOICE command to get user input instead of SET /P
• If you want to use ELSE, you need to use parentheses in your IF statement and it has to be in the format
  

  Code: Select all

  if "%variable1%"=="%variable2%" (
      do something
  ) else (
      do something else
  )

Terms

• Your script currently leaves both cookies and a history.
• You have no mechanism in place which will notify you of anything.
• Literally any text editor can open your .sav file.
• It's spelled "plagarism."
• For you to say "We" in a terms of service, you have to actually say who you are.
• I never signed or clicked anything saying that I agreed to your Terms of Service, making it unenforceable.

Account Recovery

• You can open info_browse.sav with a text editor; this entire feature is unnecessary.
• The 4-second pause between telling the user that their account is being recovered and the actual search for the login file adds no value to the script.
• You're not helping the user "find your account," you're just showing them their password.
• Always put both sides of an if statement in quotes, like this: if "%variable1"=="variable2" echo something.
• A lack of quotes breaks account recovery if the username or email contain spaces, ampersands, percents, or parentheses

Registration

• info_browse.sav is just a text file.
• The password is stored in plain text.
• The file is clearly visible in the same directory as the script.
• No validation is done at all to determine if the email is even a valid email (something@somewhere.something)

Login

• A lack of quotes around the login checks breaks the script if the username, password, or email contain spaces, ampersands, percents, or parentheses.
• Your code will never reach the GOTO PASSVERIFY or GOTO EMAILVERIFY lines.

Login Menu

• I should be able to log out without just closing the command prompt.

Bookmarks

• Only one bookmark is currently supported.
• Viewing the bookmark simply displays the URL instead of actually going to the URL.

Search

• This is just a batch wrapper for the user's default browser.
• Your search command is missing a quote at the end.

Thanks for the feed back

i have removed the pings for i also have noticed they were annoying and if you could teach me how to make the password and other info way more protected then in a text file that would be helpful. Also yes i know im bad at spelling. Also batch does not have any servers or anything to check the valadation of the email. we also removed the "Best" and "Fastest" from it since yeah you were right that this was far form either.
Along with my messages, you do not need to login or register to browse.
This browser "Wrapper" is a web engine and a place for other batch games to be uploaded.

[penpen]

You could store logins and passwords using AES or MD5, see:
http://www.dostips.com/forum/viewtopic.php?p=44337#p44337


penpen

[ShadowThief]

You could store logins and passwords using AES or MD5, see:
http://www.dostips.com/forum/viewtopic.php?p=44337#p44337


penpen

When he cross-posted this on ss64, I recommended salting and hashing his passwords with SHA1 (although I later read that I should have recommended SHA256).

Code: Select all

:: Password-masking code based on http://www.dostips.com/forum/viewtopic.php?p=33538#p33538
@echo off
title User Page
setlocal enabledelayedexpansion
cls

set login_attempts=0

echo 1. Login
echo 2. Register
echo 3. Quit
choice /n /c:123 >nul
cls
if %errorlevel% equ 1 goto login
if %errorlevel% equ 2 goto register
if %errorlevel% equ 3 exit /b

::------------------------------------------------------------------------------
:: Log in to the system with an existing login.
::------------------------------------------------------------------------------
:login
title Login Page
if not exist info.bb (
   echo You are not currently registered on this host.
   choice /m "Would you like to register "
   
   if !errorlevel! equ 1 goto :register
   if !errorlevel! equ 2 exit /b
)

set /p "given_username=Username: "
set /p "given_email=Email: "
call :getPassword given_password "Password: "

:: We don't even have to unhide the login file to retrieve the info
(
   set /p login_username=
   set /p login_salt=
   set /p login_passhash=
   set /p login_email=
)<info.bb

call :getSHA256 "!login_salt!!given_password!" given_passhash

:: If the user name, password, or email are wrong, fail.
:: In the name of security, do not tell the user which is wrong.
if "!given_username!"=="!login_username!" (
   if "!given_email!"=="!login_email!" (
      if "!given_passhash!"=="!login_passhash!" (
         echo Successfully logged in.
         pause
         
         REM Instead of exiting here, goto some main menu.
         REM I'm just exiting for the sake of brevity.
         exit /b
      )
   )
)

set /a login_attempts+=1

:: If the user fails to log in three times, lock their account.
if !login_attempts! equ 3 (
   echo Maximum number of login attempts reached. Account locked.
   del info.bb
) else (
   echo Login failure !login_attempts! of 3. Three failures will delete your account.
   echo/
   goto :login
)

exit /b

::------------------------------------------------------------------------------
:: Registers a user with an encrypted password.
::------------------------------------------------------------------------------
:register
title Registration Page

:: Determine if there is already a login file
if exist info.bb (
   echo A user is already registered on this host.
   choice /m "Would you like to log in "   
   
   if !errorlevel! equ 1 goto :login
   if !errorlevel! equ 2 (
      echo/
      echo Only one user is allowed to use this system.
      pause
      exit /b
   )
)

set /p "user_name=Desired Username: "

:userpass
call :getPassword first_password "Desired Password: "
call :getPassword verify_password "Re-enter Password: "
if not "%first_password%"=="%verify_password%" (
   echo Passwords do not match. Please enter them again.
   echo/
   goto userpass
) else (
   call :getSHA256 !time! salt
   call :getSHA256 "!salt!!first_password!" passhash
)

set /p "email=Email Address: "

(
   echo %user_name%
   echo !salt!
   echo !passhash!
   echo %email%
) >info.bb
attrib +h +s info.bb

choice /m "Would you like to log in now "
if !errorlevel! equ 1 cls&goto :login
if !errorlevel! equ 2 exit /b

exit /b

::------------------------------------------------------------------------------
:: Returns the SHA256 value of a string that has been echoed to a text file.
::
:: Arguments: %1 - the string to encode
::            %2 - the SHA256 value of %1
::------------------------------------------------------------------------------
:getSHA256
>shafile echo %~1
for /f "delims=" %%A in ('certutil -hashfile shafile SHA256 ^| find /v "hash"') do (
   set line=%%A
   set linehash=!line: =!
)
del shafile

set "%~2=!linehash!"
set "linehash="
goto :eof

::------------------------------------------------------------------------------
:: Masks user input and returns the input as a variable.
::
:: Arguments: %1 - the variable to store the password in
::            %2 - the prompt to display when receiving input
::------------------------------------------------------------------------------
:getPassword
set "_password="

:: We need a backspace to handle character removal
for /f %%a in ('"prompt;$H&for %%b in (0) do rem"') do set "BS=%%a"

:: Prompt the user 
set /p "=%~2" <nul 

:keyLoop
:: Retrieve a keypress
set "key="
for /f "delims=" %%a in ('xcopy /l /w "%~f0" "%~f0" 2^>nul') do if not defined key set "key=%%a"
set "key=%key:~-1%"

:: If No keypress (enter), then exit
:: If backspace, remove character from password and console
:: Otherwise, add a character to password and go ask for next one
if defined key (
    if "%key%"=="%BS%" (
        if defined _password (
            set "_password=%_password:~0,-1%"
            set /p "=!BS! !BS!"<nul
        )
    ) else (
        set "_password=%_password%%key%"
        set /p "="<nul
    )
    goto :keyLoop
)
echo/

:: Return password to caller
set "%~1=%_password%"
goto :eof

[sambul35]

Please leave feedback

I'm sorry to say, I didn't understand at all what this program is for? It appears from comments to be security related. IMHO, introducing a new batch program should include:
a) existing problem or task description if any
b) describe batch approach offered to address the problem
c) the batch code
d) example demonstrating how the solution works

I hesitate and don't know how to try your code without the above backgrounder. You may be better off trying to explain the above in your mother tongue, and then using Google Translate to translate it to English.

[ShadowThief]

It's not security-related, I was just pointing out gaping holes in his program's security.

I would also like to know the code's target audience.

Unfortunately, I think my response scared him off; he had been updating the code on ss64 for a bit, but nothing has been updated there in a while.