Contributor: APOGEE INFORMATION SYSTEMS
(*******************************************************************
AISQuickPassword - Backdoor Password generating Component for Delphi
Created on : September 25, 1996
Created by : Dennis P. Butler
Purpose :
The purpose of this component is to allow a programmer to use password
security in a project, but not be restricted by having to come up with
a scheme to handle forgotten passwords. This component allows the
programmer to make his projects generate temporary passwords for the
users of the project.
Description :
A perpetual problem with passwords is that users often forget their
password, leading to many adminsitrative problems. These problems are
especially severe if an application is using local tables and being
run on a laptop, where an administrator may not easily be able to help
the user if they are not at the same location. This component allows
the administrator to generate a temporary password based on the login
criteria of the user. This password can be good for the entire day or
the specific hour, based on the use in the program. The component also
allows passwords to be generated for users in a different time zone.
For example, if a user in a different time zone than the administrator
calls up wanting a backdoor password for themselves, especially if the
hourly password option is chosen, then the hour offset in the
TimeZoneHours field can accomodate this and produce a correct password
for the users machine.
Using the Component :
Use of this component assumes that there are at least two types of people
who will be using the system, ordinary users and administrators. Only
administrators have the ability to generate backdoor passwords for users.
In a typical application, there is a login screen to enter the system.
Using the AISQuickPassword component, the application would fill in the
information for the UserName property based on the login, the Sortmethod
property, and the LengthPassword property. The programmer would include
in the login screen a call to validatepassword with the password entered
as a parameter. If the password entered is the temporary password, the
program can allow them to enter the system or take whatever steps is then
appropriate for the application. On the administrator end, they would have
access to a form where only they would be able to make calls to the
createmethod method.
Key Properties :
UserName (string) - This is the string criteria unique to each user. It can be
a user name, user id, etc., but generally should be the same
string that is used to log into the system, so that the strings
will be the same on the user and administrator machines.
SortMethod (stDateOnly, stDateHour) - Defines whether the password generated will
be valid for an entire day or the current hour.
LengthPassword (integer) - Length of the resulting password.
TimeZoneHours (integer) - Number of hours away from the administrator that the user is at.
Default is zero. For time zones with an earlier time than the
administrator, use a negative number.
** Note that the first three properties must be identical
on the user and administrative programs **
Methods :
CreatePassword - Based on the UserName, SortMethod, & PasswordLength, a unique password
is returned.
ValidatePassword - Based on the password passed to the function, a boolean value of
True or False will be returned on whether the password is correct
for the UserName, SortMethod, & PasswordLength.
Any feedback, comments, etc. are welcome. Please reply to dbutler@apogeeis.com
Copyright 1996 Apogee Information Systems
*********************************************************************)
unit Quickpw;
interface
uses
SysUtils, WinTypes, WinProcs, Messages, Classes, Graphics, Controls,
Forms, Dialogs;
{
stDateOnly - Password is comprised of date only - good for entire day
stDateHour - Password is comprised of date & hour - good for current hour only }
type
TSortType = (stDateOnly,stDateHour);
TAISQuickPW = class(TComponent)
private
FUserName : string;
FSortMethod : TSortType;
FLengthPassword : integer;
FTimeZoneHours : integer;
function ReturnPW(CreatingPassword: Boolean) : String;
function IsValidSelections : Boolean;
{ Private declarations }
protected
{ Protected declarations }
public
constructor Create(AOwner:TComponent); override;
destructor Destroy; override;
function CreatePassword : String;
function ValidatePassword(PWord: String) : boolean;
{ Public declarations }
published
{ Username must be identical on user & administrator ends }
property UserName : string read FUserName write FUserName;
property SortMethod : TSortType read FSortMethod write FSortMethod;
{ The longer the LengthPassword property is, the more secure the password }
property LengthPassword : integer read FLengthPassword write FLengthPassword;
{ The number of hours away, + or -, of the users timezone. 0 is default }
property TimeZoneHours : integer read FTimeZoneHours write FTimeZoneHours;
{ Published declarations }
end;
procedure Register;
implementation
Constructor TAISQuickPW.Create(AOwner:TComponent);
begin
Inherited Create(AOwner);
end;
Destructor TAISQuickPW.Destroy;
begin
Inherited Destroy;
end;
procedure Register;
begin
RegisterComponents('Apogee', [TAISQuickPW]);
end;
{ This function generates the password. }
function TAISQuickPW.ReturnPW(CreatingPassword: Boolean) : String;
var
Password : String;
PassBasis : Real;
NameMultiplier,
CurrentHour,
DayAdjustment : integer;
ThisDate : TDateTime;
const
multiplier = 0.092292080396; { Random Multiplier - This ensures that a fraction will result }
begin
DayAdjustment := 0;
ThisDate := Date;
CurrentHour := StrToInt(FormatDateTime('h',ThisDate));
if Length(FUserName)> 3 then
NameMultiplier := Ord(FUserName[1]) + Ord(FUserName[2]) + Ord(FUserName[3])
else
NameMultiplier := 13; { If UserName is less than three digits, use temp number }
if CreatingPassword then { Only adjust time based on time zone difference if
creating password. Validifying passwords is done
at user end, where time zone difference is basis
for creation of password on Administrator end. In
this case no time adjustment is needed. }
begin
if (CurrentHour + TimeZoneHours)> 23 then
begin
CurrentHour := CurrentHour - 24;
DayAdjustment := 1;
end
else
if (CurrentHour + TimeZoneHours) < 0 then begin CurrentHour := 24 + CurrentHour; DayAdjustment := -1; end; ThisDate := ThisDate + DayAdjustment; end; if FSortMethod = stDateHour then NameMultiplier := NameMultiplier + CurrentHour; { Multiply name dependent number by date dependent number to get a unique value for every day of the year for each user. Multiply this by a random multiplier (const value) to ensure that a fraction always results. Take FLengthPassword digits of fraction as the final password. Note that if the fractional portion works out to less digits than FLengthPassword, a password with less digits than FLengthPassword will result. Program will still create/validate passwords normally. } PassBasis := NameMultiplier * StrToInt(FormatDateTime('yyyy',ThisDate)) / (StrToInt(FormatDateTime('d',ThisDate)) * StrToInt(FormatDateTime('m',ThisDate))) * multiplier; Password := copy(FloatToStr(PassBasis - Trunc(PassBasis)),3,FLengthPassword); Result := Password; end; function TAISQuickPW.IsValidSelections : Boolean; begin Result := False; if ((FUserName '') and
((FSortMethod = stDateHour) or (FSortMethod = stDateOnly)) and
(FLengthPassword> 0)) then
Result := True;
end;
function TAISQuickPW.CreatePassword : String;
var
NewPW : String;
begin
Result := ''; { Default if error }
if IsValidSelections then
begin
NewPW := ReturnPW(True);
Result := NewPW;
end;
end;
function TAISQuickPW.ValidatePassword(PWord : String) : boolean;
begin
Result := False; { Default if error }
if IsValidSelections then
if ReturnPW(False) = PWord then
Result := True
else
Result := False;
end;
end.