0

I have a batch file that will prompt the user to provide a user name and password. I am trying to check if the password has the user name in it. I found this example but can't seem to get it to work:

@setlocal enableextensions enabledelayedexpansion
@echo off
SET /P userName=%1
SET /P userPassword=%1
if not x%userPassword:userName=%==x%userPassword% (
GOTO createUser
)else (
GOTO invalidPassword
)

I use these values to create a Windows User account:

:createUser
net user %$userName% "%$userPassword%" /ADD /PASSWORDCHG:NO
WMIC USERACCOUNT WHERE "Name="%$userName%"" SET PasswordExpires=FALSE

:invalidPassword
ECHO password contains user name
Improve this question
5
  • The Windows command prompt is NOT a DOS prompt! Commented Mar 23, 2017 at 12:23
  • )else ( --> ) else ( Commented Mar 23, 2017 at 12:26
  • This is not a duplicate question. I am comparing two variables not one like in the quoted duplicate question. If you would take the time to help with this issue rather than mark it as duplicate you would be more helpful. Commented Mar 23, 2017 at 13:31
  • 1
    @aschipfl it's only a cosmetic bug. Both if 1==1 (echo 1)else (echo 2) with true and with no-true condition if 1==2 (echo 1)else (echo 2) work… Commented Mar 23, 2017 at 16:15
  • @JosefZ, thank you; seems I have confused it with ) else( what I have sometimes seen here... Commented Mar 23, 2017 at 19:21

1 Answer 1

Reset to default
1

This should work:

@echo off
setlocal enabledelayedexpansion
set /p userName=Username:
set /p userPassword=Password:
set replacedUsername=!userPassword:%userName%=!
if not !replacedUsername!==%userPassword% (
    echo invalid password
    pause
    exit
)
net user %$userName% "%$userPassword%" /ADD /PASSWORDCHG:NO
WMIC USERACCOUNT WHERE "Name="%$userName%"" SET PasswordExpires=FALSE

After the user inputs a name and a password we take the username as a substring and replace this substring inside the password with an empty string. If the password remains unchanged, we know: the username is not a substring of the password string. Otherwise, the modified password would differ from the original password so we know that it is invalide.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Passwords are case sensitive, the string replacement isn't. While it isn't a good Idea to have the name inside inside the password, a different unusual casing would lessen (if only a bit) the risc.
MichaelS, That works thank you. I also need to make sure that the password is at least 7 character and from 3 of the following groups. 1. English uppercase characters (A through Z) 2. English lowercase characters (a through z) 3. Base 10 digits (0 through 9) 4. Non-alphabetic characters (for example, !, $, #, %). I think I would have to ask this in a separate questions.
@joey.coyle Yes, I guess you should post a new question.
Try username ˙abc˙ and password a!b^c or a^b!c. You could disable delayed expansion call set "replacedUsername=%%userPassword:%userName%=%%" an properly quote "%userPassword%" everywhere. Should work for all cmd poisonous characters like !^%|<> in a password.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.