Password component

A component for generating temporary passwords.



AISQuickPassword - Backdoor Password generating Component for Delphi

Created on : September 25, 1996

Created by : Dennis P. Butler

Purpose :

  The purpose of this component is to allow a programmer to use password

  security in a project, but not be restricted by having to come up with

  a scheme to handle forgotten passwords. This component allows the

  programmer to make his projects generate temporary passwords for the

  users of the project.

Description :

  A perpetual problem with passwords is that users often forget their

  password, leading to many adminsitrative problems. These problems are

  especially severe if an application is using local tables and being

  run on a laptop, where an administrator may not easily be able to help

  the user if they are not at the same location. This component allows

  the administrator to generate a temporary password based on the login

  criteria of the user. This password can be good for the entire day or

  the specific hour, based on the use in the program. The component also

  allows passwords to be generated for users in a different time zone.

  For example, if a user in a different time zone than the administrator

  calls up wanting a backdoor password for themselves, especially if the

  hourly password option is chosen, then the hour offset in the

  TimeZoneHours field can accomodate this and produce a correct password

  for the users machine.

Using the Component :

  Use of this component assumes that there are at least two types of people

  who will be using the system, ordinary users and administrators. Only

  administrators have the ability to generate backdoor passwords for users.

  In a typical application, there is a login screen to enter the system.

  Using the AISQuickPassword component, the application would fill in the

  information for the UserName property based on the login, the Sortmethod

  property, and the LengthPassword property. The programmer would include

  in the login screen a call to validatepassword with the password entered

  as a parameter. If the password entered is the temporary password, the

  program can allow them to enter the system or take whatever steps is then

  appropriate for the application. On the administrator end, they would have

  access to a form where only they would be able to make calls to the

  createmethod method.

Key Properties :

    UserName (string) - This is the string criteria unique to each user. It can be

                        a user name, user id, etc., but generally should be the same

                        string that is used to log into the system, so that the strings

                        will be the same on the user and administrator machines.

    SortMethod (stDateOnly, stDateHour) - Defines whether the password generated will

                                          be valid for an entire day or the current hour.

    LengthPassword (integer) - Length of the resulting password.

    TimeZoneHours (integer) - Number of hours away from the administrator that the user is at.

                              Default is zero. For time zones with an earlier time than the

                              administrator, use a negative number.

** Note that the first three properties must be identical

        on the user and administrative programs **

Methods :

  CreatePassword - Based on the UserName, SortMethod, & PasswordLength, a unique password

                   is returned.

  ValidatePassword - Based on the password passed to the function, a boolean value of

                     True or False will be returned on whether the password is correct

                     for the UserName, SortMethod, & PasswordLength.

Any feedback, comments, etc. are welcome. Please reply to

Copyright 1996 Apogee Information Systems


unit Quickpw;



  SysUtils, WinTypes, WinProcs, Messages, Classes, Graphics, Controls,

  Forms, Dialogs;


  stDateOnly - Password is comprised of date only - good for entire day

  stDateHour - Password is comprised of date & hour - good for current hour only }


  TSortType = (stDateOnly,stDateHour);

  TAISQuickPW = class(TComponent)


    FUserName : string;

    FSortMethod : TSortType;

    FLengthPassword : integer;

    FTimeZoneHours : integer;

    function ReturnPW(CreatingPassword: Boolean) : String;

    function IsValidSelections : Boolean;

    { Private declarations }


    { Protected declarations }


    constructor Create(AOwner:TComponent); override;

    destructor Destroy; override;

    function CreatePassword : String;

    function ValidatePassword(PWord: String) : boolean;

    { Public declarations }


    { Username must be identical on user & administrator ends }

    property UserName : string read FUserName write FUserName;

    property SortMethod : TSortType read FSortMethod write FSortMethod;

    { The longer the LengthPassword property is, the more secure the password }

    property LengthPassword : integer read FLengthPassword write FLengthPassword;

    { The number of hours away, + or -, of the users timezone. 0 is default }

    property TimeZoneHours : integer read FTimeZoneHours write FTimeZoneHours;

    { Published declarations }


procedure Register;


Constructor TAISQuickPW.Create(AOwner:TComponent);


  Inherited Create(AOwner);


Destructor TAISQuickPW.Destroy;


  Inherited Destroy;


procedure Register;


  RegisterComponents('Apogee', [TAISQuickPW]);


{ This function generates the password. }

function TAISQuickPW.ReturnPW(CreatingPassword: Boolean) : String;


  Password : String;

  PassBasis : Real;



  DayAdjustment : integer;

  ThisDate : TDateTime;


  multiplier = 0.092292080396; { Random Multiplier - This ensures that a fraction will result }


  DayAdjustment := 0;

  ThisDate := Date;

  CurrentHour := StrToInt(FormatDateTime('h',ThisDate));

  if Length(FUserName) > 3 then

    NameMultiplier := Ord(FUserName[1]) + Ord(FUserName[2]) + Ord(FUserName[3])


    NameMultiplier := 13; { If UserName is less than three digits, use temp number }

  if CreatingPassword then { Only adjust time based on time zone difference if

                             creating password. Validifying passwords is done

                             at user end, where time zone difference is basis

                             for creation of password on Administrator end. In

                             this case no time adjustment is needed. }


      if (CurrentHour + TimeZoneHours) > 23 then


          CurrentHour := CurrentHour - 24;

          DayAdjustment := 1;



        if (CurrentHour + TimeZoneHours) < 0 then


            CurrentHour := 24 + CurrentHour;

            DayAdjustment := -1;


      ThisDate := ThisDate + DayAdjustment;


  if FSortMethod = stDateHour then

    NameMultiplier := NameMultiplier + CurrentHour;

  { Multiply name dependent number by date dependent number to get a unique value for

    every day of the year for each user. Multiply this by a random multiplier (const value)

    to ensure that a fraction always results. Take FLengthPassword digits of fraction as

    the final password. Note that if the fractional portion works out to less digits than

    FLengthPassword, a password with less digits than FLengthPassword will result. Program

    will still create/validate passwords normally. }

  PassBasis := NameMultiplier *

               StrToInt(FormatDateTime('yyyy',ThisDate)) /

               (StrToInt(FormatDateTime('d',ThisDate)) * StrToInt(FormatDateTime('m',ThisDate))) *


  Password := copy(FloatToStr(PassBasis - Trunc(PassBasis)),3,FLengthPassword);

  Result := Password;


function TAISQuickPW.IsValidSelections : Boolean;


  Result := False;

  if ((FUserName <> '') and

     ((FSortMethod = stDateHour) or (FSortMethod = stDateOnly)) and

     (FLengthPassword > 0)) then

        Result := True;


function TAISQuickPW.CreatePassword : String;


  NewPW : String;


  Result := ''; { Default if error }

  if IsValidSelections then


      NewPW := ReturnPW(True);

      Result := NewPW;



function TAISQuickPW.ValidatePassword(PWord : String) : boolean;


  Result := False; { Default if error }

  if IsValidSelections then

    if ReturnPW(False) = PWord then

      Result := True


      Result := False;




Share this article!

Follow us!

Find more helpful articles: