Password component

A component for generating temporary passwords.

Contributor: APOGEE INFORMATION SYSTEMS



(*******************************************************************

AISQuickPassword - Backdoor Password generating Component for Delphi



Created on : September 25, 1996

Created by : Dennis P. Butler



Purpose :

  The purpose of this component is to allow a programmer to use password

  security in a project, but not be restricted by having to come up with

  a scheme to handle forgotten passwords. This component allows the

  programmer to make his projects generate temporary passwords for the

  users of the project.



Description :

  A perpetual problem with passwords is that users often forget their

  password, leading to many adminsitrative problems. These problems are

  especially severe if an application is using local tables and being

  run on a laptop, where an administrator may not easily be able to help

  the user if they are not at the same location. This component allows

  the administrator to generate a temporary password based on the login

  criteria of the user. This password can be good for the entire day or

  the specific hour, based on the use in the program. The component also

  allows passwords to be generated for users in a different time zone.

  For example, if a user in a different time zone than the administrator

  calls up wanting a backdoor password for themselves, especially if the

  hourly password option is chosen, then the hour offset in the

  TimeZoneHours field can accomodate this and produce a correct password

  for the users machine.



Using the Component :

  Use of this component assumes that there are at least two types of people

  who will be using the system, ordinary users and administrators. Only

  administrators have the ability to generate backdoor passwords for users.

  In a typical application, there is a login screen to enter the system.

  Using the AISQuickPassword component, the application would fill in the

  information for the UserName property based on the login, the Sortmethod

  property, and the LengthPassword property. The programmer would include

  in the login screen a call to validatepassword with the password entered

  as a parameter. If the password entered is the temporary password, the

  program can allow them to enter the system or take whatever steps is then

  appropriate for the application. On the administrator end, they would have

  access to a form where only they would be able to make calls to the

  createmethod method.



Key Properties :

    UserName (string) - This is the string criteria unique to each user. It can be

                        a user name, user id, etc., but generally should be the same

                        string that is used to log into the system, so that the strings

                        will be the same on the user and administrator machines.

    SortMethod (stDateOnly, stDateHour) - Defines whether the password generated will

                                          be valid for an entire day or the current hour.

    LengthPassword (integer) - Length of the resulting password.

    TimeZoneHours (integer) - Number of hours away from the administrator that the user is at.

                              Default is zero. For time zones with an earlier time than the

                              administrator, use a negative number.



** Note that the first three properties must be identical

        on the user and administrative programs **



Methods :

  CreatePassword - Based on the UserName, SortMethod, & PasswordLength, a unique password

                   is returned.

  ValidatePassword - Based on the password passed to the function, a boolean value of

                     True or False will be returned on whether the password is correct

                     for the UserName, SortMethod, & PasswordLength.



Any feedback, comments, etc. are welcome. Please reply to dbutler@apogeeis.com



Copyright 1996 Apogee Information Systems

*********************************************************************)



unit Quickpw;



interface



uses

  SysUtils, WinTypes, WinProcs, Messages, Classes, Graphics, Controls,

  Forms, Dialogs;



  {

  stDateOnly - Password is comprised of date only - good for entire day

  stDateHour - Password is comprised of date & hour - good for current hour only }



type

  TSortType = (stDateOnly,stDateHour);



  TAISQuickPW = class(TComponent)

  private

    FUserName : string;

    FSortMethod : TSortType;

    FLengthPassword : integer;

    FTimeZoneHours : integer;

    function ReturnPW(CreatingPassword: Boolean) : String;

    function IsValidSelections : Boolean;

    { Private declarations }

  protected

    { Protected declarations }

  public

    constructor Create(AOwner:TComponent); override;



    destructor Destroy; override;

    function CreatePassword : String;

    function ValidatePassword(PWord: String) : boolean;

    { Public declarations }

  published

    { Username must be identical on user & administrator ends }

    property UserName : string read FUserName write FUserName;

    property SortMethod : TSortType read FSortMethod write FSortMethod;

    { The longer the LengthPassword property is, the more secure the password }

    property LengthPassword : integer read FLengthPassword write FLengthPassword;

    { The number of hours away, + or -, of the users timezone. 0 is default }

    property TimeZoneHours : integer read FTimeZoneHours write FTimeZoneHours;

    { Published declarations }

  end;



procedure Register;



implementation





Constructor TAISQuickPW.Create(AOwner:TComponent);

begin

  Inherited Create(AOwner);

end;



Destructor TAISQuickPW.Destroy;

begin

  Inherited Destroy;

end;



procedure Register;

begin

  RegisterComponents('Apogee', [TAISQuickPW]);

end;



{ This function generates the password. }

function TAISQuickPW.ReturnPW(CreatingPassword: Boolean) : String;

var

  Password : String;

  PassBasis : Real;

  NameMultiplier,

  CurrentHour,

  DayAdjustment : integer;

  ThisDate : TDateTime;

const

  multiplier = 0.092292080396; { Random Multiplier - This ensures that a fraction will result }

begin

  DayAdjustment := 0;

  ThisDate := Date;

  CurrentHour := StrToInt(FormatDateTime('h',ThisDate));



  if Length(FUserName) > 3 then

    NameMultiplier := Ord(FUserName[1]) + Ord(FUserName[2]) + Ord(FUserName[3])

  else

    NameMultiplier := 13; { If UserName is less than three digits, use temp number }



  if CreatingPassword then { Only adjust time based on time zone difference if

                             creating password. Validifying passwords is done

                             at user end, where time zone difference is basis

                             for creation of password on Administrator end. In

                             this case no time adjustment is needed. }

    begin

      if (CurrentHour + TimeZoneHours) > 23 then

        begin

          CurrentHour := CurrentHour - 24;

          DayAdjustment := 1;

        end

      else

        if (CurrentHour + TimeZoneHours) < 0 then

          begin

            CurrentHour := 24 + CurrentHour;

            DayAdjustment := -1;

          end;



      ThisDate := ThisDate + DayAdjustment;

    end;



  if FSortMethod = stDateHour then

    NameMultiplier := NameMultiplier + CurrentHour;



  { Multiply name dependent number by date dependent number to get a unique value for

    every day of the year for each user. Multiply this by a random multiplier (const value)

    to ensure that a fraction always results. Take FLengthPassword digits of fraction as

    the final password. Note that if the fractional portion works out to less digits than

    FLengthPassword, a password with less digits than FLengthPassword will result. Program

    will still create/validate passwords normally. }

  PassBasis := NameMultiplier *

               StrToInt(FormatDateTime('yyyy',ThisDate)) /

               (StrToInt(FormatDateTime('d',ThisDate)) * StrToInt(FormatDateTime('m',ThisDate))) *

               multiplier;

  Password := copy(FloatToStr(PassBasis - Trunc(PassBasis)),3,FLengthPassword);

  Result := Password;

end;



function TAISQuickPW.IsValidSelections : Boolean;

begin

  Result := False;

  if ((FUserName <> '') and

     ((FSortMethod = stDateHour) or (FSortMethod = stDateOnly)) and

     (FLengthPassword > 0)) then

        Result := True;

end;



function TAISQuickPW.CreatePassword : String;

var

  NewPW : String;

begin

  Result := ''; { Default if error }

  if IsValidSelections then

    begin

      NewPW := ReturnPW(True);

      Result := NewPW;

    end;

end;



function TAISQuickPW.ValidatePassword(PWord : String) : boolean;

begin

  Result := False; { Default if error }

  if IsValidSelections then

    if ReturnPW(False) = PWord then

      Result := True

    else

      Result := False;

end;



end.

 

Share this article!

Follow us!

Find more helpful articles: