Encoding FORM Variables Before They’re Sent?

@JavaHead_JonnieAug 22.2004

I’m currenly developing some PHP to manage a user DB; login, register etc.

My problem is this: I need to encrypt the contents of a FORM input field (The password) before the form is sent. I want to use md5(). How can I do this? This is my code:

[code]echo(” <form method=’POST’ action=’/index.php?pg=login’ name=’login_form’><p> Username: <input type=’text’ name=’name’><br /> Pass: <input type=’password’ name=’pass’><br /> Remember Me: <input type=’checkbox’ name=’remember’><br /> <input type=’hidden’ name=’do_login’ value=’1′> <input type=’submit’ name=’submit’ value=’Punch It!’> </p></form> “;[/code]

Thanks & Regards, Jonnie

to post a comment

PHP

10 Comments(s) _↴

@96turnerriAug 22.2004 — #try using an enctype in the form tag

if you use md5 how are you going to unmd5 it?

@JavaHead_JonnieauthorAug 22.2004 — #That's not what I'm trying to do. Basically when the form submits; 'pass' is sent to the form-processing script (/index.php?pg=login) and received as $_POST['pass'] but I want it to be md5()'d before it's sent so it's transmitted encoded (And hack-proof).

I don't want to unmd5() it. Why would I want to?

@Stephen_PhilbinAug 22.2004 — #I asked the same thing last week. It would appear you can't. Instead you'd have to use SSL. I asked about SSL yesterday but so far have just had an advert for Verisign.com. ?

Only other alternative I could think of was Javascript. This is obviously an absurd idea and about as safe as chewing dynamite. So I'm just waiting for some pointers to learning how to implement SSL for logins.

@JavaHead_JonnieauthorAug 22.2004 — #Yeah, I read that topic. it's not too important - It's not credit card information or anything but I just thought it would be a nice feature to have.

@Stephen_PhilbinAug 22.2004 — #Yeah I'll not be using it for regular users myself, just admins. I intend to add a few features that if misused could pose a potential security/stability threat. There's also a strong likelehood the there'll be info about other companies etc that should be made available only to admins. So I could do with some pointers on what I should be learning and some resources for learning them. Hopefully the lack of response has just been due to it being the weekend.

@NogDogAug 23.2004 — #I don't think there is anything PHP can do for you here, as any PHP processing is happening on the server side, but you want the client side (browser) to do some sort of encryption for you. SSL would seem the obvious choice, but you'll need to work that out with your host admin/provider.

@96turnerriAug 23.2004 — #you could use JS to md5 it and then clear the textbox on form submit, that would work but only if they had JS enabled obviously ?

@Stephen_PhilbinAug 23.2004 — #My host will do pretty much whatever I ask. I just need some pointers for what I should be doing at my end. Like how do I initiate an SSL connection. What do I do that makes a file know it's in a secure section? Do I just plonk the files in a directory on my server that has special restrictions on it? Then just tell apache that files in that directory should use https:// ?

Is it something along those lines or am I way off?

@JavaHead_JonnieauthorAug 24.2004 — #I'm interested in this aswell. As I understand it (Not very well, that is), you need a certificate and some keys or something...

@Stephen_PhilbinAug 25.2004 — #Yeah. As far as I can make out yer "keys" are in yer "certificate" You can pay silly amounts of money to people like Verisign for a certificate to learn with (as far as I can make out the certificate is the business end of the encryption and decryption process) or just make one yerself. The server I'm on has a self issued certificate (we've had it for ages for using Cpanel etc). Still no idea how to tell a file that it's supposed to be available only via https and that it should send data only by SSL encryption. ?

Also in #PHP _↴

Two different people, same account, same time using array items as pulling out records Coustum URL In PHP

Success!

Help @JavaHead_Jonnie spread the word by sharing this article on Twitter...

Tweet This

about: ({
version: 0.1.9 — BETA 5.19,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});

changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...

recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...

Encoding FORM Variables Before They’re Sent?

10 Comments(s) _↴

Also in #PHP _↴

Success!

Social

Version

Encoding FORM Variables Before They’re Sent?

10 Comments(s) ↴

Also in #PHP ↴

Success!

The web is an endless sea of information. Don't miss the boat... Subscribe!

Social

Version

10 Comments(s) _↴

Also in #PHP _↴