Jump to content

Encryting text in PHP

everurssantosh

By everurssantosh
in PHP Coding Help

 Share

Recommended Posts

everurssantosh Member

everurssantosh

Posted
Posted

Hi ,

 

I am facing problems in encryting text in PHP.

 

I am having an input form for the user to enter the password and a key for security. I am going to store those in database for future use. My site is SSL enabled too. I want to encrypt the password and store them in database. I will get those varriables to PHP for encryption only after the page is submitted to one more page.

 

My Concern is "To transmit the data through form post varriables from one page to another as plane text." Is it safe to transmit the plane text (password and key) to the other page and then encrypt them and store in the database?  :o

 

I have also tried to encrypt the password in JavaScript and send it across to the other page. But in that page again I need to decrypt and encrypt in PHP and store in database.

 

I am really confused for this issue. Kindly Help.....

 

Thank you.

Santosh

 

 

Link to comment
https://forums.phpfreaks.com/topic/122833-encryting-text-in-php/
Share on other sites
everurssantosh Member

everurssantosh

Posted
  • Author
Posted

For posting to another page r u storing the password in the hidden field. If that is the case then it is not secure.

 

Hi

 

I am not storing the password in hidden field. The password will be masked in a Password filed (input type=password) and I am then submiting the form to go to the other page where I will encrypt the text in PHP.

Is this secured over SSL... my concern is : is form post varriables are secured in a SSL channel?

 

Thanks

elmas156 Regular Member

elmas156

Posted
Posted

why do you have to pass the information to another page in the form?

 

try doing it this way:

 

<?php

if (!isset($_POST['submit'])) { // If the form has not been submitted

"Put code for the form here"

// Make sure the submit button name is actually "submit" in this case.  If you want to change the 
//name you have to change (!isset($_POST['change_this'])) to equal the name of the submit button.

} else {

$username = form($_POST['username']);
$password = md5($_POST['password']);  // This encrypts the password to store in the database.

mysql_query("INSERT INTO `users` (username,password) VALUES ('$username','$password')") or die (mysql_error()); // Inserts the user info.

header("Location: yournextpage.php");

?>

 

If you do it this way there's no need to pass the information from one page to the next because everything is done on the same page... just make the form action point to the same page, for example if this page is called signup.php, make the form action="signup.php"

everurssantosh Member

everurssantosh

Posted
  • Author
Posted

If the form is accessed via https://... then your data is sent encrypted, if not it is sent plain text and could be intercepted.

 

Ken

 

Hi Ken,

 

I didnt understand it properly.

"if not it is sent plain text and could be intercepted"... is it secured ? is it advisable to send information like password, security numbers thru SSL channel in form post ??

 

Thank you

Santosh

discomatt Member

discomatt

Posted
Posted

You're using SSL, so any data ( including POST variablesdata ) that is transmitted to and from the user is ENCRYPTED. This doesn't mean the data CAN'T be intercepted, but it will NOT be sent in plain text. The cracker must decrypt any intercepted data, which is not an easy task.

 

Don't forget to flag your cookies as secure as well. There's an option for it in the setcookie() function.

discomatt Member

discomatt

Posted
Posted

Not an issue, as long as the 'action' page is https://

 

When the user clicks submit on the form, the browser collects all the information within that form, and builds a POST query. It then sends a POST request to the action page ( which is secured ) with that POST query in the header.

 

The info never gets transmitted plain text.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.