Encrypting with php - need help

[cland410]

Hey guys, I was wondering if there was anyway to encrypt usernames and passwords when being passed through a form to another page (just in case there is someone listening that can read the packets). I was using wireshark on my website and it was very visible to see the username and password that was being passed. I guess many people use md5 to cover this information and was wondering if anyone has any good use of this function or if there are any other ways of encrypting this information... I am also trying to cover up file names that can get me downloaded as well. Basically, I am looking for good protection without using SSL (which I am having a little trouble understanding, mainly because it is not something that is free, and/or because you need an outside web host or application installed on your server?) Thanks, I appreciate any feedback.

[inspireddesign]

Try this.  I would always recommend using SSL to encrypt data that is considered sensitive.  Such as, CC, Account Information, Etc. This following function will encrypt the string you pass to it.  You will need to call it again when you retrieve it from the database.  Good Luck!!

 

<?php

// Scramble Password

	function encode5t($str)
	{
	  for($i=0; $i<5;$i++)
	  {
		$str=strrev(base64_encode($str)); //apply base64 first and then reverse the string
	  }
	  return $str;
}

//function to decrypt the Passord

function decode5t($str)
	{
	  for($i=0; $i<5;$i++)
	  {
		$str=base64_decode(strrev($str)); //apply base64 first and then reverse the string}
	  }
	  return $str;
}
?>

 

[inspireddesign]

You will need to call it again when you retrieve it from the database.

 

Meaning that you will need to call the decrypt function.