Jump to content

Recommended Posts

How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible?

<form method="post">
<input type="text" name="email" size="40">
<input type="password" name="password"/>
...

 

Basically, when this posts, I want to do a foreach on $_POST and see something like:

password = 1f3870be274f6c49b3e31a0c6728957f

  and not

password = stringTheUserTyped

 

I hope what I'm asking for is clear.

(PHP 5.2.14)

 

Thanks!

Link to comment
https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/
Share on other sites

Well if your using it for a password sha1 of md5 could work, but its a one way trip : ) you can't decode it.

 

example:

$plain_input = $_POST['input'];
$super_secret_output_lols = sha1($plain_input);
echo $plain_input.'<br />';
echo $super_secret_output_lols.'<br />';

 

-edit: afterwards you can ofc compare the sha1(userinput) and the sha1(string) which is stored in a database to do a authentication check. but decoding you can't

Perhaps this is not clear.

 

Let's say that the code I wrote in my initial query is for a form on page 1. This will do a POST to page 2.

 

In page 2's code, I don't want to receive the POST message in plain text. If the "password" input field has a value of "mypassword" that the user typed in, I want to see the encrypted version of that string, not the actual string. I don't want the string to be visible to anyone at any point. How can I do that?

Well, it IS a password field, after all. How do other sites do this? Surely when I sign into amazon, my password is encrypted, right? You wouldn't want network sniffers to grab passwords. If I went the JavaScript route, is that safe? How would that look?

I have never done it, but i know there is something like OpenSSL. Free certificates to get that extra S behind http : )

But I never did this because my host wants too much money for it. But on xampp (local server) it's pretty easy, if i recall you dont have to fully rewrite any of your scripts. just place https before the domain

-edit: i just tested on xampp and if you just do https://localhost/index.php  it works without changing anything. might want to check it out

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.