LLLLLLL Posted September 9, 2010 Share Posted September 9, 2010 How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible? <form method="post"> <input type="text" name="email" size="40"> <input type="password" name="password"/> ... Basically, when this posts, I want to do a foreach on $_POST and see something like: password = 1f3870be274f6c49b3e31a0c6728957f and not password = stringTheUserTyped I hope what I'm asking for is clear. (PHP 5.2.14) Thanks! Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/ Share on other sites More sharing options...
Pikachu2000 Posted September 9, 2010 Share Posted September 9, 2010 Why? What are you hoping to accomplish? What's the end goal? The answers to those questions may get you some relevant answers. Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109392 Share on other sites More sharing options...
fortnox007 Posted September 9, 2010 Share Posted September 9, 2010 Well if your using it for a password sha1 of md5 could work, but its a one way trip : ) you can't decode it. example: $plain_input = $_POST['input']; $super_secret_output_lols = sha1($plain_input); echo $plain_input.'<br />'; echo $super_secret_output_lols.'<br />'; -edit: afterwards you can ofc compare the sha1(userinput) and the sha1(string) which is stored in a database to do a authentication check. but decoding you can't Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109396 Share on other sites More sharing options...
LLLLLLL Posted September 9, 2010 Author Share Posted September 9, 2010 Perhaps this is not clear. Let's say that the code I wrote in my initial query is for a form on page 1. This will do a POST to page 2. In page 2's code, I don't want to receive the POST message in plain text. If the "password" input field has a value of "mypassword" that the user typed in, I want to see the encrypted version of that string, not the actual string. I don't want the string to be visible to anyone at any point. How can I do that? Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109410 Share on other sites More sharing options...
litebearer Posted September 9, 2010 Share Posted September 9, 2010 so page 1 has 'clear text', page 2 receives 'magically' encrypted text? Or do you need some type of javascript that takes each keystroke and encrypts it. Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109411 Share on other sites More sharing options...
LLLLLLL Posted September 9, 2010 Author Share Posted September 9, 2010 Well, it IS a password field, after all. How do other sites do this? Surely when I sign into amazon, my password is encrypted, right? You wouldn't want network sniffers to grab passwords. If I went the JavaScript route, is that safe? How would that look? Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109414 Share on other sites More sharing options...
Pikachu2000 Posted September 10, 2010 Share Posted September 10, 2010 That's done via SSL to protect data in transit. It has nothing to do with MD5, or any other hashing algorithm. Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109429 Share on other sites More sharing options...
LLLLLLL Posted September 10, 2010 Author Share Posted September 10, 2010 I figured as much. How can this be implemented? Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109431 Share on other sites More sharing options...
fortnox007 Posted September 10, 2010 Share Posted September 10, 2010 I have never done it, but i know there is something like OpenSSL. Free certificates to get that extra S behind http : ) But I never did this because my host wants too much money for it. But on xampp (local server) it's pretty easy, if i recall you dont have to fully rewrite any of your scripts. just place https before the domain -edit: i just tested on xampp and if you just do https://localhost/index.php it works without changing anything. might want to check it out Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109447 Share on other sites More sharing options...
LLLLLLL Posted September 10, 2010 Author Share Posted September 10, 2010 Your name is fortnox! You, of all people, should understand security!! Well thanks for the info. I'll look around and post anything relevant that I find. Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109460 Share on other sites More sharing options...
fortnox007 Posted September 10, 2010 Share Posted September 10, 2010 haha and 007 is the name of a secret agent I am good in disguising as well it seems -edit: hehe i thought i just gave you something to work with : ) same question was on this forum also a week ago have fun lols Quote Link to comment https://forums.phpfreaks.com/topic/212985-how-to-encrypt-form-post-data/#findComment-1109464 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.