Jump to content

How to encrypt form post data?


LLLLLLL

Recommended Posts

How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible?

<form method="post">
<input type="text" name="email" size="40">
<input type="password" name="password"/>
...

 

Basically, when this posts, I want to do a foreach on $_POST and see something like:

password = 1f3870be274f6c49b3e31a0c6728957f

  and not

password = stringTheUserTyped

 

I hope what I'm asking for is clear.

(PHP 5.2.14)

 

Thanks!

Link to comment
Share on other sites

Well if your using it for a password sha1 of md5 could work, but its a one way trip : ) you can't decode it.

 

example:

$plain_input = $_POST['input'];
$super_secret_output_lols = sha1($plain_input);
echo $plain_input.'<br />';
echo $super_secret_output_lols.'<br />';

 

-edit: afterwards you can ofc compare the sha1(userinput) and the sha1(string) which is stored in a database to do a authentication check. but decoding you can't

Link to comment
Share on other sites

Perhaps this is not clear.

 

Let's say that the code I wrote in my initial query is for a form on page 1. This will do a POST to page 2.

 

In page 2's code, I don't want to receive the POST message in plain text. If the "password" input field has a value of "mypassword" that the user typed in, I want to see the encrypted version of that string, not the actual string. I don't want the string to be visible to anyone at any point. How can I do that?

Link to comment
Share on other sites

Well, it IS a password field, after all. How do other sites do this? Surely when I sign into amazon, my password is encrypted, right? You wouldn't want network sniffers to grab passwords. If I went the JavaScript route, is that safe? How would that look?

Link to comment
Share on other sites

I have never done it, but i know there is something like OpenSSL. Free certificates to get that extra S behind http : )

But I never did this because my host wants too much money for it. But on xampp (local server) it's pretty easy, if i recall you dont have to fully rewrite any of your scripts. just place https before the domain

-edit: i just tested on xampp and if you just do https://localhost/index.php  it works without changing anything. might want to check it out

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.