How to encrypt form post data?

[LLLLLLL]

How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible?

<form method="post">
<input type="text" name="email" size="40">
<input type="password" name="password"/>
...

 

Basically, when this posts, I want to do a foreach on $_POST and see something like:

password = 1f3870be274f6c49b3e31a0c6728957f

  and not

password = stringTheUserTyped

 

I hope what I'm asking for is clear.

(PHP 5.2.14)

 

Thanks!

[Pikachu2000]

Why? What are you hoping to accomplish? What's the end goal? The answers to those questions may get you some relevant answers.

[fortnox007]

Well if your using it for a password sha1 of md5 could work, but its a one way trip : ) you can't decode it.

 

example:

$plain_input = $_POST['input'];
$super_secret_output_lols = sha1($plain_input);
echo $plain_input.'<br />';
echo $super_secret_output_lols.'<br />';

 

-edit: afterwards you can ofc compare the sha1(userinput) and the sha1(string) which is stored in a database to do a authentication check. but decoding you can't

[LLLLLLL]

Perhaps this is not clear.

 

Let's say that the code I wrote in my initial query is for a form on page 1. This will do a POST to page 2.

 

In page 2's code, I don't want to receive the POST message in plain text. If the "password" input field has a value of "mypassword" that the user typed in, I want to see the encrypted version of that string, not the actual string. I don't want the string to be visible to anyone at any point. How can I do that?

[litebearer]

so page 1 has 'clear text', page 2 receives 'magically' encrypted text?

 

Or do you need some type of javascript that takes each keystroke and encrypts it.

 

 

 

[LLLLLLL]

Well, it IS a password field, after all. How do other sites do this? Surely when I sign into amazon, my password is encrypted, right? You wouldn't want network sniffers to grab passwords. If I went the JavaScript route, is that safe? How would that look?

[Pikachu2000]

That's done via SSL to protect data in transit. It has nothing to do with MD5, or any other hashing algorithm.

[LLLLLLL]

I figured as much. How can this be implemented?

[fortnox007]

I have never done it, but i know there is something like OpenSSL. Free certificates to get that extra S behind http : )

But I never did this because my host wants too much money for it. But on xampp (local server) it's pretty easy, if i recall you dont have to fully rewrite any of your scripts. just place https before the domain

-edit: i just tested on xampp and if you just do https://localhost/index.php  it works without changing anything. might want to check it out

[LLLLLLL]

Your name is fortnox! You, of all people, should understand security!!

 

Well thanks for the info. I'll look around and post anything relevant that I find.

[fortnox007]

haha and 007 is the name of a secret agent I am good in disguising as well it seems

-edit: hehe i thought i just gave you something to work with : ) same question was on this forum also a week ago have fun lols