how to POST password to website?

[hydar]

i'm trying to make a client for a form on a website. i need to post a password to the site. it's usually done by a password field but I want to do it just with a php script, using http post. but i don't know how a password input field in html encrypts the password--it doesn't make sense that i could just send a php request such as site.com?password=hello123.

any ideas? thanks

[Wildbug]

I've used client-side JavaScript to encode the password before POSTing it.  Unless you do that, it's sent cleartext.  My code only used cleartext if the browser didn't support or had JavaScript turned off so that use was transparent, but you could require JS if you had a site you really needed to keep secure.  And with POST, at least it's not in the GET string. 

 

The other option is HTTPS.

[trecool999]

SendPassword.php

<form id="Form" name="Form" action="EncryptPassword.php" method="POST">
    <input type="text" value="Password" id="Password" name="Password" />
    <input type="button" value="Go" id="Submit" name="Submit" />
</form>

 

EncryptPassword.php

<?php
$Password = md5($_POST['Password']);
header('Location: ReceivePassword.php');
?>

 

Then do whatever in ReceivePassword.php .

[Wildbug]

The password is still passing between the client and server in cleartext in that example, tre.