Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 540
  • Last Modified:

Modify form variable before submit in PHP

Although this may not be necessary, and please explain if this is the case, I'm trying to encrypt a password
string before sending the value through to the processing page to insert into the database on new user registration.

I would like to do this as a security measure so in the form POST between the pages the password input field
value is already encrypted.

Question.  Can I call the encryption function (this part works) in the form before POST and send the encrypted string
to the POST variable instead of the plain text password?  The encryption routine I would like to call before post is a PHP
function.
0
InformationSystems
Asked:
InformationSystems
  • 3
1 Solution
 
snoyes_jwCommented:
No. PHP is a server side language, so you can't run any code between page generation and receiving the form.  You could use a client-side method, such as Javascript, with all the security and compliance issues that go along with that.

However, you can encrypt the contents of the form data before you put it in the database.  Someone would have to intercept the form submission or modify your scripts to steal the password.
0
 
unreal400Commented:
Why don't you just use SSL  and then not worry about encrypting within the actual pages.

trying to do encryption that is reversable in javascript really ins't a good idea since the code you use to encrypt is available.  I mean if you can md5 encrypt stuff then pass it over but its pretty useless to you that way since you can't decrypt it at that point.  

What type of information are you trying to encrypt before you post it to the next page?
0
 
unreal400Commented:
here is a javascript md5 encryption function if you want to use that to encrypt before you submit your form

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

Hope that helps you out if you decide to use the javascript method instead of securing with SSL.

-kelly
0
 
unreal400Commented:
if you were just asking how to call the function on post then here it is.


instead of using and submit button do this:

<form name="formname">
......
<input name="newsubmitbutton" type = "button" onclick=  "alterpassword();" value="Sign up">


function alterpassword()
{
      document.formname.passwordbox.value = md5encryptfunction(document.formname.passwordbox.value);
      document.formname.submit();
}
0
 
suresh_aspCommented:
Try this,

<?php
echo "Registration page";

echo "<script lang='javascript>function cryptt(){".
 "document.register.pwd.value = \"".encrypt($_GET['pwd'])."\";   document.register.submit();".
"}</script>";

addUser($database, $host, $db_user, $db_pass, $_GET['user'], $_GET['pwd']);
?>
<body>
<form name=register action="register.php">
      <input type=text name=user>
      <input type=password name=pwd value="" >
      <input type=button name=sub value=ok onclick="cryptt()">
</form>
</body>
<?php
function encrypt($string) {//hash then encrypt a string
    $crypted = crypt(md5($string), md5($string));
    return $crypted;
}

function addUser($database, $host, $db_user, $db_pass, $username, $password) { //add user to table logins
    $linkID = mysql_connect($host, $db_user, $db_pass);
    mysql_select_db($database, $linkID);
    $password = encrypt($password);
    $username = encrypt($username);
    mysql_query("insert into logins values ('$username', '$password')", $linkID);
}
?>
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now