Solved

Modify form variable before submit in PHP

Posted on 2004-10-28
520 Views
Last Modified: 2008-03-03
Although this may not be necessary, and please explain if this is the case, I'm trying to encrypt a password
string before sending the value through to the processing page to insert into the database on new user registration.

I would like to do this as a security measure so in the form POST between the pages the password input field
value is already encrypted.

Question.  Can I call the encryption function (this part works) in the form before POST and send the encrypted string
to the POST variable instead of the plain text password?  The encryption routine I would like to call before post is a PHP
function.
0
Question by:InformationSystems
    5 Comments
     
    LVL 33

    Expert Comment

    by:snoyes_jw
    No. PHP is a server side language, so you can't run any code between page generation and receiving the form.  You could use a client-side method, such as Javascript, with all the security and compliance issues that go along with that.

    However, you can encrypt the contents of the form data before you put it in the database.  Someone would have to intercept the form submission or modify your scripts to steal the password.
    0
     
    LVL 2

    Expert Comment

    by:unreal400
    Why don't you just use SSL  and then not worry about encrypting within the actual pages.

    trying to do encryption that is reversable in javascript really ins't a good idea since the code you use to encrypt is available.  I mean if you can md5 encrypt stuff then pass it over but its pretty useless to you that way since you can't decrypt it at that point.  

    What type of information are you trying to encrypt before you post it to the next page?
    0
     
    LVL 2

    Expert Comment

    by:unreal400
    here is a javascript md5 encryption function if you want to use that to encrypt before you submit your form

    http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

    Hope that helps you out if you decide to use the javascript method instead of securing with SSL.

    -kelly
    0
     
    LVL 2

    Accepted Solution

    by:
    if you were just asking how to call the function on post then here it is.


    instead of using and submit button do this:

    <form name="formname">
    ......
    <input name="newsubmitbutton" type = "button" onclick=  "alterpassword();" value="Sign up">


    function alterpassword()
    {
          document.formname.passwordbox.value = md5encryptfunction(document.formname.passwordbox.value);
          document.formname.submit();
    }
    0
     
    LVL 2

    Expert Comment

    by:suresh_asp
    Try this,

    <?php
    echo "Registration page";

    echo "<script lang='javascript>function cryptt(){".
     "document.register.pwd.value = \"".encrypt($_GET['pwd'])."\";   document.register.submit();".
    "}</script>";

    addUser($database, $host, $db_user, $db_pass, $_GET['user'], $_GET['pwd']);
    ?>
    <body>
    <form name=register action="register.php">
          <input type=text name=user>
          <input type=password name=pwd value="" >
          <input type=button name=sub value=ok onclick="cryptt()">
    </form>
    </body>
    <?php
    function encrypt($string) {//hash then encrypt a string
        $crypted = crypt(md5($string), md5($string));
        return $crypted;
    }

    function addUser($database, $host, $db_user, $db_pass, $username, $password) { //add user to table logins
        $linkID = mysql_connect($host, $db_user, $db_pass);
        mysql_select_db($database, $linkID);
        $password = encrypt($password);
        $username = encrypt($username);
        mysql_query("insert into logins values ('$username', '$password')", $linkID);
    }
    ?>
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

     Java Android Coding Bundle

    Whether you're an Apple user or Android addict, learning to code for the Android platform is an extremely valuable, in-demand skill. It all starts with Java, the language behind the apps and games that make Android the top platform it is today.

    A colleague recently asked me about how to give his client a small part of the web site that could be completely under the client's control.  Since I have done this sort of thing before to add emergency banners to a web site, I decided I would creat…
    Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
    The viewer will learn how to count occurrences of each item in an array.
    The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

    931 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now