[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Modify form variable before submit in PHP

Posted on 2004-10-28
5
Medium Priority
?
532 Views
Last Modified: 2008-03-03
Although this may not be necessary, and please explain if this is the case, I'm trying to encrypt a password
string before sending the value through to the processing page to insert into the database on new user registration.

I would like to do this as a security measure so in the form POST between the pages the password input field
value is already encrypted.

Question.  Can I call the encryption function (this part works) in the form before POST and send the encrypted string
to the POST variable instead of the plain text password?  The encryption routine I would like to call before post is a PHP
function.
0
Comment
Question by:InformationSystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 33

Expert Comment

by:snoyes_jw
ID: 12438860
No. PHP is a server side language, so you can't run any code between page generation and receiving the form.  You could use a client-side method, such as Javascript, with all the security and compliance issues that go along with that.

However, you can encrypt the contents of the form data before you put it in the database.  Someone would have to intercept the form submission or modify your scripts to steal the password.
0
 
LVL 2

Expert Comment

by:unreal400
ID: 12438985
Why don't you just use SSL  and then not worry about encrypting within the actual pages.

trying to do encryption that is reversable in javascript really ins't a good idea since the code you use to encrypt is available.  I mean if you can md5 encrypt stuff then pass it over but its pretty useless to you that way since you can't decrypt it at that point.  

What type of information are you trying to encrypt before you post it to the next page?
0
 
LVL 2

Expert Comment

by:unreal400
ID: 12439072
here is a javascript md5 encryption function if you want to use that to encrypt before you submit your form

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

Hope that helps you out if you decide to use the javascript method instead of securing with SSL.

-kelly
0
 
LVL 2

Accepted Solution

by:
unreal400 earned 1000 total points
ID: 12439118
if you were just asking how to call the function on post then here it is.


instead of using and submit button do this:

<form name="formname">
......
<input name="newsubmitbutton" type = "button" onclick=  "alterpassword();" value="Sign up">


function alterpassword()
{
      document.formname.passwordbox.value = md5encryptfunction(document.formname.passwordbox.value);
      document.formname.submit();
}
0
 
LVL 2

Expert Comment

by:suresh_asp
ID: 12441785
Try this,

<?php
echo "Registration page";

echo "<script lang='javascript>function cryptt(){".
 "document.register.pwd.value = \"".encrypt($_GET['pwd'])."\";   document.register.submit();".
"}</script>";

addUser($database, $host, $db_user, $db_pass, $_GET['user'], $_GET['pwd']);
?>
<body>
<form name=register action="register.php">
      <input type=text name=user>
      <input type=password name=pwd value="" >
      <input type=button name=sub value=ok onclick="cryptt()">
</form>
</body>
<?php
function encrypt($string) {//hash then encrypt a string
    $crypted = crypt(md5($string), md5($string));
    return $crypted;
}

function addUser($database, $host, $db_user, $db_pass, $username, $password) { //add user to table logins
    $linkID = mysql_connect($host, $db_user, $db_pass);
    mysql_select_db($database, $linkID);
    $password = encrypt($password);
    $username = encrypt($username);
    mysql_query("insert into logins values ('$username', '$password')", $linkID);
}
?>
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question