Modify form variable before submit in PHP

Although this may not be necessary, and please explain if this is the case, I'm trying to encrypt a password
string before sending the value through to the processing page to insert into the database on new user registration.

I would like to do this as a security measure so in the form POST between the pages the password input field
value is already encrypted.

Question.  Can I call the encryption function (this part works) in the form before POST and send the encrypted string
to the POST variable instead of the plain text password?  The encryption routine I would like to call before post is a PHP
function.
InformationSystemsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

snoyes_jwCommented:
No. PHP is a server side language, so you can't run any code between page generation and receiving the form.  You could use a client-side method, such as Javascript, with all the security and compliance issues that go along with that.

However, you can encrypt the contents of the form data before you put it in the database.  Someone would have to intercept the form submission or modify your scripts to steal the password.
0
unreal400Commented:
Why don't you just use SSL  and then not worry about encrypting within the actual pages.

trying to do encryption that is reversable in javascript really ins't a good idea since the code you use to encrypt is available.  I mean if you can md5 encrypt stuff then pass it over but its pretty useless to you that way since you can't decrypt it at that point.  

What type of information are you trying to encrypt before you post it to the next page?
0
unreal400Commented:
here is a javascript md5 encryption function if you want to use that to encrypt before you submit your form

http://userpages.umbc.edu/~mabzug1/cs/md5/md5.html

Hope that helps you out if you decide to use the javascript method instead of securing with SSL.

-kelly
0
unreal400Commented:
if you were just asking how to call the function on post then here it is.


instead of using and submit button do this:

<form name="formname">
......
<input name="newsubmitbutton" type = "button" onclick=  "alterpassword();" value="Sign up">


function alterpassword()
{
      document.formname.passwordbox.value = md5encryptfunction(document.formname.passwordbox.value);
      document.formname.submit();
}
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
suresh_aspCommented:
Try this,

<?php
echo "Registration page";

echo "<script lang='javascript>function cryptt(){".
 "document.register.pwd.value = \"".encrypt($_GET['pwd'])."\";   document.register.submit();".
"}</script>";

addUser($database, $host, $db_user, $db_pass, $_GET['user'], $_GET['pwd']);
?>
<body>
<form name=register action="register.php">
      <input type=text name=user>
      <input type=password name=pwd value="" >
      <input type=button name=sub value=ok onclick="cryptt()">
</form>
</body>
<?php
function encrypt($string) {//hash then encrypt a string
    $crypted = crypt(md5($string), md5($string));
    return $crypted;
}

function addUser($database, $host, $db_user, $db_pass, $username, $password) { //add user to table logins
    $linkID = mysql_connect($host, $db_user, $db_pass);
    mysql_select_db($database, $linkID);
    $password = encrypt($password);
    $username = encrypt($username);
    mysql_query("insert into logins values ('$username', '$password')", $linkID);
}
?>
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.