Solved

php web form data encryption

Posted on 2011-03-07
5
322 Views
Last Modified: 2012-05-11
Dear Experts,
I want to encrypt the data, which is coming from my users like: username and password, and insert it into my database.

How should I do this,
how can I insert it into the database and how should I select it to read the data?
I use PHP and mysql server
thank you
0
Comment
Question by:Braveheartli
5 Comments
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 200 total points
ID: 35056115
Your best bet is to use the mcrypt extension to encode and decode the data.

Once it is encrypted and stored in MySQL then you can get the original data back by simply feeding the encrypted data back into mcrypt and it will reveal the clear text.

Many of the ciphers used require an initialisation vector to seed the random number generator used for the encryption. You will need to store the initialisation vector with the encrypted data as it will be needed for the decode process as well as the secret encryption key.

The other thing to watch for is that many of the algorithms are BLOCK CIPHERS and your data needs to be made to fill a block. So if the block size is (say) 256 bytes = 32 chars and your data is 20 chars then you will need to pad it out with another 12 chars.

See http://uk3.php.net/mcrypt and http://uk3.php.net/manual/en/mcrypt.examples.php for examples
0
 
LVL 2

Assisted Solution

by:adeelshahid
adeelshahid earned 100 total points
ID: 35056707
just use mysql so you won't have worry about php,

try,

to encrypt.

INSERT INTO t VALUES (1,AES_ENCRYPT('text', password));

SELECT AES_DECRYPT('text', password) FROM t
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 100 total points
ID: 35060215
You MUST use an https connection to enter and send the form data. This will protect the data on the open internet.

Then, it's best to use a one way encryption of the password to be stored in the mysql database. You should never be able to decrypt the users passwords. If they forgot the password you can assign a new temporary password, but NOT be able to decrypt the existing one (this is best for your protection). To see if the user/password is valid for login, you take the login password encrypt it, then compare it to the already encrypted password stored in the database.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 35062198
Use HTTPS for transmission.  You might want to rethink the strategy of encrypting the username.  It's fine to encode or encrypt the password, and you can get adequate protection if you use md5().  Some further encryption is OK, too.  It depends on what you want to protect.  But if you have encrypted the username, how will you ever be able to help the client reset the password?  Just a thought...

The general design pattern goes something like this.

1. At the time of registration, you require two form inputs for the password.  If they match you make the md5() string from the password and store it in the client data base table along with the username.

2. At logon time, you receive the username and the password from the HTML form on the login page.  You make the md5() string from the password.  Then you do a query something like this:
SELECT username FROM userTable WHERE username='$username' AND password='$password' LIMIT 1

If mysql_num_rows() you have a valid login.
0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 35083169
thank you
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question