Solved

php web form data encryption

Posted on 2011-03-07
5
319 Views
Last Modified: 2012-05-11
Dear Experts,
I want to encrypt the data, which is coming from my users like: username and password, and insert it into my database.

How should I do this,
how can I insert it into the database and how should I select it to read the data?
I use PHP and mysql server
thank you
0
Comment
Question by:Braveheartli
5 Comments
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 200 total points
ID: 35056115
Your best bet is to use the mcrypt extension to encode and decode the data.

Once it is encrypted and stored in MySQL then you can get the original data back by simply feeding the encrypted data back into mcrypt and it will reveal the clear text.

Many of the ciphers used require an initialisation vector to seed the random number generator used for the encryption. You will need to store the initialisation vector with the encrypted data as it will be needed for the decode process as well as the secret encryption key.

The other thing to watch for is that many of the algorithms are BLOCK CIPHERS and your data needs to be made to fill a block. So if the block size is (say) 256 bytes = 32 chars and your data is 20 chars then you will need to pad it out with another 12 chars.

See http://uk3.php.net/mcrypt and http://uk3.php.net/manual/en/mcrypt.examples.php for examples
0
 
LVL 2

Assisted Solution

by:adeelshahid
adeelshahid earned 100 total points
ID: 35056707
just use mysql so you won't have worry about php,

try,

to encrypt.

INSERT INTO t VALUES (1,AES_ENCRYPT('text', password));

SELECT AES_DECRYPT('text', password) FROM t
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 100 total points
ID: 35060215
You MUST use an https connection to enter and send the form data. This will protect the data on the open internet.

Then, it's best to use a one way encryption of the password to be stored in the mysql database. You should never be able to decrypt the users passwords. If they forgot the password you can assign a new temporary password, but NOT be able to decrypt the existing one (this is best for your protection). To see if the user/password is valid for login, you take the login password encrypt it, then compare it to the already encrypted password stored in the database.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
ID: 35062198
Use HTTPS for transmission.  You might want to rethink the strategy of encrypting the username.  It's fine to encode or encrypt the password, and you can get adequate protection if you use md5().  Some further encryption is OK, too.  It depends on what you want to protect.  But if you have encrypted the username, how will you ever be able to help the client reset the password?  Just a thought...

The general design pattern goes something like this.

1. At the time of registration, you require two form inputs for the password.  If they match you make the md5() string from the password and store it in the client data base table along with the username.

2. At logon time, you receive the username and the password from the HTML form on the login page.  You make the md5() string from the password.  Then you do a query something like this:
SELECT username FROM userTable WHERE username='$username' AND password='$password' LIMIT 1

If mysql_num_rows() you have a valid login.
0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 35083169
thank you
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

JavaScript has plenty of pieces of code people often just copy/paste from somewhere but never quite fully understand. Self-Executing functions are just one good example that I'll try to demystify here.
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Viewers will learn about arithmetic and Boolean expressions in Java and the logical operators used to create Boolean expressions. We will cover the symbols used for arithmetic expressions and define each logical operator and how to use them in Boole…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now