Solved

php web form data encryption

Posted on 2011-03-07
5
314 Views
Last Modified: 2012-05-11
Dear Experts,
I want to encrypt the data, which is coming from my users like: username and password, and insert it into my database.

How should I do this,
how can I insert it into the database and how should I select it to read the data?
I use PHP and mysql server
thank you
0
Comment
Question by:Braveheartli
5 Comments
 
LVL 34

Accepted Solution

by:
Beverley Portlock earned 200 total points
Comment Utility
Your best bet is to use the mcrypt extension to encode and decode the data.

Once it is encrypted and stored in MySQL then you can get the original data back by simply feeding the encrypted data back into mcrypt and it will reveal the clear text.

Many of the ciphers used require an initialisation vector to seed the random number generator used for the encryption. You will need to store the initialisation vector with the encrypted data as it will be needed for the decode process as well as the secret encryption key.

The other thing to watch for is that many of the algorithms are BLOCK CIPHERS and your data needs to be made to fill a block. So if the block size is (say) 256 bytes = 32 chars and your data is 20 chars then you will need to pad it out with another 12 chars.

See http://uk3.php.net/mcrypt and http://uk3.php.net/manual/en/mcrypt.examples.php for examples
0
 
LVL 2

Assisted Solution

by:adeelshahid
adeelshahid earned 100 total points
Comment Utility
just use mysql so you won't have worry about php,

try,

to encrypt.

INSERT INTO t VALUES (1,AES_ENCRYPT('text', password));

SELECT AES_DECRYPT('text', password) FROM t
0
 
LVL 19

Assisted Solution

by:Michael701
Michael701 earned 100 total points
Comment Utility
You MUST use an https connection to enter and send the form data. This will protect the data on the open internet.

Then, it's best to use a one way encryption of the password to be stored in the mysql database. You should never be able to decrypt the users passwords. If they forgot the password you can assign a new temporary password, but NOT be able to decrypt the existing one (this is best for your protection). To see if the user/password is valid for login, you take the login password encrypt it, then compare it to the already encrypted password stored in the database.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 100 total points
Comment Utility
Use HTTPS for transmission.  You might want to rethink the strategy of encrypting the username.  It's fine to encode or encrypt the password, and you can get adequate protection if you use md5().  Some further encryption is OK, too.  It depends on what you want to protect.  But if you have encrypted the username, how will you ever be able to help the client reset the password?  Just a thought...

The general design pattern goes something like this.

1. At the time of registration, you require two form inputs for the password.  If they match you make the md5() string from the password and store it in the client data base table along with the username.

2. At logon time, you receive the username and the password from the HTML form on the login page.  You make the md5() string from the password.  Then you do a query something like this:
SELECT username FROM userTable WHERE username='$username' AND password='$password' LIMIT 1

If mysql_num_rows() you have a valid login.
0
 
LVL 1

Author Closing Comment

by:Braveheartli
Comment Utility
thank you
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
SASS allows you to treat your CSS code in a more OOP way. Let's have a look on how you can structure your code in order for it to be easily maintained and reused.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now