Do you really need to encrypt user_id? You could use md5 to hash password with some random string,
store the hash in a hidden field and erase password. On server side if the hidden field is set compare it
whith a hash you create with password and the random string (keep the string as a session variable, don't
pass it as a form hidden field). If the hidden hash field is not set, use normal procedure.
code:
server:
$_SESSION[random]=create_random_string();
client:
function onsubmit(form) {
form.hiddenfield.value= md5( md5(form.password.value) + form.randomstring.value);
form.password.value='';
return true;
}
server:
if($_POST[hiddenfield]) {
$res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]'
AND '$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))");
} else {
$res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]'
AND password=MD5($_POST[password]"); }
this example assumes passwords are stored as md5 hashes in the database
Scott Fletcher wrote:
Here's the challenging project I'm doing. I'm trying to encrypt the user_id
and password in javascript and submit it. Then have PHP to decrypt the
user_id and password. The only problem I have is I don't know what
javascript function or javascript algorithm that can also work the same way
as the php function or php algorithm. Anybody know?
Thanks,
FletchSOD
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
