Hey! There's no MD5 in Javascript which is why I post hte question in the first place. Now I lost 5 hours of my time working on writing this script. You're going to have to be careful because you had to make sure there is MD5 features in Javascript before posting a reply.
I found a workaround to it. You have to manually create a MD5 algorithm in Javascript. I did the google search and got this, it is at http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash/ . Pretty cool, isn't it!!!!! Take care, Scott "Scott Fletcher" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I'll look into this and try it out. The only thing that is important to me > is that the password get encrypted before transmitting across the internet. > I'm not worry if the JS is disabled because if it is then the login will > never be authenticated. I'll keep on exploring for way to increase > security. Thanks for the response. > > > "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > The way you want it can be securely done only using asymetric > > encryption, which is not available to JS. > > Do you really need to encrypt user_id? You could use md5 to hash > > password with some random string, > > store the hash in a hidden field and erase password. On server side if > > the hidden field is set compare it > > whith a hash you create with password and the random string (keep the > > string as a session variable, don't > > pass it as a form hidden field). If the hidden hash field is not set, > > use normal procedure. > > > > code: > > > > server: > > $_SESSION[random]=create_random_string(); > > > > client: > > function onsubmit(form) { > > form.hiddenfield.value= md5( md5(form.password.value) + > > form.randomstring.value); > > form.password.value=''; > > return true; > > } > > > > server: > > if($_POST[hiddenfield]) { > > $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > > AND > > '$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))"); > > > > } else { > > $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > > AND password=MD5($_POST[password]"); > > } > > > > this example assumes passwords are stored as md5 hashes in the database > > > > Scott Fletcher wrote: > > > > >Here's the challenging project I'm doing. I'm trying to encrypt the > user_id > > >and password in javascript and submit it. Then have PHP to decrypt the > > >user_id and password. The only problem I have is I don't know what > > >javascript function or javascript algorithm that can also work the same > way > > >as the php function or php algorithm. Anybody know? > > > > > >Thanks, > > > FletchSOD > > > > > > > > > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
