Hey!  There's no MD5 in Javascript which is why I post hte question in the
first place.  Now I lost 5 hours of my time working on writing this script.
You're going to have to be careful because you had to make sure there is MD5
features in Javascript before posting a reply.

I found a workaround to it.  You have to manually create a MD5 algorithm in
Javascript.  I did the google search and got this, it is at
http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash/
.  Pretty cool, isn't it!!!!!

Take care,
 Scott
"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I'll look into this and try it out.  The only thing that is important to
me
> is that the password get encrypted before transmitting across the
internet.
> I'm not worry if the JS is disabled because if it is then the login will
> never be authenticated.  I'll keep on exploring for way to increase
> security.   Thanks for the response.
>
>
> "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > The way you want it can be securely done only using asymetric
> > encryption, which is not available to JS.
> > Do you really need to encrypt user_id? You could use md5 to hash
> > password with some random string,
> > store the hash in a hidden field and erase password. On server side if
> > the hidden field is set compare it
> > whith a hash you create with password and the random string (keep the
> > string as a session variable, don't
> > pass it as a form hidden field). If the hidden hash field is not set,
> > use normal procedure.
> >
> > code:
> >
> > server:
> > $_SESSION[random]=create_random_string();
> >
> > client:
> > function onsubmit(form)  {
> >     form.hiddenfield.value= md5( md5(form.password.value) +
> > form.randomstring.value);
> >     form.password.value='';
> >     return true;
> > }
> >
> > server:
> > if($_POST[hiddenfield]) {
> >   $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]'
> >         AND
> > '$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))");
> >
> > } else {
> >     $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]'
> >         AND password=MD5($_POST[password]");
> > }
> >
> > this example assumes passwords are stored as md5 hashes in the database
> >
> > Scott Fletcher wrote:
> >
> > >Here's the challenging project I'm doing.  I'm trying to encrypt the
> user_id
> > >and password in javascript and submit it.  Then have PHP to decrypt the
> > >user_id and password.  The only problem I have is I don't know what
> > >javascript function or javascript algorithm that can also work the same
> way
> > >as the php function or php algorithm.  Anybody know?
> > >
> > >Thanks,
> > > FletchSOD
> > >
> > >
> > >
> > >
> > >
> >
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to