Here's the message I got from someone. It is pretty cool! --clip-- if U want MD5 for Java Script try down load PHPLib and search in this package. and you will find MD5 script with Java Script.
--clip-- "Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Really, pretty cool. I don't know why I was so sure there was a md5 > function in javascript (propably because I thought is was everywhere - > untill now). Thanks for the link. > > Scott Fletcher wrote: > > >Hey! There's no MD5 in Javascript which is why I post hte question in the > >first place. Now I lost 5 hours of my time working on writing this script. > >You're going to have to be careful because you had to make sure there is MD5 > >features in Javascript before posting a reply. > > > >I found a workaround to it. You have to manually create a MD5 algorithm in > >Javascript. I did the google search and got this, it is at > >http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash / > >. Pretty cool, isn't it!!!!! > > > >Take care, > > Scott > >"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message > >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > > > >>I'll look into this and try it out. The only thing that is important to > >> > >> > >me > > > > > >>is that the password get encrypted before transmitting across the > >> > >> > >internet. > > > > > >>I'm not worry if the JS is disabled because if it is then the login will > >>never be authenticated. I'll keep on exploring for way to increase > >>security. Thanks for the response. > >> > >> > >>"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message > >>[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > >> > >> > >>>The way you want it can be securely done only using asymetric > >>>encryption, which is not available to JS. > >>>Do you really need to encrypt user_id? You could use md5 to hash > >>>password with some random string, > >>>store the hash in a hidden field and erase password. On server side if > >>>the hidden field is set compare it > >>>whith a hash you create with password and the random string (keep the > >>>string as a session variable, don't > >>>pass it as a form hidden field). If the hidden hash field is not set, > >>>use normal procedure. > >>> > >>>code: > >>> > >>>server: > >>>$_SESSION[random]=create_random_string(); > >>> > >>>client: > >>>function onsubmit(form) { > >>> form.hiddenfield.value= md5( md5(form.password.value) + > >>>form.randomstring.value); > >>> form.password.value=''; > >>> return true; > >>>} > >>> > >>>server: > >>>if($_POST[hiddenfield]) { > >>> $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > >>> AND > >>>'$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))"); > >>> > >>>} else { > >>> $res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]' > >>> AND password=MD5($_POST[password]"); > >>>} > >>> > >>>this example assumes passwords are stored as md5 hashes in the database > >>> > >>>Scott Fletcher wrote: > >>> > >>> > >>> > >>>>Here's the challenging project I'm doing. I'm trying to encrypt the > >>>> > >>>> > >>user_id > >> > >> > >>>>and password in javascript and submit it. Then have PHP to decrypt the > >>>>user_id and password. The only problem I have is I don't know what > >>>>javascript function or javascript algorithm that can also work the same > >>>> > >>>> > >>way > >> > >> > >>>>as the php function or php algorithm. Anybody know? > >>>> > >>>>Thanks, > >>>>FletchSOD > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >> > >> > > > > > > > > > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
