Home » questions » form login?

form login?

3
2006-08-09 11:38:17, Category: Programming & Design
hi all, I hav created a registration form using html, php. my design is fully in HTML and i receive the username, password, hint, pincode, email id etc through PHP's POST method. Now how can i protect the users information when they click on the registration form's submit button. Is there any way to encrypt those information and then pass it to the PHP to store?? thanks

Answers

  1. Deoji

    On 2006-08-09 12:00:19


    To secure the data as it passes from the Client to the server you would need to setup SSL services on your web server. This is usually pretty costly but some hosting services like ehostpros found at http://www.ehostpros.com/ offer general SSL for Free. Once you are able to get the data to your server securely then you will want to store the critical data in your Database in an encrypted form. Sometimes the best way to do this is to Encrypt the password using something like MD5. Then you keep the hash in your Database and when the user logs in you read the password they just entered then you Hash it into MD5 and compair it to the Hash in the Database. Information for doing this in PHP can be found here: http://us3.php.net/manual/en/function.md5.php

  2. jmfc

    On 2006-08-09 11:57:33


    If you use an SSL (https in the URL) for your site the communiction between the users browser and the webserver is secure. So, in that case the week point is in the storage of the data. You will want to encrypt the data before you store it in the database as this is a week point since the data will be there longer then the transit between the browser and server. I am sure php has some builtin encryption/decryption routines. You can then decrypt the information if you need to send it back to the browser for display (over SSL of course). For passwords you can one way encrypt these using hash/salt so that they can't be discovered but can be validated against. Since you should never be displaying the password anyways, you don't really care what it is, just that what they entered - when hashed - matches the original one. If you enrypt the information at the browser the javascript code is exposed to the user, therefore the encryption routine will be known to them and can be defeated.

  3. easycoder_biz

    On 2006-08-09 11:47:28


    if you want to crypt the information befor subit it to php script you can integrate some javascript functions that crypt thet info . you need you hace a decrypring function if you want o see that inf in clear text or you can allways crypt the information and commpare it with the one in db. if you want to crypt the inf in database you can use the php function md5 ( $password_crypted=md5($password_clear_text); )