Scott Fletcher wrote:
Hey! There's no MD5 in Javascript which is why I post hte question in the
first place. Now I lost 5 hours of my time working on writing this script.
You're going to have to be careful because you had to make sure there is MD5
features in Javascript before posting a reply.
I found a workaround to it. You have to manually create a MD5 algorithm in
Javascript. I did the google search and got this, it is at
http://www-adele.imag.fr/~donsez/cours/exemplescourstechnoweb/js_securehash/
. Pretty cool, isn't it!!!!!
Take care,
Scott
"Scott Fletcher" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I'll look into this and try it out. The only thing that is important tome
is that the password get encrypted before transmitting across theinternet.
I'm not worry if the JS is disabled because if it is then the login will
never be authenticated. I'll keep on exploring for way to increase
security. Thanks for the response.
"Marek Kilimajer" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
The way you want it can be securely done only using asymetricuser_id
encryption, which is not available to JS.
Do you really need to encrypt user_id? You could use md5 to hash
password with some random string,
store the hash in a hidden field and erase password. On server side if
the hidden field is set compare it
whith a hash you create with password and the random string (keep the
string as a session variable, don't
pass it as a form hidden field). If the hidden hash field is not set,
use normal procedure.
code:
server:
$_SESSION[random]=create_random_string();
client:
function onsubmit(form) {
form.hiddenfield.value= md5( md5(form.password.value) +
form.randomstring.value);
form.password.value='';
return true;
}
server:
if($_POST[hiddenfield]) {
$res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]'
AND
'$_POST[hiddenfield]'=MD5(CONCAT(password,$_SESSION[random]))");
} else {
$res=mysql_query("SELECT * FROM users WHERE user='$_POST[user]'
AND password=MD5($_POST[password]");
}
this example assumes passwords are stored as md5 hashes in the database
Scott Fletcher wrote:
Here's the challenging project I'm doing. I'm trying to encrypt the
wayand password in javascript and submit it. Then have PHP to decrypt the
user_id and password. The only problem I have is I don't know what
javascript function or javascript algorithm that can also work the same
as the php function or php algorithm. Anybody know?
Thanks,
FletchSOD
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
