[Resolved] Forms password and md5

moboter

I have a Form which contains 3 elements 1 for the db name 1 for the db user and 1 for the db password. This form is calling a different php page.
When I submit the form these 3 variables get passed to the mysql connect function unfortunately all three variables get passed in plain text. But obviously I dont want the password readable.
How can I encrypt the password and does it get automatically decrypted in the mysql connect function?

FoxhoundX

You can simply use

<?
$password = $_POST['pass'];
md5($password);
//Insert Values Here
?>

Md5() crypts the specified string into an MD5 Hash. These are not decryptable, so you have to encrypt a user's entered password before checking to see if it correct, when you login or whatnot.

olaf

from the manual:

Rizwan Kaif (01-Aug-2003 05:58)

The md5() function is very useful for Password encryption. Keep in mind that we can not Decrypt it.
The most simplest method to use md5() function PHP with MySQL is as follows:
Insert the record into the MySQL Database using a query like:
$query = "INSERT INTO user VALUES ('DummyUser',md5('DummyPassword'))";
And then for matching the password use:
$password = md5($password);
$query = "SELECT * FROM user WHERE username='DummyUser' AND password='DummyPassword'";
In the above code you can use your Variables instead of DummyUser & DummyPassword. The length of the Password field in my DB is 60 char.
Hope this helps!! 🙂

moboter

This is the code from the form

"<form action=\"./inhalt/verbindung.php\" action=\"post\">
<table>
<tr>
<td>Schulname:</td>
<td><input type=\"text\" name=\"schule\"></td>
</tr><tr>
<td>Loginname:</td>
<td><input type=\"text\" name=\"name\"></td>
</tr><tr>
<td>Passwort:</td>
<td><input type=\"password\" name=\"password\"></td>
</tr><tr>
<td> </td>
<td><input type=\"submit\" value=\"Einloggen\"></td>
</tr>
</table>
</form>";

and this is the connect line.
Where does the encryption take place so that the passwort doesnt get transmitted in plain text. In the browser

mysql_connect("localhost",$name,$password)
or die ("Die Verbindung ist fehlgeschlagen!!<br> Sie haben eventuell keine Zugangsberechtigung für diesen Service.");
// Datenbank benutzen bzw. auswählen
mysql_select_db($schule)
or die ("Die Datenbank <b>$schule</b> wurde nicht gefunden !");

olaf

place them before the connect string...

olaf

or post the values to $PHP_SELF and use

header("Location: yourpage.php");

after the connection is done or what ever...

there are so many options based upon you wanna do...