Best Way To Encrypt A Form Posted URL String?
Could someone post some examples with explanations of how to
encode/encrypt a form posted URL and then decrypt it, so that it is
very hard or currently impossible to break?
so, something like
http://localhost/page.php?product=12&price=4.50
would appear obfuscated in my browser display area like:
http://localhost/page.php?Ur7@7892yRyw&wq84y@$y8@$ (or whatever)
View Complete Forum Thread with Replies
See Related Forum Messages: Follow the Links Below to View Complete Thread
Converting The Posted String To The Value Of Html Element
I've been very confused in dealing with posted strings. For example, if I fill in a text element with "(double quote), submit it and display it in a text and a textarea, I get "(backslash followed by double quote) in the textarea element but (backslash only) in the text element. Code: <input name="somename" value="<?php if(isset($HTTP_POST_VARS['submitName'])) echo $HTTP_POST_VARS['somename']; ?>" /> I made a function which correct the misbehavings:
Name Of The Form That Was POSTed?
Is it possible to determine the name of the form that caused a page to be submitted? I have seen numerous examples of how to determine the method of the POST and how to retrieve data elements from the post, but I haven't seen any way to know the name of the form that caused the post. The page that is POSTing to my script has two forms and I'd like to know if I can determine which one of them was submitted without having to add a hidden element to the forms.
Using Referal URL, Getting Posted Data, Passing Posted To Include *HELP*
OK.. here is my problem.. I am using PHP as a frontend for executing (actually including) a vb CGI .exe file the include just does the following right now: <?php include("http://localhost/test/make.exe?f=$_GET[f]&f2=$_GET[f2]&step=$_GET[step]"); ?> What I need to do is I have a form that needs to have a "Back" button/link and a "Next" button/link .. If they click on "Back" I want it to pass the "Back" as the say... $GET[do] ... needs to equals "Back" if they click back. If they click "Next" it needs to equals "Next" .. I thought I may be able to detect what URL it is posting from because it is being posted like this: URL This would be fine except I need it to retrieve all the data from the form and I do not know if the PHP would get the data from the entire form if you passed it like this it seems like it would only get the posted info in the link.. Is there a way to make the Links as Buttons or keep them as links and then have the links/buttons submit with the different "Back" or "Next" values? Pls post code on how to do this and I would greatly appreciate it.. This is giving me a headache trying to figure it out! Thanks a lot!
How To Check That Form Is Posted ?
i have a form on a php script - the php script is signup.php, i want to check that when it is submitted when user press the submit button, it will check whether the fields are empty or filled. how do i check that the user is clicking on the submit button and not going to the signup.php as a link ? because currently, when anyone click on signup.php, it immediately showed the errors (as if the user forgot to fill up the fields - when actually he is just going there from another link ). <? if(!$name&&!$email&&!$address&&!$phone) { // all not filled up echo "Error. You must fill up your name..... ";}?>
Encrypt Form Variables During Submission?
I've been looking around the net for a solution (I'm pretty new to php) on how to encrypt a form variable before you submit it, is this possible? To give you an idea, I have a "change your password" type form and when the user enters their new password and clicks submit the password is sent out in the open before it's encrypted (md5) and put into the database. I'd like to encrypt it BEFORE I send it though. I plan on using SSL but I'd also like to see if what I'm trying is even possible.
Losing Posted Form Fields Over Https
This has been driving me nuts. I have an application running for several clients. Some run on http and two run on https. Two weeks ago, the https customers started occassionally getting kicked out to the home page. This is not every time, it's generally 1 in 10 form posts. Refreshing the page asks you to repost the info and it posts as it should have in the first place. Dumping the $_SERVER variable shows me that if things go well I get the $_POST and $_GET variables and the $_SERVER["CONTENT_LENGTH"] is a number. When the error shows up, CONTENT_LENGTH=0 and there are no $_POST or $_GET variables. I can only reproduce this over https on Linux/Apache/PHP using Internet Explorer. I cannot reproduce it using Mozilla or Opera as a browser. And I also can't reproduce it using IE over https with Windows/IIS/PHP. None of the PHP code changed and there were no new installations on the server I can point to as a possible cause. We were running PHP v4.1.1 and upgraded to v4.3.4. I have been able to trap the condition to offer our users a page to inform them to refresh so they won't lose their data. Any suggestions, ideas, places to look or ask more questions, is much appreciated. $_SERVER[SERVER_SOFTWARE] => Apache/1.3.20 Sun Cobalt (Unix) mod_ssl/2.8.4 OpenSSL/0.9.6b PHP/4.3.4 mod_auth_pam_external/0.1 FrontPage/4.0.4.3 mod_perl/1.25
Encrypt
I try to create a .htpasswd line generator and I need to know how to encrypt via php3? <? PRINT "Place this following code into your .htpasswd file."; PRINT "$username: encrypt($password)"; ?>
Notify Once Posted
While I'm writing a reply to a message, someone else writes one and posts it, now for my site I'll be making a message board. Is there anyway to tell the user that someone has posted a response while they're on the compose screen?
To Password Encrypt Or Not
Some people have suggested for me to not store the actual user's password on the database, but rather an md5 hash of it. Then compare the md5 hash of the user's password, the one they submit in the form, with that of the database. This is clear an all, and I see the benefit. But, what if the user forgets their password? Obviously you can't undo an md5 hash with today's computer, but wondering what you guys think about this issue. So, hashed passwords? Or just have encrypted passwords with some encrypt function. If so, which function do you suggest?
Encrypt And Decrypt
i am planing to make a script, and i need a way to encrypt and decrypt password and stuff. or a way to reverse the md5 function.
How To Encrypt URL Address ?
How to encrypt URL Address ? ============================== Now i 'm play about PHP language . and now i want ot know how to " advance url display " like encrypt URL Address in browser ( IE , Opera , others ) like Display ::
Encrypt Php Code?
I'm running a message board php app and one of the php files stores a username and password. That file is not encrypted, so anyone can actually get that username and password if they can get to the file... I did not develop the php bulletin board and am pretty new to php. Does anyone have any suggestions on how I could protect that file/information? It now sits on a RH 8, Apache2.0.48, PHP 4.3.4
How Do I Encrypt A Number?
How do i encrypt a number? I tried with md5() function, but it does some wierd things. For example it doesnt always store the number? Maybe because it is meant for strings?
Password Encrypt!
Can someone tell me why my database is encrypting passwords, changing into numbers and lettters. The reason this effects me is because when i try to log in the database only allows me to log in with the encrypted pass. How do i change it so it dosen't code it?
Encrypt Methods
i am looking for a page that explains the different built-in common encryption types for php (md5, sha1...etc)
Escape All Posted Variables?
this works well enough when all the elements in $HTTP_POST_VARS are scalars, but it doesn't work so hot if one or more of them is an array: <BLOCKQUOTE><font size="1" face="Verdana,Arial,Helvetica">code:</font><HR><pre> while(list($key,$val)=each($HTTP_POST_VARS)){$$key=htmlspecialchars($val);} [/code] So what I need is an easy way to tell if "$val" is an Array so that I can do something similar to each of its elements in turn.
Previous Page/Posted From
I wanna know if there's a way to find out what page/file a form was posted from. Or wich was the prevoius page/file that was linked to the currant page.
Faking Posted Variables
I have played with this some unsuccessfully and can't find any references to it on-line. What I have is a forms-based application where I POST the form. This was decided on because of security and the length limits of a URL. Now I have a need where I would like to link to a form and "fake" some of the variables that are normally posted. For example, I have a form that normally comes up where the user selects information from a combobox and on reload, the fields are then automatically filled in. I would like to be able to go to that form from other locations and fake the POST variable of the combobox so that the form will fill in when they first access it.
Editing Posted Bulletins
I have a section on my church website that pulls announcements stored in mySQL and displays them with PHP. I recently started working on a control panel so that other people could login and edit/create the announcements so as to keep it up to date and lighten my load. I use a while statement to display all of the bits of news but my question is how can I make an edit button specific to each row in the table on mysql? All I need to really be able to do is have an edit button spit out for each post that will set a session variable to that particular posts index number. I created the mysql table with this in mind and have index numbers to reference the chunks of data.
Encrypt/decrypt Functions
I have a PHP refrence book that I oftentimes use to lookup functions in. (Core PHP Programming). Which has a breakdown of both an ENCRYPT and DECRYPT functions in php, when I attempted to use one of the functions it failed... and upon further investigation (the php.net online docs) I found that no such functions exist. Does anyone know if they used to exist or perhaps that they are 4.0 functions? -- Does anyone know of similar functions in PHP that do exist? (And no, the CRYPT function won't work because I need to be able to decrypt the information.)
Unpredictable Encrypt And Decrypt
I am wondering if anyone has experienced an error encrypting and decrypting in and out of mysql. Sometimes when I decrypt then send an email to with the decrypted string it will still be encrypted. The strange thing is, this is unconsistant. Usually it will be fine, but other times it will keep something encrypted. All the values I am entering are numeric. I am however not currently checking for that.
Retaining Previous Posted Values
I have a form that if submitted correctly posts back to itself with a message that says the record was entered correctly. what I would like to do is retain the last values entered in some of the fields so that they don't have to retype everything if they want to add addtional records (it's a list of species and many times phylum, class, order do not change.) i thought I could do it with session variables but it doesn't work.
PHP/ List Authors That Have Posted More Than X Comments
I'm currently trying to implement sort of a "remember me"-addon to a newsposting script I'm using (cutenews, cutephp.com). What I need is to produce an array that contains comment-authors that have posted a set number of comments to my site. If I set this numer to 5, I want all commenter-names that have posted 5+ comments to be in the array this script is to produce. The format of the comments database is this: <unique id>¦<comment-authorname>¦<url>¦<ip>¦<comment-text>¦¦ (where ¦¦ means new comment follows - no seperate line for each comment.) Can anyone give me pointers to where I should start? This problem is really bugging me. 1, I need to search a huge text-file with hundreds of these unique comments, then I need to print a list of the authornames that have posted more than the set minimum number of comments to get listed. I'm going to use this list for a form field where people can select their name...
Outputting POSTed Data On Error
Got a form, user enters information, presses submit, then info added to my database. however, it checks to see if fields are empty when the button is pressed, if they are empty ive got it to bring up an error to say for example name, postcode empty. but the form comes back with blank fields i want it so if fields are empty form comes back with the fields that have already been filled in.
Reading Data Posted With XMLHttprequest
I'm trying to post a form (using POST not GET) using the xmlHttpRequest object. I cannot work out how to get PHP (4.1.2) to read the data which I'm submitting. Everything works fine if I use GET I can just read it from $_GET. If I use POST nothing appears in $_POST. To try to use the POST method I'm encoding the fields into a URL encoded string and sending it as the parameter to the request.send() function from Javascript. /Something/ is going out because I can see it in the LiveHHTPHeaders extension to Firefox. Presumably it's being received by the server. But how on earth do I get at it!?
Identify Server That Posted Data.
I am looking into the security aspects of a site, and would like to know if there is any way to identify the source of the data that is posted to the php page responsible for processing the data. in other words I only wantt he php code to process the data if the data was posted from a form hosted on my server.
Make Forms Keep Data After Being Posted
I'm trying to set up a simple preview-type thing for my very first blog script (im new to php and mysql). First off, heres my code for the update (place to post a new article) page (excluding the includes to connect to the database): Code:
Removing Oldest Table Row When New One Is Posted
im trying to figure out how to make it so that a user can pick how many rows they want to keep stored in a database table before an old one is automatically deleted im guessing the query would be made, then a while loop would determine how many......ahhh i dont know there has to be a simpler way of doing it..
Reading Data Posted With XMLHttprequest
To use the $_POST global without enabling the raw data in php.ini, try the following code: objXMLHttpRequest.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); objXMLHttpRequest.send('var=value&var2=value2');
MD5 Encrypt A List Of Password From A File
Does anyone have a php script that would allow me to encrypt the contents of a txt file? I have an excel file which has a list of usernames and generated passwords. What I would like to do is copy out the plaintext passwords to a txt file and then do a conversion to encrypt the passwords using MD5 encryption as they will then be imported into a MySQL database. Is that possible? I can do them one at a time using a small php script but I've approx 100+ to do.
PHP Encrypt/decrypt With Only Using Standard Characters
I've just started playing with mcrypt for encryption but not sure if I'll need to write my own. Basically I don't need anything advanced for protection but want to mask the data so it's not easily deciphered....BUT, I need the encrypted data to be something that can be used as an email address (the user portion of the address, not domain). So it needs to only output standard ascii characters I can use there. Is there an easy way to get mcrypt or another built in function to do this? If not, I have ways of building my own but would love to use something prebuilt.
Encrypt And Decrypt A Field Value From Mysql?
how to encrypt and decrypt a field value from mysql? i want to encrpt a password coming from my user before i would insert it to the database.. i used ENCRYPT on my sql statement..however when i checked the field..it was empty.
PHP Encrypt/Decrypt Whith Asymetrics Keys
I have generated two keys : "C:>openssl req -nodes -new -x509 -keyout ben.key -out ben.crt -days 3650" I try to encrypt/decrypt a string like "JOHN" with these asymetrics keys. With the following code, it works. I encrypt with the public key which is in the certificate. I decrypt with the private key. But why, the crypted message is different every time I start the programm...? __________________________________________________ _______ <?php echo "---CRYPT---<BR>"; $source="JOHN"; echo "Message : $source<BR>"; $fp=fopen("./ben.crt","r"); $pub_key=fread ($fp,8192); fclose($fp); //echo $pub_key; openssl_get_publickey($pub_key); openssl_public_encrypt ($source,$sourcecrypt,$pub_key); echo "Crypted message : ".$sourcecrypt."<BR><BR>"; $source=""; echo "---DECRYPT---<BR>"; echo "Crypted message : ".$sourcecrypt."<BR>"; $fp=fopen("./ben.key","r"); $priv_key=fread ($fp,8192); fclose($fp); $res=openssl_get_privatekey($priv_key); openssl_private_decrypt ($sourcecrypt,$newsource,$res); echo "Source decryptée : $newsource<BR><BR>"; ?> __________________________________________________ _________ Now here is my second question : In fact I encrypt with a java programm where is my certificate and I decrypt with a PHP programm like I've just explane before. __________________________________________________ _________ public String crypt(String message) { //Cert is in LDAP Certificate cert = userProvider.getUserCertificate(getCurrentUsername ()); PublicKey publicKey = cert.getPublicKey(); try{ Provider secProvider = Security.getProvider("BC"); if (secProvider == null) { secProvider = new BouncyCastleProvider(); Security.addProvider(secProvider); } Cipher encryptCipher = Cipher.getInstance("RSA", secProvider); encryptCipher.init(Cipher.ENCRYPT_MODE, publicKey); //Crypt... String resultCrypt = new String(); byte[] messageBytes = message.getBytes(); byte[] resultCryptBytes = encryptCipher.doFinal(messageBytes); resultCrypt = arr2str(resultCryptBytes); return resultCrypt ; }catch(Exception e){ //throw ... } } __________________________________________________ ______________ Why my programm PHP can't decrypt the message? I use evidently the correct private key which corresponds with the public key.
Encrypt/decrypt Automatically With PHP PDF Document Via Client CA
Does anybody know whether it is possible to encrypt AUTOMATICALLY in PHP (at the server side) an Adobe PDF document (also stored at the server side) by using a public key coming from a certificat of the client that want to retreive, decrypt (with his private key) and read the PDF document ? I would like to distribute PDF document to certified clients for which they could only read the document on their PC that owns the certificat (public/private keys) that has been used to encrypt the document at the server side and allow to decrypt it at the client side.
Embedding Form Data In A String
Forgive me for this beginner post. It is a simple question to a simple problem but I'm very new to PHP and programming. I'm simply trying to pass some form data to a mail script. Below is the mail script I'm using. The $message line is what I can't get to work. I'm picking up "$txtFName" through a form on this same page. Obviously, the single quote I show in this line doesn't work. The email I get back only shows the '', leaving it blank inside the single quotes, where the form data should be. // send a CONSULTATION ALERT TO ME echo "<html><body>"; $recipient = "jane@doe.com"; $subject = "Consultation Alert"; $message .= "A consultation has been requested by '$txtFName' "; $extra = "From: URL Reply-To: URL "; mail ($recipient, $subject, $message, $extra); What am I doing wrong?
How To Automatically Make URLs Posted In A Forum Active Links?
I've been working on modifying a forum script for some time now and its almost ready to go. You can test it at http://www.designlaunchpad.com/forum if you like. The one additional feature I want to implement is the automatic creation of a link when someone posts a URL in their message. Most forums have this, is it that tough to add in? I'm pretty comfortable editing PHP and understanding what is happening where but I suck at authoring it. I checked the manual at php.net and tried searching this forum and google but keep running into dead ends. So can someone offer me some suggestions or point me toward some help?
Form Validation - Finding Duplicates: Regular Expressions Or String Functions?
I'm trying to figure out the most efficient method for taking the first character in a string (which will be a number), and use it as a variable to check to see if the other numbers in the string match that first number. I'm using this code for form validation of a telephone number. Previous records from the past few months show that when someone is just messing around on one of our forms (to waste our time), they type in a phone number like "555-555-5555" or "111-222-3333". Our Web forms have three text boxes for each telephone number: homephone1 = area code (3 digits) homephone2 = prefix (3 digits) homephone3 = suffix (4 digits) businessphone1 = area code (3 digits) businessphone2 = prefix (3 digits) businessphone3 = suffix (4 digits) My plan is to check for this pattern, then if I find it, just redirect the user to the thank you page so they'll think the form was processed, when it actually wasn't. As we find additional patterns that people use for malicious data, I'll enter those as well (e.g., 123-123-1234) Also, if you see any tutorials, or articles that talk about "real world" form validation please point me to them. I've been looking for references for form-based validation logic that takes real world dummy data into account, but haven't found much.
Mcrypt Encrypt, Mcrypt Generic :Trying To See The Point .
This post evolved from my previous unresolved post. The more and more I read about mcrypt_ encrypt and mcrypt_generic the more examples I saw that illustrated encryption and decryption within the same script. My question is this? What's the point of encrypting something if you can't carry the encrypted data to another page and use the data in its encrypted form? No pun intended but I guess I can't see how this mcrypt_ encrypt can be applied to cookies which seemed like one of the primary applications for encryption on the web.
Attaching A String To A Normal Word Without Loosing The String
In my database I have content rows that are either called <contentname>_title or <contentname>_fulltext. now when someone clicks a link on the site it goes to index.php?action=<contentname> so I guess you see where im going.. when someone goes to such a section index.php sees $action is used and attaches it to _title and _fulltext, so u get: $action_fulltext.. basicly of cuz php now sees it as one string '$action_fulltext' and not '$action'_fulltext.
Server-Side Form Submission - Form Submits To Form, Which Autosubmits. BAD!
I have a php form from which the user fills out their name and address and clicks "Submit". The form goes to a page that stores the data in a mySQL database, then, using hidden fields, populates another form and actives with a javascript onLoad=submit() to send the information on to the final destination. I cannot control or edit the final destinations web page, which is why the interim page is needed. What I would like is for the user to fill out the form, and upon submission have the data recorded into the database and have the data passed on in a "form like way" on to the final destination BY THE SERVER, not by the use of a hidden form page that auto submits. Any suggestions? Here is the interim page's code below: <? $link = @mysql_connect($db_host_name, $db_name, $the_decoded_password) or die; @mysql_select_db($db_name) or die; $query = "INSERT INTO web_link VALUES ('', '$a', '$b', '$c','$d', '$e', '$f', '$g', '$h')"; $result = @mysql_query($query) or die; ?> <html> <head> </head> <body onLoad="document.contactme.submit();"> <form name="contactme" method="post" action="http://www.test.com/cgi/storethisdata" > print "<input type="hidden" name="first_name" value="$first_name"><br>"; print "<input type="hidden" name="last_name" value="$last_name"><br>"; print "<input type="hidden" name="email" value="$email"><p>"; print "<input type="hidden" name="phone" value="$phone"><p>"; ?> </form> </body> </html>
|
TRACKER
