PHP - Way To Encrypt Url Parameters?

Hi, for my php program running in command line (windows cmd), the user must login first, so my ques is how can they enter the password as *****
when they are typing for example?

all help appreciated.

Hello!

I've got an issue! I'm trying to pass a very very long variable from JS to PHP through $_GET, but it seems too long for get.

Is there any encryption function that works on both JS and PHP, so I can encrypt it in JS, send it though GET and decrypt it in PHP?

Thanks !

Can php encrypt a link so that it's hidden or expires after a download or x number of days? An example of this use would be on music download sites.

Hey guys!
I have a doubt and this is a question that relates Flash and PHP...

I have a flash (swf) file that grabs/sends variables from/to php.
That swf file is FULLY encrypted and the paths to the PHP urls are also encrypted.

Is there any other way a hacker could find out where and which my PHP files are located/named?

Any ideas, suggestions?
Thanks in advance!
Cheers,

This is my code it's not working.

$username = $_POST['username'];


        $password = $_POST['password'];
        $encrypt_password = md5($password);

        $email = $_POST['email'];


        $usrsql = "SELECT * FROM $tbl_name WHERE username='$username' AND password='$encrypt_password'";

//--> Below is the INSERT Code

$query = "INSERT INTO `x_users` (username, password, email) VALUES ('$username', '$encrypt_password', '$email')";

        $result = mysql_query($query);

        if($result == 1) {

            print("Thank you, your accout has been created!");
        }

Can anyone tell me why the md5() function is not working?
Edited by Tom8001, 28 November 2014 - 07:49 PM.

How can I encrypt POST data from a form? Basically, I want to ensure that the data on the form is not in plain text ever. Is this possible?

<form method="post">
<input type="text" name="email" size="40">
<input type="password" name="password"/>
...


Basically, when this posts, I want to do a foreach on $_POST and see something like:
password = 1f3870be274f6c49b3e31a0c6728957f
  and not
password = stringTheUserTyped

I hope what I'm asking for is clear.
(PHP 5.2.14)

Thanks!

I am currently recoding a website from ASP to PHP.

The aim is for a customer to add items to a cart, fill in their credit card details.
Then an email is encrypted (on the secure website) and sent to the client.

The client then opens the email on her PC and it is decoded either when she opens the e-mail, or downloads an attachment that can be opened by a program
that requires a password. Once entered the order is revealed, the e-mail is decrypted.

I just wondered if anyone has any link to sites where I can download the de-crypting software to install on the clients machine.

Or any other ideas on sending an encrypting email and decrypting on the recipients computer.

Many thanks.

Hi.

I have made a login script, but I would wan't to encrypt the password.
I followed a tutorial and got this:
login.php
<?php
$password = "secret";

echo $password;
/* displays secret */

$password = sha1($password);

echo $password; 
/* displays e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4 */
?>
<form action="validate.php" method="post">
  <label for="username">Username</label>
  <input type="text" name="username" id="username" />
  <br />
  <label for="password">Password</label>
  <input type="password" name="password" id="password" />
  <br />
  <input type="submit" name="submit" value="Submit" />
</form>
<?php
?>

validate.php

<?php
include "setup.php";

/* get the incoming ID and password hash */
$username=$_POST['username'];
$password=$_POST['password']; 
$password=md5($password); // Encrypted Password

/* establish a connection with the database */
$server = mysql_connect("$db_host", "$db_username","$db_password");
if (!$server) die(mysql_error());
mysql_select_db("$database");

  
/* SQL statement to query the database */
$query = "SELECT * FROM users WHERE Username = '$username' AND Password = '$password'";

/* query the database */
$result = mysql_query($query);

/* Allow access if a matching record was found, else deny access. */
if (mysql_fetch_row($result))
  echo "Access Granted: Welcome, $username!";
else
  echo "Access Denied: Invalid Credentials.";

mysql_close($server);  
?>

Its the line $password=md5($password); // Encrypted Password
that messes everything up.
If I delete it and login, everything is fine, if I add it it says Code: [Select]
Access Denied: Invalid Credentials
I need help with this one!
And if someone have time, give me some ideas how to make PHP scripts safer!

Regards
Worqy

Hello everyone... I am developing a software as a service program for use by multiple companies, each would have their own instance of the application... The part that I am not really to clear on, is what would be the most secure, with low latency, PHP method of encrypting/decrypting data to and from the database... all data is sent over SSL... I would also want to use a unique key for each company... Access to the program itself is protected from the outside by a user based log in system...

I have an ecommerce site on shared hosting enviroment. My ecommerce site stores customer data (name, address, email, phone, and item purchase) in mySQL database.

(No super private data like credit card numbers or social security numbers.)

Using openssl (openssl_cipher, iv, etc.), I've been encrypting this customer data and storing the encrypted data in mySQL.

Today, I'm thinking "what's the point." It's like having a lockbox with the key on the wall above...

My thoughts:
1. The "secret cyphers" are located on my server, so if someone hacks my server, they'll get the secret cyphers anyway.
2. Encrypting the Customer Data will add, at the most, 5 extra minutes, for the hacker to find.
3. Perhaps if mySQL was stored on a different server, encrypting may be useful... but mySQL is on same server.
4. On the flipside, if I did get hacked, at least I could demonstrate I tried my best to encrypt what I could...

What do you all think?

Sorry for my bad english. I am not from around these parts.

 

Hi.
I  purchased software for a PayPal subscription management system, and it relies on user verification by way of a username (email address) and a hashed password.

I have also developed my own login scripts for an application which also uses a hashed md5 password and all that works fine. I want to integrate my scripts with the purchased software using the supplied mySql database tables.

My problem is that the supplied software goes a step further than a hashed md5 password by applying initializing vectors to the hashed password. I cannot figure out how to modify my login code to accommodate the encrypted password that appears in the database.

It is beyond my current abilities to work this out on my own. I'd really appreciate it if anyone can help.

I've attached my own login script below, and Ive attached what I believe is the decryption code that comes with the purchased software. There is also a database file that relates to this.

Hope someone can help me.

<?php
session_start();
if ($_POST['password']) {
//Connect to the database 
    include_once "db_connect.php";    
$email = stripslashes($_POST['payer_email']);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = preg_replace("/[^A-Za-z0-9]/", "", $_POST['password']); // filter everything but numbers and letters
$password = md5($password);
// Make query and then register all relevant database data into SESSION variables.
$sql = mysql_query("SELECT * FROM sec_tblusers WHERE payer_email='$email' AND password='$password' AND signedup='1'") or die("failed"); 
$login_check = mysql_num_rows($sql);
if($login_check > 0){ 
    while($row = mysql_fetch_array($sql)){ 
        // Get member data into a session variable
        $id = $row["recid"];   
        session_register('recid'); 
        $_SESSION['recid'] = $id;
   
        $payer_email = $row["payer_email"]; 
        session_register('payer_email'); 
        $_SESSION['payer_email'] = $payer_email;
        
        $password = $row["password"]; 
        session_register('password'); 
        $_SESSION['password'] = $password;        
           
        $iv = $row["iv"]; 
        session_register('iv'); 
        $_SESSION['iv'] = $iv;
         
        $signedup = $row["signedup"]; 
        session_register('signedup'); 
        $_SESSION['signedup'] = $signedup;
         
        $lastlogin = $row["lastlogin"]; 
        session_register('lastlogin'); 
        $_SESSION['lastlogin'] = $lastlogin;
    
        // Update last_log_date field for this member now
        mysql_query("UPDATE sec_tblusers SET lastlogin=now() WHERE recid='$id'");
        // Print success message here then exit the script
        //header("location: member_profile.php?id=$id"); 
        header("location: adduser.php?id=$id"); 
        exit();
    } // close while
} else {
// Print login failure message to the user and link them back to your login page
  print '<br /><br /><font color="#FF0000">You do not show in our records as a subscriber. Has the subscription expired?</font><br />
<br /><a href="../main.php">Click here</a> to go back.';
  exit();
}
}// close if post
?> 

What I think is the decrypting code that comes with the purchased software goes like this.

<?php 
//---------------------------------------
//Given the payer_email address, return the decrypted password
function getpassword($payer_email, $dbhost, $dbusername, $dbpass, $dbname, $dbprefix, &$message) {

    $dl = new DataLayer();
    $dl->debug=false;
    $dl->connect( $dbhost, $dbusername, $dbpass, $dbname )  or die ( "Database connection error " . $dl->geterror() );
       
    //SELECT password, iv FROM sec_tblusers WHERE payer_email = '" . $payer_email . "'"
    $cols = array("password", "iv");
    $table = $dl->select( $dbprefix."sec_tblusers", "", $cols, "payer_email = '$payer_email'", "" );

    if ($dl->geterror()) {
        $message = "SQL error - user.php ref 58 " . $dl->geterror();
        exit;
    }

    $IV = $table[0]['iv'];
    $password = $table[0]['password'];

    $decryption = new password($IV, $password);
    $decryption->decode();
    $decode = $decryption->getdecodedtext();

    return $decode;

}


//------------------------------------
?> 

The database table is here.

Code: [Select]
-- Table structure for table `sec_tblusers`
--

CREATE TABLE `sec_tblusers` (
  `recid` int(11) NOT NULL AUTO_INCREMENT,
  `payer_email` varchar(100) NOT NULL,
  `password` varchar(50) DEFAULT NULL,
  `iv` int(11) DEFAULT NULL,
  `signedup` int(11) NOT NULL DEFAULT '0',
  `signupdate` datetime NOT NULL,
  `lastlogin` datetime NOT NULL,
  PRIMARY KEY (`recid`),
  UNIQUE KEY `payer_email` (`payer_email`),
  KEY `password` (`password`),
  KEY `signedup` (`signedup`),
  KEY `lastlogin` (`lastlogin`),
  KEY `signupdate` (`signupdate`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=22 ;

--
-- Dumping data for table `sec_tblusers`
--

INSERT INTO `sec_tblusers` (`recid`, `payer_email`, `password`, `iv`, `signedup`, `signupdate`, `lastlogin`) VALUES
(5, 'someone@gmail.com', 'cRbeAWgN3 ', 316, 1, '0000-00-00 00:00:00', '2010-11-10 22:29:06'),
(6, 'someoneelse@gmail.com', 'cRbeAWgN3 ', 269, 1, '0000-00-00 00:00:00', '0000-00-00 00:00:00');
I suspect that there may be some other relevant code in the purchased software, and I could hunt that up if someone could tell me what I should look for.

Anyway, I'm really in need of some help, or some advice.

Cheers, everyone.

I got two links with a parameter with a value. When I click either link it will send me to the same challenge.php page, I'm wanting to find the value of the parameter and display the page according to what value the parameter has in the url.
This script doesn't seem to be working.
Code: [Select]
<a href="http://www.site.com/challenge.php?id=1">Complete Challenge 1</a>
<a href="http://www.site.com/challenge.php?id=2">Complete Challenge 2</a>
Code: [Select]
$id = $_GET['id'];
if ($id=1) {
        echo "This is challenge 1 completed";
} elseif ($id=2) {
echo "This is challenge 2 completed";
 else {
echo "The URL parameters didn't work";
}
Any help would be appreciated thanks.

Not experienced coding PHP and need help doing something which is probably very easy but looks like Mt Everest to me.
Want a web page working locally in Windows 10 local PC that has fields where multiple URL parameters can be filled in:

FOO = 123456

BAR = abc

Then, write URLs with those variables and have them work the same in a browser:

http://webpage1.com/?var1=FOO&var2=BAR
would send 
http://webpage1.com/?var1=123456&var2=abc

http://webpage2.com/?var1=FOO&var2=BAR
would send 
http://webpage2.com/?var1=123456&var2=abc

http://webpage3.com/?var1=FOO&var2=BAR
would send 
http://webpage3.com/?var1=123456&var2=abc

If I update the fields in my local webpage and refresh browser, would like the new value(s) to be used instead.

Any help with this greatly appreciated. If someone will put a file together think that I can edit and modify from there for my specific application.

Thank you.

Edited December 1, 2020 by Xclone

Hi hello,

Right now I have this generated URL:

mywebsite.com/thisismypage?compare0=50&compare1=112&compare2=512

Is there anyway to "extract" the 50, 112, and 512 dynamically?

Those numbers are the Item ID's, I need them for further operations.

So is there a way to extract the IDs, maybe into an array?

The ID's are dynamically rendered, as well as the "compare#".

Not sure if I am being clear... hopefully this makes sense.

All help is appreciated.

Thank you.

I am making a function it returns one thing, but I would the like to put something into a variable to use outside the function.

for example, the third parameter in preg_match() sets a variable that you can then use later in your code, how can I create a parameter like that?