Hashing $_POST values.
Posted: Wed Jul 14, 2010 5:37 am
Values passed from a form using the 'post' method, can they be changed from plaintext to a hashed version prior to sending? Assume the following script sending a value to a database for login purposes :
1. Am i correct in thinking that the value of '$password' {as passed to the function (login_check_function)} is an md5 hashed value?
2. Secondly, the value of $_POST['password'] will stay plaintext until hashed by the function (create_hash)?
Is there a way to hash the value passed to the 'login.php' page? As per example :
Code: Select all
<html>
<head>
<title>Login page</title>
</head>
<body>
<form method="post" action="login.php">
<input type="text" name="password" />
<input type="submit" name="btn" value="login" />
</form>
</body>
</html>
Code: Select all
<?php
function create_hash($value) {
if ($value != '') {
$new_value = md5($value);
return $new_value;
}
//create a hashed value
$password = create_hash($_POST['password']);
//send the data
login_check_function($password);
?>2. Secondly, the value of $_POST['password'] will stay plaintext until hashed by the function (create_hash)?
Code: Select all
<?php
echo '<pre>';
print_r($_POST);
echo '</pre>';
/*
prints
Array
(
[password] => password
[btn] => send
)
*/
?>Code: Select all
<?php
/*
Array
(
[fieldOne] => hashed_password
[btn] => send
)
*/
?>