Encrypting the form data to insert into DB

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Calimero
Forum Contributor
Posts: 310
Joined: Thu Jan 22, 2004 6:54 pm
Location: Milky Way

Encrypting the form data to insert into DB

Post by Calimero »

This is my question:
Can the data be encrypted when the visitor inputs the form and then decripted to be inserted into the db.

Also the user data returned to "the one" should be encrypted, the code for this if possible.

NOTE: I have no expirience in encrypting in the PHP, so any help and major guidelines are appreciated
User avatar
Weirdan
Moderator
Posts: 5978
Joined: Mon Nov 03, 2003 6:13 pm
Location: Odessa, Ukraine

Post by Weirdan »

why even bother with home-made encryption? You can install SSL enabled server, put there your certificate and have the connection encrypted without any headache.
User avatar
Calimero
Forum Contributor
Posts: 310
Joined: Thu Jan 22, 2004 6:54 pm
Location: Milky Way

OK, so the steps that follow are ???

Post by Calimero »

where to find this SSL server, note I use Zend for PHP optimising
and how is the certificate issued or what is done to it
Thanks ahead !
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

check Verisign for SSL information.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

if he just wants to encode it he could do a base64_serialize()
it think thats what it is and then base64_deserialize()
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

[php_man]base64_encode[/php_man]() and [php_man]base64_decode[/php_man]() actually..
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

man sorry i was tired, mixing up functions..... :)
fastfingertips
Forum Contributor
Posts: 242
Joined: Sun Dec 28, 2003 1:40 am
Contact:

Post by fastfingertips »

Just a question:

I i get the string and i'm running the decode what should i get? The values? Because in this way is useless :D.

In this case you may try to develop your own algoritm or use some already made functions (you will find plenty of them with google) because as i know you will have to pay for Verisign services.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

true.. any real SSL cert you will have to pay for. Making your own encryption routine is a great learning experience too.
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

feyd wrote: true.. any real SSL cert you will have to pay for.
Whats wrong with openSSL?
Grim...
DevNet Resident
Posts: 1445
Joined: Tue May 18, 2004 5:32 am
Location: London, UK

Post by Grim... »

/reads question properly.

Move along now - nothing to see here :oops:
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

its not too hard to make a ssl cert with open ssl, and its just as secure as if you pay $400 for it, its just that it wont be signed by a trusted sorce so a user will get a warning when the browser encounters the cert
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

exactly my point.
User avatar
dull1554
Forum Regular
Posts: 680
Joined: Sat Nov 22, 2003 11:26 am
Location: 42:21:35.359N, 76:02:20.688W

Post by dull1554 »

if you have openssl installed on your server here is an example to make a self signed cert straight from the manula

Code: Select all

<?php 
// Fill in data for the distinguished name to be used in the cert 
// You must change the values of these keys to match your name and 
// company, or more precisely, the name and company of the person/site 
// that you are generating the certificate for. 
// For SSL certificates, the commonName is usually the domain name of 
// that will be using the certificate, but for S/MIME certificates, 
// the commonName will be the name of the individual who will use the 
// certificate. 
$dn = array( 
   "countryName" => "UK", 
   "stateOrProvinceName" => "Somerset", 
   "localityName" => "Glastonbury", 
   "organizationName" => "The Brain Room Limited", 
   "organizationalUnitName" => "PHP Documentation Team", 
   "commonName" => "Wez Furlong", 
   "emailAddress" => "wez@php.net" 
); 

// Generate a new private (and public) key pair 
$privkey = openssl_pkey_new(); 

// Generate a certificate signing request 
$csr = openssl_csr_new($dn, $privkey); 

// You will usually want to create a self-signed certificate at this 
// point until your CA fulfills your request. 
// This creates a self-signed cert that is valid for 365 days 
$sscert = openssl_csr_sign($csr, null, $privkey, 365); 

// Now you will want to preserve your private key, CSR and self-signed 
// cert so that they can be installed into your web server, mail server 
// or mail client (depending on the intended use of the certificate). 
// This example shows how to get those things into variables, but you 
// can also store them directly into files. 
// Typically, you will send the CSR on to your CA who will then issue 
// you with the "real" certificate. 
openssl_csr_export($csr, $csrout) and debug_zval_dump($csrout); 
openssl_x509_export($sscert, $certout) and debug_zval_dump($certout); 
openssl_pkey_export($privkey, $pkeyout, "mypassword") and debug_zval_dump($pkeyout); 

// Show any errors that occurred here 
while (($e = openssl_error_string()) !== false) { 
   echo $e . "\n"; 
} 
?>
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

A self certified/signed SSL certificate is still a 'real' certificate (i.e. it is not fake, forged or any less secure. it is 'real').
Post Reply