Page 1 of 1

Encrypting PHP Form with multiple fields.

Posted: Fri Mar 31, 2006 8:48 pm
by pablo1999
feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Hello,

I want to put an extra measure of security to a form by encrypting the emails going out of the server. I already tested this with my own server at home and it works properly. If you want to see the sample form I created you can go to http://ricardocrane.no-ip.info/private_mail.php. The message will be sent encrypted to my email address.

I will like to implement this functionality to a different form that has multiple fields that need to be encrypted, not just one field. 

Here I'm pasting the code that is processing the private_mail.php form. 

As you can see, the fwrite($fp, $body); is writing the contents of the body field of the message to the file that will be encrypted. 

I have a form that has multiple fields. I want to find out how to encrypt multiple fields.


This is the code that is processing the form:
==========================

Code: Select all

<?php

// create short variable names

        $from = $_POST['from'];
        $title = $_POST['title'];
        $body = $_POST['body'];

        $to_email = 'pablo@myemailaddress.com';

// Tell gpg where to find the key ring
// On this system, user nobody's home directory is /tmp/

putenv('GNUPGHOME=/home/www/.gnupg');

// create a unique file name

$infile = tempnam('', 'pgp');
$outfile = $infile.'.asc';

// write the user's text to the file

$fp = fopen($infile, 'w');
fwrite($fp, $body);
fclose($fp);

// set up our command

$command = "/usr/local/bin/gpg -a --recipient 'Pablo <pablo@myemailaddress.com>' --encrypt -o $outfile $infile"; 


// execute our gpg command

system($command, $result);

// delete the unencrypted temp file

unlink($infile);

if($result==0)

{

        $fp = fopen($outfile, 'r');
        if(!$fp||filesize ($outfile)==0)
        {
                $result = -1;
        }
        else
        {

// read encrypted file

$contents = fread ($fp, filesize ($outfile)) ;

// delete the encrypted temp file

unlink($outfile);

mail($to_email, $title, $contents, "From: $from");

echo '<h1>Message Sent</h1>

        <p>Your message was encrypted and sent.
        <p>thank you.';
        }
}

if($result!=0)

{

        echo '<h1>Error:</h1>
                <p>Your mesage could not be encrypted, so has not been sent.
                <p>Sorry.';
}

?>

feyd | Please use

Code: Select all

and

Code: Select all

tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]

Posted: Fri Mar 31, 2006 9:59 pm
by feyd
simply add the fields to the body data you are writing into the file.

Posted: Fri Mar 31, 2006 10:30 pm
by pablo1999
The following line of HTML code is from the sample form located at http://ricardocrane.no-ip.info/private_mail.php

Code: Select all

<textarea name = body cols = 30 rows = 10>
As you can see, the name is "body", which is then used in send_private_mail.php with fwrite to write the content to the file that will be encrypted.

Code: Select all

// write the user's text to the file

$fp = fopen($infile, 'w');
fwrite($fp, $body);
fclose($fp);
But let's supposed I have an HTML form with the following fields:

Code: Select all

<tr>
        <td colspan="7" height="19" valign="top"><!--DWLayoutEmptyCell-->&nbsp; </td>
      </tr>
      <!--FirstName-->
  <td height="22" valign="bottom"><font color="#cc0000">*</font></td>
      <td valign="bottom">
        <div class="txtXsmall" align="left">First Name</div></td>
      <td colspan="5" valign="bottom"><input id="authorizedfirstname3" maxlength="50" size="30" name="authorizedfirstname3">
      </td>
  </tr>
  <tr>
    <!--LastName-->
    <td height="22" valign="top"><font color="#cc0000">*</font></td>
    <td valign="top">
      <div class="txtXsmall" align="left">Last Name</div></td>
    <td colspan="5" valign="top"><input id="authorizedlastname3" maxlength="50" size="30" name="authorizedlastname3">
    </td>
  </tr>
  <tr>
    <td height="24"></td>
    <td align="left"><div class="txtXsmall" align="left"><a>Primary Phone </a></div></td>
    <td colspan="5"><font face="Verdana, Arial, Geneva, sans-serif" size="-1">
      <select name="authorizedprimaryphone3">
        <option value="" selected="selected">--- Select ---</option>
        <option value="Work">Work</option>
        <option value="Home">Home</option>
        <option value="Mobile">Mobile</option>
        <option value="Fax">Fax</option>
        <option value="Pager">Pager</option>
        <option value="DSN">DSN</option>
      </select>

      <input maxlength="50" size="12" name="daytimephone">
</font></td>
  </tr>
In the previous code I need to encrypt the fields authorizedfirstname3, authorizedlastname3, authorizedprimaryphone3 and daytimephone. In other words, how can I write all those fields to file that will be encrypted. I know I can create an include listing all the field names but how I will be able to write all those fields to the file using fwrite.

Thanks in advanced.

Posted: Fri Mar 31, 2006 10:34 pm
by feyd
multiple calls to fwrite() each using a different field as its main source of data.

Posted: Fri Mar 31, 2006 10:49 pm
by pablo1999
Can I do something like this?

Can I put all the fields in a separate file named allthefields.inc like this:

Code: Select all

$authorizedfirstname3 = $_POST['$authorizedfirstname3'];

$authorizedlastname3 = $_POST['$authorizedlastname3'];

$authorizedprimaryphone3 = $_POST['$authorizedprimaryphone3'];

$daytimephone = $_POST['$daytimephone'];
And then include the file in the PHP script like this:

Code: Select all

include ( 'allthefields.inc' );
And then when using fwrite I can somehow put that file as one of the parameters in the fwrite function?

Posted: Sat Apr 01, 2006 5:27 am
by feyd
You could do it, but the data wouldn't parse out. You'd either get the code or nothing depending on how you built it.