very dynamic

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
daregazi
Forum Newbie
Posts: 15
Joined: Mon Dec 08, 2008 1:49 pm

very dynamic

Post by daregazi »

Hi,

for a security reason I experienced, I wish to ask you guys is it possible that before submitting a form's input values (actually happens when the user fills the form in and presses the submit button), every field that she fills in could be passed and stored on the server individually and how? (in a php code)

Thanks for any quick response!
Mark Baker
Forum Regular
Posts: 710
Joined: Thu Oct 30, 2008 6:24 pm

Re: very dynamic

Post by Mark Baker »

daregazi wrote:for a security reason I experienced, I wish to ask you guys is it possible that before submitting a form's input values (actually happens when the user fills the form in and presses the submit button), every field that she fills in could be passed and stored on the server individually and how? (in a php code)
It's possible using javascript to trap change of fileds, and then an ajax call to pass that information to the server, but I wouldn't recommend it, and would refuse to visit any page that did it.
It's the same basic principle that keyloggers use.

There is no need for it, security or otherwise, so why do you want to do it?
daregazi
Forum Newbie
Posts: 15
Joined: Mon Dec 08, 2008 1:49 pm

Re: very dynamic

Post by daregazi »

Actually I dont wanna implement it, but I visited a page and I suspect that it might have had such a feature on. I looked at the page source code and there was only a javascript function to validate the form on submission, nothing else I could see of any Ajax code.

Shall I still suspect that you think that my visit to that page and un-complete data entry was harmless??? (I mean Ajax functionality of sending data to server asynchronously was off?? )

Thanks again
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: very dynamic

Post by josh »

You could do something like like including a salt in a hidden field, when the form is submitted javascript reads the salt and hashes the raw password + the salt and replaces the text fields, salts would be kept track of on the server side, essentially you can block out replay attacks in case your login isnt behind SSL ( also SSL has been cracked ).
User avatar
papa
Forum Regular
Posts: 958
Joined: Wed Aug 27, 2008 3:36 am
Location: Sweden/Sthlm

Re: very dynamic

Post by papa »

daregazi wrote:Actually I dont wanna implement it, but I visited a page and I suspect that it might have had such a feature on. I looked at the page source code and there was only a javascript function to validate the form on submission, nothing else I could see of any Ajax code.

Shall I still suspect that you think that my visit to that page and un-complete data entry was harmless??? (I mean Ajax functionality of sending data to server asynchronously was off?? )

Thanks again
They most likely still have server side validation though.
daregazi
Forum Newbie
Posts: 15
Joined: Mon Dec 08, 2008 1:49 pm

Re: very dynamic

Post by daregazi »

Mark Baker,
thanks for your reply! I cannot see any ajax code or extra javascript code inside the page source code. Do you think that it is unlikely to have asynchronous data transfer between what is inserted into the client side form input fields and the server? Or still those ajax code could be hidden from the page source code?
and also you said that you would refuse to visit such pages! How are you going to know that a page (containing a form) you are visiting has got this feature on???

appreciate your reply.
Post Reply