如何在URL中显示加密密码

时间:2014-08-13 05:51:33

标签: php encryption get getmethod get-method

我加密了密码,现在尝试在网址中显示,但在网址中,我总是得到真实的实际密码:kimd

我想我是not passing $encrypted_string in url,请查看我的php脚本并告诉我How can i pass $encrypted_string in URL

每当我致电我的表单获取所有内容时,详细信息如:actual passwordencrypted passworddecrypted password

举个例子:

原始 upass:kimd

加密 upass:5¾VªÜly.TÀîÈ¥MÜQüÑLøø‹y\ñU

解密 upass:kimd

legals.php: - 

<?php
.......................
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $upass, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
................................
?>

我只想显示encrypted password in URL而不是实际密码,我在legals表中有两个字段,即: - unameupass

我在做错了吗?请让我知道..

3 个答案:

答案 0 :(得分:0)

首先,Its not good practice to send Password through GET parameters。它应始终通过POST参数发送

 <form method="POST" id="contact_form" action="legals.php">

您可以将其检索为:

$uname = $_POST['uname'];
$upass = $_POST['upass'];

但是如果你想在URL中加密,只需在你的.php文件中使用base64_encode() or md5()

答案 1 :(得分:0)

我绝不是一个大师,但是从你发布的代码中,看来你的查询“SELECT * FROM legals WHERE upass ='$ upass'”正在拉动非来自数据库的加密密码。虽然您已经回显了加密和解密的字符串,但我没有看到您以任何其他方式使用加密字符串的位置。

答案 2 :(得分:0)

这是您的回答,假设您可以获得$ukey$secret_key

<?php 
// Create the initialization vector for added security.
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), MCRYPT_RAND);

// Encrypt $string
$encrypted_string = mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $secret_key, $ukey, MCRYPT_MODE_CBC, $iv);

// Decrypt $string
$decrypted_string = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $secret_key, $encrypted_string, MCRYPT_MODE_CBC, $iv);
?>

<div align="center">
       <form method="get" id="contact_form" action="legal.php">
                 <p>Enter First Name</p>
                 <input type="text" name="fname" value="" />
                 <p>Enter Last Name</p>
                 <input type="text" name="lname" value="" />
                 <input type="hidden" name="uname" value="kim" /> <!-- uname could be dynamic here -->
                 <input type="hidden" name="upass" value="<?php echo $encrypted_string; ?>" /><br/>
                 <input type="submit" id="submit_btn" value="Submit" />
       </form>
</div>

在legal.php页面上:

$uname = isset($_GET['uname'])?$_GET['uname']:'';
$upass = isset($_GET['upass'])?$_GET['upass']:'';
$con = mysqli_connect(" "," "," "," ");

$result = mysqli_query($con,"SELECT * FROM `legals` WHERE `upass` = '$upass'");
$row = mysqli_fetch_array($result);

   // else {echo "Username/Key Error";}
mysqli_close($con);
相关问题
最新问题