-1

While submitting a password using an html form, I am able to see the password from the php file. Is there any way to encrypt/hide the password before submitting it to the php file?

YakovL
  • 7,557
  • 12
  • 62
  • 102
Aezaz Desai
  • 9
  • 7
  • Provide an example please, not fully understand the question – D.Dimitrioglo Aug 13 '17 at 13:23
  • 1
    It is unclear what you ask: certainly php does have the information and you can _choose_ to display it. But of course you do not _have_ to. – arkascha Aug 13 '17 at 13:26
  • 1
    Welcome to Stack Overflow! You can take the [tour](http://stackoverflow.com/tour) first and learn [How to Ask a good question](http://stackoverflow.com/help/how-to-ask) and create a [Minimal, Complete, and Verifiable](http://stackoverflow.com/help/mcve) example. It will be easier for us to help you. – Alexandre Tranchant Aug 13 '17 at 13:26
  • Possible duplicate of [How to encrypt/decrypt data in php?](https://stackoverflow.com/questions/10916284/how-to-encrypt-decrypt-data-in-php) – DCR Aug 13 '17 at 13:29
  • what you mean by hide password actually? – LogicalAnt Aug 13 '17 at 13:36
  • i mean when i submit password in html form and that data pass in php page then that time password is displayed in php page (in action page) – Aezaz Desai Aug 13 '17 at 13:38
  • this is PHP script to fetch values of registration form(from html) and display it in php page, it is simple code, it can't connect with Database – Aezaz Desai Aug 13 '17 at 13:42
  • Possible duplicate of [How to hide/protect password details in php?](https://stackoverflow.com/questions/17020651/how-to-hide-protect-password-details-in-php) – Tha'er AlAjlouni ثائر العجلوني Aug 13 '17 at 14:05

3 Answers3

1

You don't have to worry about the password being accessible in your own PHP file in your own server.

If you are talking about how to obfuscate a password in PHP before to settle it down the database, the easy way is pass it through a hash like a md5, i.e:

$pwd_hashed = md5($_POST['password']);

Remember hash is a one-way function, hence you cannot reverse it, just compare it.

But, if you are asking about how to send encrypted password from the client, then the best option is buy an ssl certificate with which you can add HTTPS to your page which makes the connection encrypted. But you can also hash the data in the client-side using a javascript for that (but it is not recommended).

Dani Akash
  • 6,828
  • 3
  • 35
  • 47
Diego Viniegra
  • 9
  • 1
  • 7
  • The easy way is to use the `password_hash($_POST['password'], PASSWORD_DEFAULT)` function. MD5 is **not** appropriate to hash passwords, because it is way too fast and can be brute-forced too easily. – martinstoeckli Aug 14 '17 at 06:24
  • Yes, md5 can be easily brute-forced, and yes md5 collition has been verified. That function is good for demostrative porpouses, please replace it with password_hash() in your work, although your framework surely will provide you an efficient security system. – Diego Viniegra Aug 15 '17 at 17:03
1

Man! It seems like you are yourself printing the password in the submit_form.php file.

Please remove the line:

echo "Password:"; echo ($_REQUEST['psw']);

from the file and it won't display it again.

Sanjay Rathod
  • 317
  • 4
  • 12
0

You should use a hash and compare in the database. 

$password = MD5("hey");
if ($password == "6057f13c496ecf7fd777ceb9e79ae285") {   
//where the string is the md5 hash for "hey". You can store it as a hash as well. 
echo ("We are in");
} else {
echo ("We are not in");
}
Isidro López
  • 31
  • 1
  • MD5 is **not** appropriate to hash passwords, because it is way too fast and can be brute-forced too easily. Please recommend the `password_hash()` function instead. – martinstoeckli Aug 14 '17 at 06:25