I want to send form data via url to another domain in encrypted form
<form action="http://localhost:85/abc/?<?php echo $_POST['name'] ?>" method="POST">
First name:<br>
<input type="text" name="name" placeholder="name">
<input type="submit" value="Submit">
</form>
While searching for solution I found different way but none of them works for me. For e.g. I found if I use GET method in form then I can send data like this
<form action="http://localhost:85/abc/?<?php echo $_GET['name'] ?>" method="GET">
Its working But the problem with this solution is that it don't send data in encrypted form + I can't change my form method from POST
to GET
Because from is created by plugin called caldera forms
. I only can change form action in it.
As per another solutions I tried to use action like this
<form action="http://localhost:85/abc/?<?php echo $_REQUEST['name'] ?>" method="POST">
But this also didn't work for me. Any suggestion what else I can try. Right now I am testing it in localhost by creating a small form not by plugin.
I found a solution of my problem and sharing with everyone. This solution works in 4 steps as follow.
Step 1: For encryption and decryption, I am using following functions in my functions.php
file.
function Encryptstr($password, $data)
{
$salt = substr(md5(mt_rand(), true), 8);
$key = md5($password . $salt, true);
$iv = md5($key . $password . $salt, true);
$ct = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $data, MCRYPT_MODE_CBC, $iv);
return base64_encode('Salted__' . $salt . $ct);
}
function Decryptstr($password, $data)
{
$data = base64_decode($data);
$salt = substr($data, 8, 8);
$ct = substr($data, 16);
$key = md5($password . $salt, true);
$iv = md5($key . $password . $salt, true);
$pt = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ct, MCRYPT_MODE_CBC, $iv);
return $pt;
}
I was told that encryption function can't be performed on action
path of form directly So I am using another way for it. I am redirecting form to a page and on that page I am encrypting my form field.
Step 2:
First build a simple form like this and in action of form I have given path of page in which I will perform encryption
<form action="http://localhost:85/xyz/" method="POST"> //In action I am giving path to the page in which I will perform encryption
<input type="text" name="fname" placeholder="First Name">
<input type="submit" value="Login">
</form>
Step 3: After form redirect to this page, I store data of my form field in a variable and encrypt it as follow
$name = $_POST['fname']; //fname is the name of the form control (Text Box)
// Performing encryption on it like this
$encrypt = Encryptstr('myPass123', $name); // Here "myPass123" is the key that will be use to encrypt and decrypt and "Encryptstr" Is function that I have put in functions.php as shown above.
After encrypt form data and storing it in a variable ($encrypt) I make another form whith hidden fields But in this form I am using GET
method instead of POST
.
<form action="http://localhost:85/abc/" method="GET">
First name:<br>
<input type="hidden" name="fname" value="<?php echo $encrypt; ?>">
<input type="submit" value="Login">
</form>
In the value field of form's hidden field I used $encrypt varible in which I have stored the encrypted form of data earlier. I put it in value
option so that we don't need to enter value again. And after clicking on Submit button form will send data to my mentioned page (Mentioned in action of form).
So this data will transmit via url something like this
http://localhost:85/abc/?fname=sdfhf3jh4jhdfjsdffsf
As you can see fname field is encrypted if I haven't put encryption then output will be like this
http://localhost:85/abc/?fname=Entered_value_by_user
Step 4: So in last step I just need to fetch data from url for that I used GET
method like this. This is the page where encrypted data redirects
if(isset($_GET['fname'])) //Getting the value of fname field from url via GET method
{
$entry = $_GET['fname']; // Storing value in a variable
//Decripting value using Decryptstr function where 'myPass123' is the key that we used to encrypt and same key needed to decrypt
echo 'Result: '.Decryptstr('myPass123', $entry);
}
Reference: http://heiswayi.github.io/php-encryption-decryption-and-password-hashing.html
Note: This method works very well But I don't know what is the level of security this method provides. I had two option for encryption first using
ECB
and second usingCBC
. So I searched on google to find out which is more secure to use. So I found a good article that describesECB vs CBC
In detail. And after reading article I found thatcbc
is more secure. Thats why I am usingCBC
.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments