change or encrypt post data before submit

         
 A user enters their password, and submits the login form. The password is sent to the server, authentication is run, and the hashed password matches the one stored in the database.
The onsubmit event occurs when the submit button in a form is clicked.

    <script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/md5.js"></script>

<script type="text/javascript">
function encryptPWD()
{
//Here do whatever you want to do with the form or it's values.
//can change any elements value.and hidden field

//alert("Welcome " + document.forms["logForm"]["username"].value + "!");
//Getting the two input objects

var pwd=document.forms["logForm"]["password"].value;
//Hashing the values before submitting

document.forms["logForm"]["password"].value =  CryptoJS.MD5(pwd);
}
</script>




<form action="" method="post"  name="logForm" onsubmit="encryptPWD();" >
<fieldset>
<legend>Please Login</legend>
<p><label>UserName :</label></p>
<input type="hidden" name="key" value="<?php echo $key; ?>" />
<p><input type="text" name="username"/></p>
<p><label>Password  :</label></p>
<p><input type="password" name="password"/></p>
<p><input type="submit" value=" Submit "/></p>
</fieldset>
</form>





Implementing your own security protocol is never a good idea, unless you're a highly trained security expert, or you actually don't really care about the security and only want to create an impression of security (marketing) and stop the script kiddies.
Solution wont show your password in plain text during transit but still It's possible to do man-in-the-middle attacks.
- Vinod Kotiya

Comments