https://stackoverflow.com/questions/23451956
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou should not use md5 for hashing passwords.
If you want to learn to hash your user password safely then have a good read of How do you use bcrypt for hashing passwords in PHP? and Secure hash and salt for PHP passwords .
I will send the name and password via GET
Never use GET for login in, yes it shows in the url but also it shows the GET parameters in the server request log.
I just want to hide the characters from people around the user computer.
Using the form input type type="password" will solve that issue. But there is also the issue of Man-In-The-Middle attacks whereas an attacker can inject themselves into the packet routing mechanism and capture & record then re-route every packet between hops, capturing POST, GET ect parameters. So you should at least use SSL to encrypt the connection packets between point A and point B if your serious about securing your users/site from an easy hack.
But to answer your question here is what you asked(ish) o_O, your need to use javascript to process the form before its POSTed, but it obviously wont work if javascript is off:
<?php echo '<pre>'.print_r($_POST,true).'</pre>';?>
<script type="text/javascript"
src="http://github.com/kvz/phpjs/raw/master/functions/xml/utf8_encode.js"></script>
<script type="text/javascript"
src="http://github.com/kvz/phpjs/raw/master/functions/strings/md5.js"></script>
<script type="text/javascript">
<!--
function pwd_handler(form)
{
if (form.password.value != '')
{
form.md5password.value = md5(form.password.value);
form.password.value = '';
}
}
//-->
</script>
<form action="" method="post" onsubmit="pwd_handler(this);">
<input type="text" name="username" />
<input type="password" name="password" />
<input type="hidden" name="md5password" value="" />
<input type="submit" value="Log in" />
</form>
