1

I'm looking for a way to encrypt a HTML form in PHP in a way so I can then decrypt it in the browser using JavaScript. This should work transparently to the user and JavaScript input validation must also work on the form (I know how to do this). When user submits the form, it must be encrypted again and sent to the server using an "AJAX" request.

Edit: this will be used as an alternative CAPCHA system, so scripts cannot submit forms, unless by some clever design.

Edit 2: I know this is brakeable, everything is. Car locks are brakeable, but we still use them. It is not meant to be ultimate CAPTCHA, but a speed bump, which will drive all but the most persistent people away.

Thank you

Improve this question
3
  • 3
    If the encrypt script will be available for everyone to see it source, what for it would be? Commented Jun 3, 2009 at 17:23
  • I think you need to give us more info. Commented Jun 3, 2009 at 17:25
  • 2
    If you're trying to stop snoopers, use ssl like grawity said. if you want to stop users, you can't, anybody can just use firebug, put a breakpoint on the line where you decrypt the form and see what it looks like Commented Jun 3, 2009 at 17:35

4 Answers 4

Reset to default
4

This is the same problem as with DRM: User has the ciphertext. The decryption is done on user's system, so user must have the key too. If user has both key and ciphertext, all encryption is pointless.

If you just want to transmit data safe from outside snoopers, why not just use SSL (HTTPS)?

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

All you can hope is to frustrate whoever is trying to reverse-engineer it long enough that they give up.
2

You can use base64.

<?php
echo base64_encode('html source');
<?

and then you can use jquery plugin: http://plugins.jquery.com/project/base64 or javascript http://www.webtoolkit.info/javascript-base64.html to decode that.

Improve this answer

4 Comments

This wouldn't be "encryption", just encoding.
Yes, but why use some encript system if the key will be visible? I think that he wants to hide html code from bots or something :)
sasa is correct, it's to make work harder for bots to harvest data or submit forms (with spam probably).
But the bots can run the javascript too. So how are you making it harder?
1

If you're trying to use this to stop spam, I've got some bad news for you:
The price of humans who'll spam blogs is falling to zero

This is a reality. On a site I run, I had a captcha system set up that spam was getting through. All but about 2 were coming from poorer regions of the world, so I had suspicions that there were companies paying people to spam. To test this I set accounts created by people in certain regions to be only visible to them and after they posted some content to alert them to the fact that their account was auto hidden. I provided them a form to contact us and complain if they were a legitimate user. Upon doing this we started getting about 10 emails a day from people angry that we had hidden their account, however upon checking the content they had added, they were spammers! It sounds crazy, but unfortunately it now seems to be humans doing the bulk of the spam. The spammers know we use captcha's, so they have adapted. :(

CAPTCHAs are fast becoming useless (if not so already). Adding a link so users can report spam and having karma levels where users are granted admin privileges so that their flagging leads to automatically hiding spam without prior confirmation (like stackoverflow does) is really the only effective way to stop spam now.

Improve this answer

Comments

0

For a CAPTCHA, the only way to defeat scripts is something that can only done by a human - such as recognizing something in an image, or doimg some math.

All decryption that's done by the browser can be just as easily done by automated scripts.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.