I want to include some AES encryption in my self-teaching website, but have run into a problem I can't figure out. The problem is I want to encrypt a text input field (Full Name), have it stored in the db encrypted, but show UN-encrypted on the client side (in the same input field) when I'm looking at the page/entries. In other words, I just wanted it encrypted in the database, but see it in plain text.
The problem is (I believe) that I have an array of inputs and I'm probably not accounting for that. This page I'm learning on is called FRIENDS. I have a dynamic table system that allows me to add a row for every friend I want to store to include address, email, and telephone. I'm just trying to learn with encrypting the name. So far, I can encrypt to the database, but I'm not seeing the output in plain text.
One last thing... I'm not entirely sure I'm encrypting the value entered into each input field separately. I looked at the encrypted entries in the db and they all look the same, which I don't think should be the case. Would be grateful for any help, but please keep in mind I'm just a beginner.
Thank you in advance for any help.
Code: Select all
<?php
if(!isset($_SESSION))
{
session_start();
}
include_once ("../_includes/dbconnect.php");
include('../_classes/padCrypt.php');
include('../_classes/AES_Encryption.php');
include('../_config/key.php');
$AES = new AES_Encryption($key, $iv);
$encrypted = $AES->encrypt($txtbox);
$decrypted = $AES->decrypt($encrypted);
$last_update = date('m-d-Y') ;
if ($_POST['submit'])
{
// ----------------------------------------------------------------------------------------------------------
// Retrieve userid, account, and usertype from user's table and add to friends table
// ----------------------------------------------------------------------------------------------------------
$query = "SELECT userid, account, usertype, user FROM users WHERE username = '".$requestor."' " ;
$result = mysql_query($query);
if (!$result) die(mysql_error());
else
{
$row = mysql_fetch_object($result);
$userid = $row->userid;
$account = $row->account;
$usertype = $row->usertype;
$user = $row->user;
}
// ----------------------------------------------------------------------------------------------------------
// Delete previous entries and submit new ones.
// ----------------------------------------------------------------------------------------------------------
$q = "Delete FROM friends WHERE username = '".$requestor."' " ;
$result = mysql_query($q) or die("query: $query<br>" . mysql_error());
foreach ($_POST['txt'] as $key => $val)
{
if (!empty($val))
{
$txtbox = mysql_real_escape_string($_POST['txt'] [$key]);
$address = mysql_real_escape_string($_POST['address'] [$key]);
$email = mysql_real_escape_string($_POST['email'] [$key]);
$phone = mysql_real_escape_string($_POST['phone'] [$key]);
$fields = " userid = '$userid',
account = '$account',
usertype = '$usertype',
user = '$user',
name = '$encrypted',
address = '$address',
email = '$email',
phone = '$phone',
last_update = '$last_update' ";
$sql = "INSERT friends SET ".$fields.", username = '".$requestor."' " ;
mysql_query($sql,$con) or die("query: $query<br>" . mysql_error());
}
}
}
$txtbox = $address = $email = $phone = array();
// Default number of empty dynamic table Rows on the form & set variables
for ($i = 0; $i < 6; $i++)
{
$txtbox[$i] = "";
$address[$i] = "";
$email[$i] = "";
$phone[$i] = "";
}
$query = "SELECT name, address, email, phone, last_update FROM friends WHERE username = '".$requestor."' " ;
$result = mysql_query($query);
if (!$result) die(mysql_error());
else
{
$i = 0;
while ($row = mysql_fetch_object($result))
{
$txtbox[$i] = $row->name;
$address[$i] = $row->address;
$email[$i] = $row->email;
$phone[$i] = $row->phone;
$last_update = $row->last_update;
$i++;
}
mysql_free_result($result);
}
?>