How to encrypt the value passed through post?

L

Lev Rozanov2017-04-12 13:11:04

PHP

Lev Rozanov, 2017-04-12 13:11:04

Good day!
Checking for date matching (creation date and expiration date)

if($create_date < $expire_date){
    $access = 'yes';
  } else {
    $access = 'no';
  }

The next step is to submit the form via post. There is a hidden field in the form, in the value of which the value is passed as is (yes or no).
On the page where the form sends, there is a check for the value, if yes, then we show the content, if no, then we don’t show it (sorry for the kindergarten)
Naturally, if you manually change the value value from no to yes and submit the form, you can get access.
The question is, how to encrypt the value value of a hidden field on the page with the form and how to decrypt the value on the page with form processing, in order to protect against manually changing the value value?
Thanks in advance!

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Anatoly Sergeevich, 2017-04-12
@MetisKot

base64_encode()
base64_decode()

By the way, here is one crypoPad library that can perfectly cope with your task, I myself have used it many times

R

Rsa97, 2017-04-12
@Rsa97

It makes no sense to encrypt. With the same success, you can immediately write 'yes' in the desired form field right in the browser.
And the visibility of the desired page elements can be switched.
All checks should be exclusively non-server side, the server should not give the client data that the client should not see.

M

mletov, 2017-04-12
@mletov

So can you do this check on the receiving side and not send sensitive data through POST?