A user enters their password, and submits the login form. The password is sent to the server, authentication is run, and the hashed password matches the one stored in the database.
The onsubmit event occurs when the submit button in a form is clicked.
//Here do whatever you want to do with the form or it's values.
//can change any elements value.and hidden field
//alert("Welcome " + document.forms["logForm"]["username"].value + "!");
//Getting the two input objects
//Hashing the values before submitting
document.forms["logForm"]["password"].value = CryptoJS.MD5(pwd);
<form action="" method="post" name="logForm" onsubmit="encryptPWD();" >
<input type="hidden" name="key" value="<?php echo $key; ?>" />
<p><input type="text" name="username"/></p>
<p><input type="password" name="password"/></p>
<p><input type="submit" value=" Submit "/></p>
Implementing your own security protocol is never a good idea, unless you're a highly trained security expert, or you actually don't really care about the security and only want to create an impression of security (marketing) and stop the script kiddies.
Solution wont show your password in plain text during transit but still It's possible to do man-in-the-middle attacks.
- Vinod Kotiya