I'm currently trying to make a email verification sender in case an individual didn't receive the email to verify their account. Where my issue comes in is that I have to echo the individuals email into javascript (along with their name and other things). I don't want individuals to open the source code and see that their email is there within javascript, is there a way that I can encrypt this json encode? Here is my script for Verification.php
<script type="text/javascript">
$(document).ready(function() {
$("#cliq").click(function() {
//get input field values
var ndxr = <?php $to_Email = $_SESSION['SESS_CONTROL_EMAIL']; echo json_encode($to_Email); ?>;
var fvje = <?php $vcode = $_SESSION['SESS_CONTROL_VCODE']; echo json_encode($vcode); ?>;
var name = <?php $name = $_SESSION['SESS_CONTROL_FIRST']; echo json_encode($name); ?>;
var proceed = true;
if(proceed)
{
post_data = {'ndxr':ndxr, 'fvje':fvje, 'name':name};
$.post('verifye.php', post_data, function(response){
if(response.type == 'error')
{
output = '<div class="error">'+response.text+'</div>';
}else{
output = '<div class="success">'+response.text+'</div>';
}
$("#result").hide().html(output).slideDown();
}, 'json');
}
});
});
</script>
And here is the verification page Verifye.php
$name = filter_var($_POST["name"], FILTER_SANITIZE_STRING);
$user_Email = filter_var($_POST["ndxr"], FILTER_SANITIZE_EMAIL);
$vcode = filter_var($_POST["fvje"], FILTER_SANITIZE_STRING);
Any way of preventing the user's email from displaying?
Don't display it at all! If all this data is present in your session, there's no need to pass it to the user in the first place — the script that you're POSTing to from AJAX can pull that data out of the session itself.
the way I would do this is by using base64_encode function and the base64_decode function on the other end.