tags:

views:

1103

answers:

1
+1  Q: 

Https, Php secure login page?

Hi, I am new to php, I can do a simple login page, e.g create form, submit form, process and authenticate in a php page and so on.

I read somewhere on the internet, and saw some big companies like banks, google and yahoo, their login form is in "https" not "http". So I try google what is "https" thing. Well, I could not say I fully understand what that thing is, but I think I know the concept, i.e. create a more secure login page.

I believe php could do it (cause I saw wordpress using https, and wp is using php). Is there any tutorial or can you guys give a sample code on how to do a secure login https page with php? Not necessary full code ( cuz I dun want to trouble you guys ), but if can give a full code, would me most appreciated :)

+1  A: 

You need to buy a SSL certificate from a company like Verizon or InstantSSL. Then, you will need a web host who has Open SSL or another software for processing SSL certifcates installed.

When you purchase a certificate from Verizon/Instant SSL, they will give you some encrypted code using which you could configure your Open SSL software, and then having https:// urls will work.

This isn't something you can do using plain php.

Click Upvote  2009-07-28 03:40:14
Thanks. I think I know what to do know.
bbtang  2009-07-28 03:51:35
You're welcome :). If you have any other questions feel free to comment here and i'll answer.
Click Upvote  2009-07-28 03:55:19
Okay. Is there anything I need to pay attention when I write the php code after purchasing the certificate? And should I purchase this certificate for my website? Can 1 certificate use for many pages? E.g, login, update profile, payment etc.. Um, did I asked too many questions? :blush:
bbtang  2009-07-28 04:03:43
Yea, your https will work for all pages under your domain name, but if you make a different website under another domain you'll need another ssl certificate. I don't think you need to pay attention to anything in particular in your php code.
Click Upvote  2009-07-28 04:08:35
Okay, got it :)
bbtang  2009-07-28 04:11:08
There is some PHP work to do: If you have a security certificate your site is still accessible in the normal, non-secure HTTP fashion. Your PHP should check (using `$_SERVER`), whether a page is being accessed by HTTP or HTTPS. If the page should be secure, and it isn't, issue a redirect to the HTTPS version.
TRiG  2010-07-13 19:11:57

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases