So, a login must be necessary. SSL is not an option. I was thinking using javascript hashing in a login form (very similar to the challenge/response login scheme (without a challenge), so passwords or usernames are never sent over an unecrypted connection in plain text.
Username & password will be stored in a config.php file
Code: Select all
<?php
$config['username'] = 'yourusernamehere';
$config['password'] = 'yourpasswordhere';
?>Thoughts/ideas on an http secure login for an application inside of the document root? Is requiring javascript OK in this circumstance? (IE: don't have a fallback option for users without javascript)
Perhaps a $config['salt'] to make the salt unique to every user would help.