Page 1 of 1

Using SLL with login

Posted: Sat Apr 22, 2006 4:50 pm
by seodevhead
If you have a Secure Socket Layer, is it ALWAYS best to point any login form (user auth) to the https (SSL) login script? I have a members area on my website that I am building and I would like to have the features an SSL provides - as far as security - but I do not want my users to have to see that pop-up that says "You are about to enter a secure zone (or whatever) - Would you like to continue?" and such (do you know what I'm talkin bout?).

Is there anyway to use the SLL without having those annoying popups asking if users want to enter/leave protected zones, etc??? Thanks!

Posted: Sat Apr 22, 2006 4:51 pm
by John Cartwright
That is entirely depending on the browser they choose. Basically, it is out of your control.

Posted: Sat Apr 22, 2006 5:11 pm
by seodevhead
Ohhhhh I see. One more question if you don't mind....

If I create my own personal SSL certificate (as opposed to purchasing one from a reputable dealer)... will that always create that stupid popup... or will it also create that popup that says.. "this certificate isn't trusted".

Any recommendations from you guys as to what you do with your SSL certs? Buy... free... ??? Thanks! :)

Posted: Sat Apr 22, 2006 5:13 pm
by feyd
You need to get a real cert from a real provider.

how to use ssl

Posted: Sat May 20, 2006 5:24 pm
by alxkn
Hello, I am developing a website with shopping cart and login for members and admin. SSL is already installed in the server.
Could you please let me know how can I use SSL in checkout and admin pages. I mean what kind of code shoul I put in those php files?

Thanks in advance.

Posted: Sat May 20, 2006 7:25 pm
by Nathaniel
No code necessary. Just point your users to https://yoursite.com/checkout.php instead of the regular link.

If you want to make sure they weren't stupid and removed the s from https://, you could do a check in PHP:

Code: Select all

if ( empty($_SERVER['HTTPS']) ) { // redirect to SSL link }
Hope that helps you out. :)

- Nathaniel

Posted: Sun May 21, 2006 9:08 pm
by Ambush Commander
If you've got a shared server, the browser will warn users that the SSL cert doesn't belong to that particular domain (I have that problem with my website) Make sure you tell users that it's okay.

You also may be interested in SSL emulation techniques such as Challenge/Response or JS Password Assymetrical Encryption.

the same problem

Posted: Thu May 25, 2006 1:29 am
by alxkn
Thank you.

Actually I have the same problem. In addition it does not load the checkout page. Also it states that the certificate is invalid. Could you please let me know what exactly must be done, especially to load of the page.

Thanks in advance.