SSL conversion

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
murlopaz
Forum Commoner
Posts: 60
Joined: Wed Oct 11, 2006 5:02 pm
Location: Baltimore, MD, USA

SSL conversion

Post by murlopaz »

Hi everybody, I have a website in working condition that works with sessions ( loing page)
How Do I implement the SSL on my website...
i.e. I want the username and password to be sent securely over the internet.

Thanks.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

  1. Have your host turn on SSL support.
Done.
murlopaz
Forum Commoner
Posts: 60
Joined: Wed Oct 11, 2006 5:02 pm
Location: Baltimore, MD, USA

Post by murlopaz »

hmm and that's it?

say the path to my login page is: http://www.abc.com/login

is it going to automatically redirect to https://www.abc.com/login?

or I should specify https?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

You have to specify which pages you want to be run under SSL.

Code: Select all

if ($_SERVER['HTTPS'] != 'on') {
   header('Location: https://domain.com/login.php');
   exit();
}

//rest of login script goes here
Post Reply