Sorry for the vagueness of the subject line but I wasn't sure what to put.
Here's what I'd like to do:
1- user comes to my web site with normal (non-SSL) connection
2- user enter login name and password
3- data is submitted to a PHP script via SSL connection to same web server
4- PHP script checks password
5- If everything is ok user is directed to restricted page
The reason I want to use SSL is simple, so that sniffers can pick up a
clear text password. The reason I don't want to whole site using SSL is
because of the overhead in incurs.
I figure I can use sessions to force people to log in. If someone
doesn't log in the proper session variables are not set and they cannot
get any of the pages on my web site. (each page would check that the
proper session var was registered).
Is this approached do-able? Is it recommended?
If this approach is ok what I can't figure out is how to get my login
page to submit data via SSL.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php