Sorry for the vagueness of the subject line but I wasn't sure what to put.

Here's what I'd like to do:

1- user comes to my web site with normal (non-SSL) connection
2- user enter login name and password
3- data is submitted to a PHP script via SSL connection to same web server
4- PHP script checks password
5- If everything is ok user is directed to restricted page

The reason I want to use SSL is simple, so that sniffers can pick up a 
clear text password. The reason I don't want to whole site using SSL is 
because of the overhead in incurs.

I figure I can use sessions to force people to log in. If someone 
doesn't log in the proper session variables are not set and they cannot 
get any of the pages on my web site. (each page would check that the 
proper session var was registered).

Is this approached do-able? Is it recommended?

If this approach is ok what I can't figure out is how to get my login 
page to submit data via SSL.

Suggestions welcomed!


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to