prinLeA
asked on
PHP not so easy question and not so hard
Hello,
Me and my colleague are trying to learn PHP, well he is more advance than me he was able to build a website with very good functionality and it has a log in page for the admin and other people who needs to work on the website. We are wondering how can we place an SSL to encrypt the password while logging in for this website that my colleague built? I do understand that the SSL certificate need to be purchase and the server administrator the people from the hosting need to install it - (to make it clear) this is not my question all about. I'm asking where in the PHP code or script can we place the SSL so that the logging in and out in that website will be encrypted. I have seen other CMS, and other online store website that there is this config.php file in the admin and all I need to do is add the https there. Here is what I saw from them:
// HTTPS
define('HTTPS_SERVER', 'https://www.mywebsitename.com/admin/');
define('HTTPS_CATALOG', 'https://www.mywebsitename.com/');
By the way the website that my colleague built has some database, from what I heard from him he used a framework.
Is the config.php file all we need to make that SSL function ( of course SSL certificate and other things need to be taken care of). Or there are other things need to be added, and if there are what are those?
Please help.
Thanks for the reply in advance.
Kind Regards,
PrinLea
Me and my colleague are trying to learn PHP, well he is more advance than me he was able to build a website with very good functionality and it has a log in page for the admin and other people who needs to work on the website. We are wondering how can we place an SSL to encrypt the password while logging in for this website that my colleague built? I do understand that the SSL certificate need to be purchase and the server administrator the people from the hosting need to install it - (to make it clear) this is not my question all about. I'm asking where in the PHP code or script can we place the SSL so that the logging in and out in that website will be encrypted. I have seen other CMS, and other online store website that there is this config.php file in the admin and all I need to do is add the https there. Here is what I saw from them:
// HTTPS
define('HTTPS_SERVER', 'https://www.mywebsitename.com/admin/');
define('HTTPS_CATALOG', 'https://www.mywebsitename.com/');
By the way the website that my colleague built has some database, from what I heard from him he used a framework.
Is the config.php file all we need to make that SSL function ( of course SSL certificate and other things need to be taken care of). Or there are other things need to be added, and if there are what are those?
Please help.
Thanks for the reply in advance.
Kind Regards,
PrinLea
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yes. You can try it yourself testing if it is encrypted connection adding these lines:
if (isset($_SERVER['HTTPS']) )
{
echo "SECURE: This page is being accessed through a secure connection.";
}
else
{
echo "UNSECURE: This page is being access through an unsecure connection.
}
SSL/TLS is a server function. The certificate must be installed in the setup for that web site. It can be used by PHP and HTML pages but it is not installed by them.
Yup. Repeating a bit here, but the SSL config is part of the webserver, not in the php code. You can also define a forced redirect to https, again in the apache config. If your hosting is shared, you may also need to enable SNI support.
ASKER
Hello,
Thanks for all the help guys I appreciate. I'm sorry I was busy the last few days. Is there a sample of script we can add to our website(built by PHP) so that it will be encrypted during the login and logout?
How would the website know when the SSL will be activated(on the home page we don't need the SSL to encrypt anything there. It is just during the logging in and logging out in the admin area and when a user try to login to their account) and what folder where the SSL will encrypt the password? for example the admin folder where the login and log out is taking place. This is what I need to know. I'm familiar with opencart, there is a file there in the admin folder called config.php this is where the script that will tell when and where the SSL will encrypt the password), but right now we are not using Opencart it is a custom built PHP website that has an admin area.
That is the problem with beginners like me we don't know how to ask the question properly. I'm sure many experts here can help and give their solution only if I know the right question. Anyways I will try again hopefully someone can understand me.
Thanks again for all the people trying to help me, it is me not you I need more information which I don't have because I'm a beginner, I need more information so that I can ask the right question.
Kind Regards,
PrinLea
Thanks for all the help guys I appreciate. I'm sorry I was busy the last few days. Is there a sample of script we can add to our website(built by PHP) so that it will be encrypted during the login and logout?
How would the website know when the SSL will be activated(on the home page we don't need the SSL to encrypt anything there. It is just during the logging in and logging out in the admin area and when a user try to login to their account) and what folder where the SSL will encrypt the password? for example the admin folder where the login and log out is taking place. This is what I need to know. I'm familiar with opencart, there is a file there in the admin folder called config.php this is where the script that will tell when and where the SSL will encrypt the password), but right now we are not using Opencart it is a custom built PHP website that has an admin area.
That is the problem with beginners like me we don't know how to ask the question properly. I'm sure many experts here can help and give their solution only if I know the right question. Anyways I will try again hopefully someone can understand me.
Thanks again for all the people trying to help me, it is me not you I need more information which I don't have because I'm a beginner, I need more information so that I can ask the right question.
Kind Regards,
PrinLea
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello,
Thanks all of your comments gave me that bigger picture to understand the solution. I really appreciate thanks to all the experts. If only I can give more points to each one of you I would do that. I have to divide the points because every information you gave me helped me a lot.
Thanks all of your comments gave me that bigger picture to understand the solution. I really appreciate thanks to all the experts. If only I can give more points to each one of you I would do that. I have to divide the points because every information you gave me helped me a lot.
It was a pleasure
ASKER
No we are not using OpenCart. The website was built by my colleague from scratch it is not an online store. So you are tying to tell me just purchase the SSL certificate and ask the server administrator to install it - the usual procedure, I'm familiar with this then that's it? We don't need to place anything on the files of the website built by my colleagues because it will automatically be encrypted by apache then decrypt in the client?