PHP not so easy question and not so hard

Hello,

Me and my colleague are trying to learn PHP, well he is more advance than me he was able to build a website with very good functionality and it has a log in page for the admin and other people who needs to work on the website. We are wondering how can we place an SSL to encrypt the password while logging in for this website that my colleague built? I do understand that the SSL certificate need to be purchase and the server administrator the people from the hosting need to install it - (to make it clear) this is not my question all about. I'm asking where in the PHP code or script can we place the SSL so that the logging in and out in that website will be encrypted. I have seen other CMS, and other online store website that there is this config.php file in the admin and all I need to do is add the https there. Here is what I saw from them:

// HTTPS
define('HTTPS_SERVER', 'https://www.mywebsitename.com/admin/');
define('HTTPS_CATALOG', 'https://www.mywebsitename.com/');

By the way the website that my colleague built has some database, from what I heard from him he used a framework.

Is the config.php file all we need to make that SSL function ( of course SSL certificate and other things need to be taken care of). Or there are other things need to be added, and if there are what are those?

Please help.

Thanks for the reply in advance.

Kind Regards,

PrinLea
prinLeAAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ludwig DiehlSystems ArchitectCommented:
Are you trying to use openCart or something?. Because if you don't there's no need to set anything in php, apache encrypts data which is then decrypt in the client
prinLeAAuthor Commented:
Hello,

No we are not using OpenCart. The website was built by my colleague from scratch it is not an online store. So you are tying to tell me just purchase the SSL certificate and ask the server administrator to install it - the usual procedure, I'm familiar with this then that's it? We don't need to place anything on the files of the website built by my colleagues because it will automatically be encrypted by apache then decrypt in the client?
Ludwig DiehlSystems ArchitectCommented:
Yes. You can try it yourself testing if it is encrypted connection adding these lines:

if (isset($_SERVER['HTTPS']) )
{
    echo "SECURE: This page is being accessed through a secure connection.";
}
else
{
    echo "UNSECURE: This page is being access through an unsecure connection.
}

Open in new window

Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

Dave BaldwinFixer of ProblemsCommented:
SSL/TLS is a server function.  The certificate must be installed in the setup for that web site.  It can be used by PHP and HTML pages but it is not installed by them.
Dave HoweSoftware and Hardware EngineerCommented:
Yup. Repeating a bit here, but the SSL config is part of the webserver, not in the php code. You can also define a forced redirect to https, again in the apache config. If your hosting is shared, you may also need to enable SNI support.
prinLeAAuthor Commented:
Hello,

Thanks for all the help guys I appreciate. I'm sorry I was busy the last few days. Is there a sample of script we can add to our website(built by PHP) so that it will be encrypted during the login and logout?

How would the website know when the SSL will be activated(on the home page we don't need the SSL to encrypt anything there. It is just during the logging in and logging out in the admin area and when a user try to login to their account)  and what folder where the SSL will encrypt the password? for example the admin folder where the login and log out is taking place. This is what I need to know. I'm familiar with opencart, there is a file there in the admin folder called config.php this is where the script that will tell when and where the SSL will encrypt the password), but right now we are not using Opencart it is a custom built PHP website that has an admin area.

That is the problem with beginners like me we don't know how to ask the question properly. I'm sure many experts here can help and give their solution only if I know the right question. Anyways I will try again hopefully someone can understand me.

Thanks again for all the people trying to help me, it is me not you I need more information which I don't have because I'm a beginner, I need more information so that I can ask the right question.

Kind Regards,

PrinLea
Dave BaldwinFixer of ProblemsCommented:
SSL/TLS Only encrypts the data while it is transmitted over the network between the client and the server.  It does not encrypt anything in a folder.
Dave HoweSoftware and Hardware EngineerCommented:
Login will usually be a <form> element - if you set the target of the form to be explicitly a HTTPS url, the submitted login data will be sent encrypted :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
prinLeAAuthor Commented:
Hello,

Thanks all of your comments gave me that bigger picture to understand the solution. I really appreciate thanks to all the experts. If only I can give more points to each one of you I would do that. I have to divide the points because every information you gave me helped me a lot.
Ludwig DiehlSystems ArchitectCommented:
It was a pleasure
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.