QUESTION: How to use https in registration/login(any other) php page? pseudo code:
is it https?
yes continue
no redirect same page via https
Background: I wanna make secure registration and login form. 1. I wanna go throught all steps to detect if I'm not missing something. 2. I wanna ask especialy how to use https to protect the passwords on the way to server.
- add 1. steps: a. User click on link registration/login => check if
the registration/page uses https - if not redirct and use https
(this I do SOMEHOW BUT DON'T KNOW HOW - the second part of question)
b. so now I'm connected to the registration/login page via https,
user set the passwords into imput fieldt which will be obviously
set to input type password(and obviously use post method), then he
press submit button - cause I use post + https the data should be pass secure to the server. c. now the registration/login script is passed, and its redirected to the handle page it could be same php page - I thing I should still use https. d. now I encript the passwords via sha256 something like sha256(sha256(password)+salt),
make connection to database using prepared statement to prevent sql injection e. if the input data is ok registration is done (some mail could be sent but its another problem, don't need to solve it here), if its is login and the passwords fits I put some data to session - info about user like id + rights, QUESTION IS: should I still use https for members section? I think it's not important, unless I wanna change password (I will use https again for change
password form). add 2. HTTPS CONNECTION CHECK user click link to the login/registration page, I should do something like:
IS it HTTPS? YES => CONTINUE, NO => REDIRECT SAME PAGE VIA HTTPS I know there is some variable or something which tells me if its https, but I don't know how to write it in php5(this one or two lines). So the question is how to do point 2(HTTPS connection CHECK)?
