How Do I Force Use Of Https For My Login Page?

[sylvest]

I'm designing a new section of my web site, which is in a subdomain like sub.maindomain.org (actually the pages are in a suibdirectory like /home/username/sub). I need to force users who access the login page which is /index.php to connect via HTTPS so that the username and password are encrypted, and can't be snooped by a man in the middle. I may find a few more web pages that need to be accessed via HTTPS too. How do I organise this? In doing so, how do I avoid those annoying "your certificate has not been validated" messages?

 

Thanks - Rowan

[TCH-Marshal]

If you need secure urls used then you will need to have a valid SSL cert installed on the domain, otherwise you can use shared secure urls of your server. The syntax for shared secure urls will be https://servername/~cpanelusername. If you can open a helpdesk ticket with primary domain name of your hosting account, we can provide you with exact shared secure url and discuss further on this.

[sylvest]

I submitted a ticket, but the help desk said that some of my questions were outside of their scope. The remaining questions are:

1. Can I use a shared secure URL to access a subdomain on my site, i.e. the web pages I'm developing are in swchoir.sylvesterbradley.org, the files that this subdomain refers to are in /home/sylvest/swchoir (i.e. not within public_html).
2. I have a login page on my website called index.php. Presumably I don't need to encrypt this since it contains no confidential information. I need to encrypt the response to this, which is a URL like swchoir.sylvesterbradley.org/do_login.php. Can I get this encrypted by simply setting my form action property to "https://swchoir.sylvesterbradley.org/do_login.php".
3. Do I have to do anything else to enable the encryption, or does the use of the https protocol enable all the necessary encryption on the client and decryption on the server?
4. How do I prevent people from accessing this page by using the URL http://swchoir.sylvesterbradley.org/do_login.php?
5. Does it matter whether I use method GET or POST for the login form?

Thanks for your help.

 

Rowan

[TCH-Marshal]

Hi Rowan,

 

You have your last topic in wrong place. It should be on any of threads under Scripting Central on https://forums.totalchoicehosting.com/index.php?showforum=293

[sylvest]

Copied to Scripting Central -> Scripting Talk.

 

Why does Paste not work in this forum? What is the point of having a Paste button if it doesn't do anything?

 

Rowan

[TCH-Bruce]

Why does Paste not work in this forum? What is the point of having a Paste button if it doesn't do anything?

 

Standard copy (CTRL-C) and paste (CTRL-V) commands work.

[sylvest]

Not for me they don't. If I select some text from the message, press CTRL/C, move the cursor and press CTRL/V, nothing happens. If I select some text from a Notepad document, press CTRL/C, and move to the forum message and press CTRL/V, nothing happens. If I press the Paste button, it asks me " Do you want to allow access to your clipboard?". If I press Allow Access, it does nothing. If I click the Paste button again, this time it does not ask me the above question (I have not discovered what resets it so that it asks this question again).

 

Could this be a browser issue? I'm currently using IE11, but I think the same happens in Firefox and Chrome. Or could it be a firewall issue?

 

Am I the only person having this problem???

 

Thanks - Rowan

[TCH-Thomas]

See if the info on this page might help: superuser.com/questions/476210/disable-do-you-want-to-allow-this-webpage-to-access-your-clipboard-message

[sylvest]

Thomas,

 

Thanks for your reply.

 

Yes, that is the dialogue box that I'm getting. But this doesn't explain why if I click Allow, it still doesn't paste anything into the forum message. I don't suppose setting it to default to Allow for trusted sites, and setting forums.totalchoicehosting.com as a trusted site, will make any difference to this behaviour.

 

Rowan