forum.coppermine-gallery.net
No Support => Feature requests => Topic started by: RS232 on March 09, 2004, 01:42:49 pm
-
This is my thought
I's like to use https to transmit username/passwords in secure way from client to server, but at the same time I don't want to encrypt all the data transmitted by my webserver (encryption means increase the traffic and a picture of 60K could easly become 120 if encrypted). So ....
here my idea
when you want to login, coppermine redirect you to a https page where you can input login+password.
If the credential are accepted, coppermine sets a session (cookie or whatelse you use) and come back to the standard http album list.
What do you think?
RS232
-
If you would be willing to create this as a mod, I'm am sure there are people out there who could use it.
However, integrating it into the CPG distribution could be problematic as not everyone has access/is willing to pay for secure connections.
-
Unfortunately I'm very busy and I'm not able to write any code -(
I'd love to help!
https can be setup with a "fake" certificate, in this way you don't have the authentication of the source (you could have it but you have to pay) but at least (most important) you encrypt the username+password sent across the wire.
-)
rs232
-
to accomplish this, it would seem that you need to :
- when login.php is loaded, it should check for the ssl session...if not exists then it should redirect itself to it
$SERVER_SSL_PORT = 443;
$SERVER_HTTP_PORT = 80;
$port = $_SERVER['SERVER_PORT'];
switch ($port) {
case $SERVER_SSL_PORT:
// code/call to continue
break;
case $SERVER_HTTP_PORT:
// code/call to redirect
break;
}
- the cookie session should be set to secure
something along the lines of
setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['password']), time() + $cookie_life_time, $CONFIG['cookie_path'],,1);
- the form needs to rewrite the referer to include simply http and not https
not entirely sure on the exact implementation of this part, but would seem simple enough.
[/list:u]