Print

[RS232]

This is my thought

I's like to use https to transmit username/passwords in secure way from client to server, but at the same time I don't want to encrypt all the data transmitted by my webserver (encryption means increase the traffic and a picture of 60K could easly become 120 if encrypted). So ....
here my idea
when you want to login, coppermine redirect you to a https page where you can input login+password.
If the credential are accepted, coppermine sets a session (cookie or whatelse you use) and come back to the standard http album list.

What do you think?
RS232

[hyperion]

If you would be willing to create this as a mod, I'm am sure there are people out there who could use it.  

However, integrating it into the CPG distribution could be problematic as not everyone has access/is willing to pay for secure connections.

[RS232]

Unfortunately I'm very busy and I'm not able to write any code -(
I'd love to help!

https can be setup with a "fake" certificate, in this way you don't have the authentication of the source (you could have it but you have to pay) but at least (most important) you encrypt the username+password sent across the wire.

-)
rs232

[jason]

to accomplish this, it would seem that you need to :

• when login.php is loaded, it should check for the ssl session...if not exists then it should redirect itself to it

Code: [Select]

$SERVER_SSL_PORT = 443;
$SERVER_HTTP_PORT = 80;

$port = $_SERVER['SERVER_PORT'];

switch ($port) {
    case $SERVER_SSL_PORT:
        // code/call to continue
        break;

    case $SERVER_HTTP_PORT:
        // code/call to redirect
        break;
}

• the cookie session should be set to secure

something along the lines of

Code: [Select]

setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['password']), time() + $cookie_life_time, $CONFIG['cookie_path'],,1);

• the form needs to rewrite the referer to include simply http and not https

not entirely sure on the exact implementation of this part, but would seem simple enough.

[/list:u]