I have a simple html
login form
<form method="post" action="http://www.example.com/login">
<input type="text" name="text_box" />
<input type="password" name="pass_word" />
<input type="submit" name="submit">
</form>
when I submit the form and in the controller
public function login(){
$pass_word = $this->input->post('pass_word');
die($pass_word);
}
The problem here, it shows the plain password, if I type 123456
in controller , I get 123456
.
wireshark
?how to avoid this? Can I encrypt the password in view, before send to the controller?
If your post data (password etc.) was intercepted, then it would just be visible as plaintext. Using SSL/HTTPS will provide encryption for the data that you send. I wouldn't rely on client-side JavaScript or anything similar for the purposes for authenticating / logging in a user. It's likely to give your users more confidence too, seeing that a secure connection is being used.
First, I'd just read up about SSL and HTTPS in general, as well as SSL certificates - Wiki, Google and SO would all be be good places to look, there's loads of information out there.
For using SSL/HTTPS with CI, I found these useful:
In particular the force ssl function from Nigel's post:
Create a file in application/helper called ssl_helper.php
if (!function_exists('force_ssl'))
{
function force_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('http://', 'https://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443)
{
redirect($CI->uri->uri_string());
}
}
}
function remove_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('https://', 'http://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 80)
{
redirect($CI->uri->uri_string());
}
}
Load the helper, then in the constructor for any controller that requires ssl, simply insert:
force_ssl();
In every controller that you don’t want to have ssl put:
if (function_exists('force_ssl')) remove_ssl();
This is a programmatic approach, another way would be to use .htaccess (if you're using Apache).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With