Reputation: 964
How to get username & password on HTTPS request on serverside in php
i am writing web-services for login script. Which i have to keep on HTTPS server. in general we are getting username & password on server side as
if(isset($_REQUEST['login'])){
$user=mysql_escape_string($_REQUEST['username']);
$password=hash('sha512',$_REQUEST['password']);
}
But this is fine for HTTP connection.
I have never used HTTPS connection for web services, So i want to know Is there some other way to pass username & password over HTTPS connection? So how to retrieve data from that request.
My client wants to send these data in header information some thing like
Method: POST
Content-Type: application/x-www-form-urlencoded
Content: username=mynames&password=abcabc
And from here i need to retrieve data.i have no idea about this.
Upvotes: 0
Views: 2381
Answers (3)
Reputation: 1538
HTTPS is effectively transparent to PHP code. It's entirely handled by the browser and the server. You can access the $_REQUEST variables exactly the same as with an HTTP request.
Edit (slightly modified question):
If your client wants you to have a login form to submit the username and password (as your changes to the question indicate), you just make form inputs the same as you would normally in an HTTP connection. Name them "username" and "password", respectively, and then pull their data from $_POST on the page you're posting the form to. Setting up the server to respond on HTTPS will make it handle everything else transparently, as I mentioned previously.
Upvotes: 2
Reputation: 962
Do not use HTTP auth, as Piotr mentions.
As someone else posted: Just set the vhost up to run on https and you're good to go. You could add something like this to verify the connection is secure:
<?php
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] && isset($_POST) && isset($_POST['login'])) {
// Your username and password verification here.
}
Please use $_POST though. $_REQUEST is a nasty way of saying "I don't really know what I'm doing here...".
Upvotes: 1
Related Questions
- Make a HTTPS request through PHP and get response
- Can someone suggest an alternative way to request server['HTTPS']
- Curl https login
- Retrieve username, password parameters passed through curl
- php login with SSL
- cURL Login to HTTPS site
- How to do authentication within a HTTP service?
- php access session data between HTTPS and HTTP
- Send password from form on HTTP to php script on HTTPS
- how authenticate username /password of https site using php application?