Codeigniter: How can i encrypt password before submitting the form to the controller?

Question

I have a simple html login form

Answer 1

If your post data (password etc.) was intercepted, then it would just be visible as plaintext. Using SSL/HTTPS will provide encryption for the data that you send. I wouldn't rely on client-side JavaScript or anything similar for the purposes for authenticating / logging in a user. It's likely to give your users more confidence too, seeing that a secure connection is being used.

First, I'd just read up about SSL and HTTPS in general, as well as SSL certificates - Wiki, Google and SO would all be be good places to look, there's loads of information out there.

For using SSL/HTTPS with CI, I found these useful:

• http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/
• http://nigel.mcbryde.com.au/2009/03/working-with-ssl-in-codeigniter/
• How can I have CodeIgniter load specific pages using SSL?

In particular the force ssl function from Nigel's post:

Create a file in application/helper called ssl_helper.php

if (!function_exists('force_ssl'))
{
    function force_ssl()
    {
        $CI =& get_instance();
        $CI->config->config['base_url'] =
                 str_replace('http://', 'https://',
                 $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] != 443)
        {
            redirect($CI->uri->uri_string());
        }
    }
}

function remove_ssl()
{
    $CI =& get_instance();
    $CI->config->config['base_url'] =
                  str_replace('https://', 'http://',
                  $CI->config->config['base_url']);
    if ($_SERVER['SERVER_PORT'] != 80)
    {
        redirect($CI->uri->uri_string());
    }
}

Load the helper, then in the constructor for any controller that requires ssl, simply insert:

force_ssl();

In every controller that you don’t want to have ssl put:

if (function_exists('force_ssl')) remove_ssl();

This is a programmatic approach, another way would be to use .htaccess (if you're using Apache).