I have two files to process a login:
login.php
logme.php
login.php contains a simple form with a username and password field. The trouble is, when the user clicks submit, the password is passed to logme.php unencryped - and because its passed in the URL, anyone watching the user can see something like
/logme.php?username=bob&password=jjb4
...creating a pretty dodgy security problem.
Now, can anyone suggest a way that I can md5 (encrypt) the password inside of login.php, BEFORE sending it off to logme.php? I don't want to use a $PHP_SELF form action, because i use logme.php to process logs ins AND log outs for conveniance, and dont want to seperate the two functions.
Any ideas?
Cheers,
