Client side encrypted login?

phphphphp

I've written a login for a site, and understand that whole process, using sessions, etc. What I'm curious about is...

All the encryption methods I've seen are all on the server side, so how can I encrypt the variables sent from the client? I'm looking for an open source solution, without using https or certificates. I'm new to this aspect of php. We are running apache servers and php 4.2.1 currently.

The boss is convinced that someone could use a sniffer or something to hijack the user's name and password, then login and have access to that user's data. Though it is unlikely, it's still quite possible...

I don't know much about using SSL, or certificates for that matter, does anyone have a solution? Links? Code?

Thanks in advance!

sglane

What you are asking for is exactly what SSL and HTTPS is. I hope to heck you are not storing usernames and passwords in cookies on the clients. All you need in a cookie is a string identifier that is associated with the user in a database somewhere. If the client is on a non-switched lan, some malicious person could sniff and hijack the session anyway. In all honesty, there is no real client side security other than HTTPS and SSL. Heck, that is what it was designed for. Buy the cert for $75US and recompile apache. That's the only way to go.