Help With SSL and Login Authentication

blackhole82

I need help with implementing SSL as users log into my site. My login page is on a secure server, as well as the script to process the login attempt. After the login is authenticated I redirect the user automatically to a non-secure user's page. When this happens the message "about to be redirected to a connection that is not secure. The information you are sending might be retransmitted to a secure site.

My question is how can I do this redirection without getting this message. I've seen a lot of other sites that can achieve this same page flow without that message popping up. My question is, how can I achieve the same result?

<html>
<head>
<title>
Lighthouse at Sandcastle - Login
</title>
</head>
<body bgcolor="#CC66CC">	

<?php
require('../ssl/inc/header.php');

if (isset($_SESSION['loggedin']))
{
     header("location:../ssl/userfunctions.php");

}
?>

<br><br>

<form action="https: ../ssl/processlogin.php" method="post">
<div align="center">
<table>
	<tr>
		<td><strong>UserID:</strong></td>
		<td><input type="text" name="username"></td>
	</tr>
	<tr>
		<td><strong>Password:</strong></td>
		<td><input type="password" name="password"></td>
		<td><input type="submit" value="Login"></td>
	</tr>
</table>
<br>
<a href=" ../test/passwordrecovery.php">Forgot your username and/or password?</a>

</div>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
<?php
require ('../test/inc/footer.php');
?>


</form>


</body>
</html>

Processlogin page:

<html>
<head>
</head>
<body>
<?

require ('../ssl/inc/header.php');

if(!isset ($_POST['username']) && !isset ($_POST['password']))
{
   echo 'Omg wtf happened!';
}
else
{
$username=$_POST['username'];
$password=$_POST['password'];

require ('../ssl/inc/dbconnect.php');

//connect to db
$connect = mysql_connect("$host","$login","$dbpassword");
mysql_select_db("$dbname");

if (!$connect) 
{
   die('Could not connect: ' . mysql_error());
}
else
{
   echo 'Connected successfully to database!<br>';
}

//create query
$query="select * from Login where username='$username' and password='$password'";

$result=mysql_query($query);
$fetch=mysql_fetch_assoc($result);
$currentID=$fetch["userID"];
$num_rows=mysql_num_rows($result);

//authenticate user
if($num_rows > 0)
{

$_SESSION['loggedin']=1;
    $_SESSION['userID']=$currentID;
    mysql_close($connect);
header("location: ../test/userfunctions.php?sid=".session_id());
}
else
{
        echo 'Your user name and password did not match any records found.';
        echo '<br>Click <a href="login.php">Here</a> to try again.';

}
}
require ('../test/inc/footer.php');
 ?>
</body>
</html>

User Page:

<html>
<head>

 <title>Lighthouse at Sandcastle - Users Lounge</title>

<?
session_id($sid);
session_start();

if (!isset($_SESSION['loggedin']))
header("location: ../ssl/login.php");
?>

</head>
<body bgcolor="#CC66CC">


<?
require('../test/inc/header.php');

echo '<div align=center><p>The content of $_SESSION[\'loggedin\'] is '.$_SESSION['loggedin'].'</p>';
echo '<p> Welcome to the logged in users area of the site.</p></div>';

echo'<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>';

require('../test/inc/footer.php');

?>

</body>
</html>