security - secure transfer between login form and server in php -

how can implement secure transfer login form on client server in php? mean coding password , user ,something except using https.

http digest authentication can work without requiring ssl.

but has same problems other http authentication. e.g. there's no logout function, can't control & feel of login ui, no integration between login credentials , application-specific user account data, etc.

i agree @charles -- use https when sending sensitive data.

---

re comment:

at start of login.php script, check if request https , if not redirect correct url.

if (!isset($_server["https"])) {   header("location: https://mydomain.com/login.php"); } 

alternatively use apache rewrite rule:

rewriteengine on rewritecond %{server_port} !^443$ rewriterule ^/(login.php) https://%{server_name}/$1 [l,r] 

also, remember don't care if client read page login form plain http. care if client submits form insecurely, because that's request contains user's password. above advice applies if login.php script processes login form.