I've have a problem with the PCI compliance. Basically they want me to add https:// on every page where the password field is present. this is kind of wierd.
My form in index.php looks like:
<form method=post action="login.php" id="login">
<input type="text" size="16" maxlength="30" name="login" id="login_user" />
<input type="password" size=16 maxlength="20" name="pass" class="ifield" id="login_pass"/>
<input name="msubmit" type="submit" value="Login" />
</form>
I've tried to post to https: <form method=post action="https://test.com/login.php" id="login"> but the test it still fails.
How should I fix this problem?
First, you will need to configure your webserver to support SSL. You will need to purchase an SSL certificate and configure your webserver to answer requests on both port 80 and port 443.
After you have completed these changes, you will be able to tell your form to post to the SSL version of your site via the URL you posted above.
If the compliance rules require it, you may also need to make the form itself load under the SSL version of the site. In this case, you can update all of your links to the form to point to the 'https://' version, or modify your webserver rules to forward all requests for the form to the 'https://' version.