Hi,
in my website i have a login form, and i do this:

<form class="user-form" action="login.php" method="post">

to send information to server, and in the server i do this:

$username = $_POST['user'];
$password = $_POST['psw'];

to get the information, and then i store the information securely on my database with salt etc...
My question is how i can protect the information that will be send from the page to the server with the $_POST? there is something to encrypt and not send it clearly?

Thanks

I assume you're looking for https://, which you control at the httpd level, not PHP.

What httpd software are you using (Apache, nginx, lighttpd, etc)?

Also worth noting if you're storing passwords in a DB, don't deal with 'salting' and stuff on your own, assuming you're using even a slightly old PHP, you should have support for password_hash(), use that for your passwords.

Yes i use also password hash, i have apache

I don't know what distribution you're using but assuming it's Ubuntu check here https://www.linode.com/docs/security/ss ... -on-ubuntu if not have a search through the Linode docs.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

yes i have ubuntu, i already have found that guide, i have to read the Self-Signed SSL Certificate part? on the https page will be only my login page? or all website?

You should get a commercial certificate otherwise your users will get a warning from their browser. What you need to secure depends on your site, but if in doubt secure the whole thing.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue