php - Password fields on page and SSL certificates -

php - Password fields on page and SSL certificates -

i have security question. must webpage on https (ssl certificate) if there login box available on page through modal requiring username , password? or login assets have on https?

my website has browsable content not require login access, alternative login available within header of every page.

my website has login similar www.fab.com illustration (browsable content alternative login).

i having problems firefox disabling functionality due mixed content, though taking measures of removing protocol within asset links.

thanks in advance!

first, security.stackexchange.com might improve place inquire question. question: ssl (https) provides identification of peer , end-to-end encryption. if submit info https can sure, nobody manipulated submitted data.

but if don't load form on https too, have manipulated it, changing submission target. should never serve sensitive forms http submit https.

apart there still plenty ways attacker data:

manipulate page served on http include form, if original page not have one. login forms tricks lots of users. improve serve https. intigrate false forms in page misusing places ads etc. improve not include 3rd party script on page (ads, tracking, social...) , if utilize ads restrict them iframes placed can never trick user displaying false forms and more

php ssl