PHP and MySQL Web Development - P73: PHP and MySQL Web Development teaches the reader to develop dynamic, secure, commercial Web sites. Using the same accessible, popular teaching style of the first edition, this best-selling book has been updated to reflect the rapidly changing landscape of MySQL and PHP. | 332 Chapter 15 Implementing Secure Transactions with PHP and MySQL If we are providing a Web interface to send GPG encrypted mail the flow of information will look something like Figure . Figure In our encrypted email application the message is sent via the Internet three times. In this figure each arrow represents our message being sent from one machine to another. Each time the message is sent it travels through the Internet and might pass through a number of intermediary networks and machines. The script we are looking at here exists on the machine labeled Web Server in the diagram. At the Web server the message will be encrypted using the recipient s public key. It will then be sent via SMTP to the recipient s mail server. The recipient will connect to his mail server probably using POP or IMAP and download the message using a mail reader. Here he will decrypt the message using his private key. The data transfers in Figure are labeled 1 2 and 3. For stages 2 and 3 the information being transmitted is a GPG encrypted message and is of little value to anybody who does not have the private key. For transfer 1 the message being transmitted is the text that the sender entered in the form. If our information is important enough that we need to encrypt it for the second and third leg of its journey it is a bit silly to send it unencrypted for the first this script belongs on a server that uses SSL. If we connect to our script using a port other than 443 it will provide a warning. This is the default port for SSL. If your server uses a non-default port for SSL you might need to modify this code. Rather than providing an error message we could deal with this situation in other could redirect the user to the same URL via an SSL connection. We could also choose to ignore it because it is not usually important if the form was delivered using a secure connection. What is usually important is the details that the user has typed into the .