>>> I thought of that and will do it at last resort.
I don't see why it should be a last resort. I have never seen the use in having a non-SSL portion of your site if you already have the SSL certificate to secure it.
>>> Login over HTTPS from HTTP
The HTTP or HTTPS describes the structure and flow between a client and a server. If I request a page from your server using HTTP, the response is sent in plain text. If that page has a link or a form to an HTTPS page, and I click it or submit the form, my client will initiate an SSL conversation with your server, and my subsequent request and your response will be sent as encrypted content. For a link, that takes the form of:
<a href="
https://yourserver.com/page.php">
For a form:
<form name="myform" action="
https://yourserver.com/formhandler.php" method="post">
The main thing you need to be aware of when switching to SSL is that other resources need to come from an SSL source also. Otherwise, the user receives a mixed-content warning. You can easily account for this behavior by using relative links in your resources. For example, instead of:
<img src="
http://yourserver.com/images/image.jpg" />
Use this:
<img src="/images/image.jpg" />
The requests generated by the second example will automagically add the protocol and server name, since it is implied to be the same server and protocol as the original request.