[SOLVED] switching from http to httpS

[acidglitter]

for one of the sites i'm working on, for like the login and checkout pages they want the site to be secure (httpS). so i updated the links to those pages to include the S in http, but once a visitor is on those pages, if they click a regular link, like the homepage, it will still be secure. i tried (kind of a lazy way) putting <base href="http://www.site.com/"> so the regular links won't have the S, but now in internet explorer i'm getting the message "this page contains both secure and nonsecure items". is there an easy way to use php to fix this problem?

[btherl]

There's a few things you could try

 

1.  Detect in php if you are on a non-login non-checkout page and using https.  If yes, issue a 302 redirect to the non-secure version of that page

 

2.  Generate the links in php, ensuring that links to pages that should not be encrypted are http, and vice versa.

[acidglitter]

i think i like 1. better. but how can you use php to tell if a page is secure?

[btherl]

I'm sure you can tell from one of the $_SERVER variables.  Are you familiar with phpinfo() ? Run a script like this:

 

<?php echo phpinfo(); ?>

 

That will show you what variables are available that might tell you if the connection is secure or not.

[acidglitter]

it just says HTTPS and then 'on'. how do i get that variable? i tried like $_SERVER['https'] but that didn't do anything..

[mikeschroeder]

$_SERVER['HTTPS'] not $_SERVER['https']

[acidglitter]

yea that fixed it ; so what i'm doing now is in the header file i have

 

if(isset($_SERVER['HTTPS']) && !isset($keepthispagesecure)){
header("Location: http://www.site.com{$_SERVER['REQUEST_URI']}");
exit;
}

 

and in the login (and other) pages i set the $keepthispagesecure variable before including the header. this seems to have fixed all of my problems now only specific pages are secure and internet explorer is happy