acidglitter Posted August 13, 2008 Share Posted August 13, 2008 for one of the sites i'm working on, for like the login and checkout pages they want the site to be secure (httpS). so i updated the links to those pages to include the S in http, but once a visitor is on those pages, if they click a regular link, like the homepage, it will still be secure. i tried (kind of a lazy way) putting <base href="http://www.site.com/"> so the regular links won't have the S, but now in internet explorer i'm getting the message "this page contains both secure and nonsecure items". is there an easy way to use php to fix this problem? Quote Link to comment Share on other sites More sharing options...
btherl Posted August 14, 2008 Share Posted August 14, 2008 There's a few things you could try 1. Detect in php if you are on a non-login non-checkout page and using https. If yes, issue a 302 redirect to the non-secure version of that page 2. Generate the links in php, ensuring that links to pages that should not be encrypted are http, and vice versa. Quote Link to comment Share on other sites More sharing options...
acidglitter Posted August 15, 2008 Author Share Posted August 15, 2008 i think i like 1. better. but how can you use php to tell if a page is secure? Quote Link to comment Share on other sites More sharing options...
btherl Posted August 16, 2008 Share Posted August 16, 2008 I'm sure you can tell from one of the $_SERVER variables. Are you familiar with phpinfo() ? Run a script like this: <?php echo phpinfo(); ?> That will show you what variables are available that might tell you if the connection is secure or not. Quote Link to comment Share on other sites More sharing options...
acidglitter Posted August 18, 2008 Author Share Posted August 18, 2008 it just says HTTPS and then 'on'. how do i get that variable? i tried like $_SERVER['https'] but that didn't do anything.. Quote Link to comment Share on other sites More sharing options...
mikeschroeder Posted August 18, 2008 Share Posted August 18, 2008 $_SERVER['HTTPS'] not $_SERVER['https'] Quote Link to comment Share on other sites More sharing options...
acidglitter Posted August 18, 2008 Author Share Posted August 18, 2008 yea that fixed it ; so what i'm doing now is in the header file i have if(isset($_SERVER['HTTPS']) && !isset($keepthispagesecure)){ header("Location: http://www.site.com{$_SERVER['REQUEST_URI']}"); exit; } and in the login (and other) pages i set the $keepthispagesecure variable before including the header. this seems to have fixed all of my problems now only specific pages are secure and internet explorer is happy Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.