Pls help: switching between http/https

[stwong]

Hi, all,

I'm newbie to PHP.  I'm trying to modify a program so that all page except login are http.  I try the header function as following:

--------------- cut here -------------
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on")) {
  $url = $_SERVER['SERVER_NAME'];
  $query = $_SERVER['QUERY_STRING'];
  $path = $_SERVER['PHP_SELF'];
  header("Location: http://$url$path?$query");
}
--------------- cut here -------------

However, this always reload the "current" login page which is called from some other pages (html or PHP), e.g.

<a href="authenticate.php?action=login">

Would anyone please help?  Sorry for the newbie question and poor English.

Thanks a lot.

[448191]

I'm not at all experienced with https, but it's a transfer protocol, and you have to configure a server to use it. It also means you can't just 'turn it off' from a php script.

In order to switch I think you would need 2 (virtual) servers.

Somebody please correct me if I'm talking out of my ***.

[redarrow]

Is it possible to provide HTTP and HTTPS from the same server?
Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. You can either run two separate server instances bound to these ports, or use Apache's elegant virtual hosting facility to create two virtual servers over one instance of Apache - one responding to requests on port 80 and speaking HTTP and the other responding to requests on port 443 speaking HTTPS.


link
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

[448191]

[quote author=redarrow link=topic=101899.msg403725#msg403725 date=1153908856]
Is it possible to provide HTTP and HTTPS from the same server?
Yes.
[/quote]

But not from within the same server configuration, as you pointed out yourself. You'd need to use 2 (virtual) hosts.

[redarrow]

You could use two apache setups on one meachine and do it but your correct the correct way is to use two servers.

[stwong]

Thanks to you all. 

The apache running on my server supports both http and https.  The cases where https is required are when user clicks the login button or some functions that require authentication.  The action follows:

http://myserver/user.php?action=login

Then I add lines to beginning of user.php:

$url = $_SERVER['SERVER_NAME'];
$query = $_SERVER['QUERY_STRING'];
$path = $_SERVER['PHP_SELF'];
header("Location: https://$url$path?$query");

This redirects my browser to use https as expected.  However, after successful user authentication, I don't know how to "switch back" to http since I've no idea about which URL that "calls" user.php.
I've to add header("Location: http://....") to every PHP script that will be invoked after authentication.  I'm afraid this is not the right way to do that.  Would anyone pls help?

Thank you ver much.

[redarrow]

You have to read our posts the https as is not a hyper text transfer secuity is it ?

https will only work as exspected if you inplement a https server.

The way you have it it is not a proper https and is in fact as the same as using http.

In esence if you valadate your login code properly and use md5 properly for the database insert you will not need a https server ok.

[448191]

I think a https server has already been configured.

Otherwise, header("Location: https://$url$path?$query"); wouldn't "work as expected".

That's all for now I'm late for work.

[448191]

Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.

[stwong]

[quote author=448191 link=topic=101899.msg405351#msg405351 date=1154115221]
Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.
[/quote]

Then switch back to HTTP if procotol is HTTPS ?  Thanks a lot.

[448191]

Welcome.