Jump to content

Archived

This topic is now archived and is closed to further replies.

stwong

Pls help: switching between http/https

Recommended Posts

Hi, all,

I'm newbie to PHP.  I'm trying to modify a program so that all page except login are http.  I try the header function as following:

--------------- cut here -------------
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on")) {
  $url = $_SERVER['SERVER_NAME'];
  $query = $_SERVER['QUERY_STRING'];
  $path = $_SERVER['PHP_SELF'];
  header("Location: http://$url$path?$query");
}
--------------- cut here -------------

However, this always reload the "current" login page which is called from some other pages (html or PHP), e.g.

<a href="authenticate.php?action=login">

Would anyone please help?  Sorry for the newbie question and poor English.

Thanks a lot.

Share this post


Link to post
Share on other sites
I'm not at all experienced with https, but it's a transfer protocol, and you have to configure a server to use it. It also means you can't just 'turn it off' from a php script.

In order to switch I think you would need 2 (virtual) servers.

Somebody please correct me if I'm talking out of my ***.

Share this post


Link to post
Share on other sites
Is it possible to provide HTTP and HTTPS from the same server?
Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. You can either run two separate server instances bound to these ports, or use Apache's elegant virtual hosting facility to create two virtual servers over one instance of Apache - one responding to requests on port 80 and speaking HTTP and the other responding to requests on port 443 speaking HTTPS.


link
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

Share this post


Link to post
Share on other sites
[quote author=redarrow link=topic=101899.msg403725#msg403725 date=1153908856]
Is it possible to provide HTTP and HTTPS from the same server?
Yes.
[/quote]

But not from within the same server configuration, as you pointed out yourself. You'd need to use 2 (virtual) hosts.

Share this post


Link to post
Share on other sites
You could use two apache setups on one meachine and do it but your correct the correct way is to use two servers.

Share this post


Link to post
Share on other sites
Thanks to you all. 

The apache running on my server supports both http and https.  The cases where https is required are when user clicks the login button or some functions that require authentication.  The action follows:

http://myserver/user.php?action=login

Then I add lines to beginning of user.php:

$url = $_SERVER['SERVER_NAME'];
$query = $_SERVER['QUERY_STRING'];
$path = $_SERVER['PHP_SELF'];
header("Location: https://$url$path?$query");

This redirects my browser to use https as expected.  However, after successful user authentication, I don't know how to "switch back" to http since I've no idea about which URL that "calls" user.php.
I've to add header("Location: http://....") to every PHP script that will be invoked after authentication.  I'm afraid this is not the right way to do that.  Would anyone pls help?

Thank you ver much.

Share this post


Link to post
Share on other sites
You have to read our posts the https as is not a hyper text transfer secuity is it ?

https will only work as exspected if you inplement a https server.

The way you have it it is not a proper https and is in fact as the same as using http.

In esence if you valadate your login code properly and use md5 properly for the database insert you will not need a https server ok.

Share this post


Link to post
Share on other sites
I think a https server has already been configured.

Otherwise, header("Location: https://$url$path?$query"); wouldn't "work as expected".

That's all for now I'm late for work.

Share this post


Link to post
Share on other sites
Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.

Share this post


Link to post
Share on other sites
[quote author=448191 link=topic=101899.msg405351#msg405351 date=1154115221]
Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.
[/quote]

Then switch back to HTTP if procotol is HTTPS ?  Thanks a lot.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.