Jump to content

Pls help: switching between http/https


stwong

Recommended Posts

Hi, all,

I'm newbie to PHP.  I'm trying to modify a program so that all page except login are http.  I try the header function as following:

--------------- cut here -------------
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on")) {
  $url = $_SERVER['SERVER_NAME'];
  $query = $_SERVER['QUERY_STRING'];
  $path = $_SERVER['PHP_SELF'];
  header("Location: http://$url$path?$query");
}
--------------- cut here -------------

However, this always reload the "current" login page which is called from some other pages (html or PHP), e.g.

<a href="authenticate.php?action=login">

Would anyone please help?  Sorry for the newbie question and poor English.

Thanks a lot.
Link to comment
Share on other sites

I'm not at all experienced with https, but it's a transfer protocol, and you have to configure a server to use it. It also means you can't just 'turn it off' from a php script.

In order to switch I think you would need 2 (virtual) servers.

Somebody please correct me if I'm talking out of my ***.
Link to comment
Share on other sites

Is it possible to provide HTTP and HTTPS from the same server?
Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. You can either run two separate server instances bound to these ports, or use Apache's elegant virtual hosting facility to create two virtual servers over one instance of Apache - one responding to requests on port 80 and speaking HTTP and the other responding to requests on port 443 speaking HTTPS.


link
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
Link to comment
Share on other sites

[quote author=redarrow link=topic=101899.msg403725#msg403725 date=1153908856]
Is it possible to provide HTTP and HTTPS from the same server?
Yes.
[/quote]

But not from within the same server configuration, as you pointed out yourself. You'd need to use 2 (virtual) hosts.
Link to comment
Share on other sites

Thanks to you all. 

The apache running on my server supports both http and https.  The cases where https is required are when user clicks the login button or some functions that require authentication.  The action follows:

http://myserver/user.php?action=login

Then I add lines to beginning of user.php:

$url = $_SERVER['SERVER_NAME'];
$query = $_SERVER['QUERY_STRING'];
$path = $_SERVER['PHP_SELF'];
header("Location: https://$url$path?$query");

This redirects my browser to use https as expected.  However, after successful user authentication, I don't know how to "switch back" to http since I've no idea about which URL that "calls" user.php.
I've to add header("Location: http://....") to every PHP script that will be invoked after authentication.  I'm afraid this is not the right way to do that.  Would anyone pls help?

Thank you ver much.
Link to comment
Share on other sites

You have to read our posts the https as is not a hyper text transfer secuity is it ?

https will only work as exspected if you inplement a https server.

The way you have it it is not a proper https and is in fact as the same as using http.

In esence if you valadate your login code properly and use md5 properly for the database insert you will not need a https server ok.
Link to comment
Share on other sites

[quote author=448191 link=topic=101899.msg405351#msg405351 date=1154115221]
Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.
[/quote]

Then switch back to HTTP if procotol is HTTPS ?  Thanks a lot.
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.