Jump to content


Photo

Pls help: switching between http/https


  • Please log in to reply
10 replies to this topic

#1 stwong

stwong
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 26 July 2006 - 09:52 AM

Hi, all,

I'm newbie to PHP.  I'm trying to modify a program so that all page except login are http.  I try the header function as following:

--------------- cut here -------------
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == "on")) {
  $url = $_SERVER['SERVER_NAME'];
  $query = $_SERVER['QUERY_STRING'];
  $path = $_SERVER['PHP_SELF'];
  header("Location: http://$url$path?$query");
}
--------------- cut here -------------

However, this always reload the "current" login page which is called from some other pages (html or PHP), e.g.

<a href="authenticate.php?action=login">

Would anyone please help?  Sorry for the newbie question and poor English.

Thanks a lot.


#2 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 26 July 2006 - 10:07 AM

I'm not at all experienced with https, but it's a transfer protocol, and you have to configure a server to use it. It also means you can't just 'turn it off' from a php script.

In order to switch I think you would need 2 (virtual) servers.

Somebody please correct me if I'm talking out of my ***.

#3 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 26 July 2006 - 10:14 AM

Is it possible to provide HTTP and HTTPS from the same server?
Yes. HTTP and HTTPS use different server ports (HTTP binds to port 80, HTTPS to port 443), so there is no direct conflict between them. You can either run two separate server instances bound to these ports, or use Apache's elegant virtual hosting facility to create two virtual servers over one instance of Apache - one responding to requests on port 80 and speaking HTTP and the other responding to requests on port 443 speaking HTTPS.


link
http://httpd.apache....sl/ssl_faq.html
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#4 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 26 July 2006 - 10:34 AM

Is it possible to provide HTTP and HTTPS from the same server?
Yes.


But not from within the same server configuration, as you pointed out yourself. You'd need to use 2 (virtual) hosts.

#5 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 26 July 2006 - 10:38 AM

You could use two apache setups on one meachine and do it but your correct the correct way is to use two servers.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#6 stwong

stwong
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 28 July 2006 - 02:05 AM

Thanks to you all. 

The apache running on my server supports both http and https.  The cases where https is required are when user clicks the login button or some functions that require authentication.  The action follows:

http://myserver/user.php?action=login

Then I add lines to beginning of user.php:

$url = $_SERVER['SERVER_NAME'];
$query = $_SERVER['QUERY_STRING'];
$path = $_SERVER['PHP_SELF'];
header("Location: https://$url$path?$query");

This redirects my browser to use https as expected.  However, after successful user authentication, I don't know how to "switch back" to http since I've no idea about which URL that "calls" user.php.
I've to add header("Location: http://....") to every PHP script that will be invoked after authentication.  I'm afraid this is not the right way to do that.  Would anyone pls help?

Thank you ver much.

#7 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 28 July 2006 - 02:51 AM

You have to read our posts the https as is not a hyper text transfer secuity is it ?

https will only work as exspected if you inplement a https server.

The way you have it it is not a proper https and is in fact as the same as using http.

In esence if you valadate your login code properly and use md5 properly for the database insert you will not need a https server ok.
Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc

#8 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 28 July 2006 - 05:58 AM

I think a https server has already been configured.

Otherwise, header("Location: https://$url$path?$query"); wouldn't "work as expected".

That's all for now I'm late for work.

#9 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 28 July 2006 - 07:33 PM

Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.

#10 stwong

stwong
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 29 July 2006 - 02:40 AM

Back from work.

if(stristr($_SERVER["SERVER_PROTOCOL"],'HTTPS'))

to determin if you're on the regular of secure server.


Then switch back to HTTP if procotol is HTTPS ?  Thanks a lot.

#11 448191

448191
  • Staff Alumni
  • Advanced Member
  • 3,545 posts
  • LocationNetherlands

Posted 29 July 2006 - 08:32 PM

Welcome.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users