Re: [PHP] redirect http to https
?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;} ? Very bad solution. Don't just tell us it's bad, explain why (even with an RTFM or URL to look at)... nobody learns from an answer like this. The only thing I can think of is that $_SERVER variables can be compromised (ie you can't rely on them, they can be changed via curl or some other method). But that's just a guess. -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
I have separate document roots for the http and the https stuff, say htdocs and htdocs-secure - this can be done with apache configuration then I need only to put a single redirecting line into the htdocs/index.php like ?php header(Location: https://my.server.com/;); ? and that's all greets Zoltán Németh 2007. 04. 9, hétfő keltezéssel 08.40-kor Ben Liu ezt írta: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ? What do people think about this solution? Thanks, - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/10/07, Zoltán Németh [EMAIL PROTECTED] wrote: I have separate document roots for the http and the https stuff, say htdocs and htdocs-secure - this can be done with apache configuration then I need only to put a single redirecting line into the htdocs/index.php like ?php header(Location: https://my.server.com/;); ? and that's all greets Zoltán Németh 2007. 04. 9, hétfő keltezéssel 08.40-kor Ben Liu ezt írta: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ? What do people think about this solution? Thanks, - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php I believe you should also be sending a 301 status header so user agents can be made aware of the redirect and make updates accordingly (bookmarks, etc.) http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.2
Re: [PHP] redirect http to https
On Mon, April 9, 2007 8:38 am, Martin Marques wrote: Ben Liu escribió: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Assume, for the sake of argument, that you have no access to mod_rewrite, httpd.conf, nor even .htaccess ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;} ? Very bad solution. What specifically is so bad? -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] redirect http to https
What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ? What do people think about this solution? Thanks, - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
Ben Liu wrote: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ? What do people think about this solution? Thanks, - Ben Hello, Why not config this knid of function by using you Web Server ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
Ben Liu escribió: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;} ? Very bad solution. -- select 'mmarques' || '@' || 'unl.edu.ar' AS email; - Martín Marqués | Programador, DBA Centro de Telemática| Administrador Universidad Nacional del Litoral - -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Martin Marques martin@bugs.unl.edu.ar wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
Ben Liu wrote: On 4/9/07, Martin Marques martin@bugs.unl.edu.ar wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben Hello, FYI : ?php header(Location:https://www.yourdomain_name.com;); exit(); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Ben Liu [EMAIL PROTECTED] wrote: What's the prescribed method for redirecting a user forcibly to from the non-SSL secured version of a page to the SSL-secured version? Is this handled at the web server level or at the script level. I found this by googling: ?php if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on) {header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER ['SCRIPT_NAME']);exit;} ? What do people think about this solution? Thanks, - Ben Apache mod_rewrite maybe? Tijnema -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirect http to https
-Original Message- From: Ben Liu [mailto:[EMAIL PROTECTED] Sent: Monday, April 09, 2007 3:52 PM To: Martin Marques; PHP Subject: Re: [PHP] redirect http to https On 4/9/07, Martin Marques martin@bugs.unl.edu.ar wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] You might be able to do this by putting an .htaccess file in your webroot of non-ssl: -- RewriteEngine On RewriteRule ^/(.*)$ https://www.yourdomain.com/$1 [L] -- Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Peter Lauri [EMAIL PROTECTED] wrote: You might be able to do this by putting an .htaccess file in your webroot of non-ssl: -- RewriteEngine On RewriteRule ^/(.*)$ https://www.yourdomain.com/$1 [L] -- This appears to work: RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R] (sorry if off-topic) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php