Re: [PHP] redirect http to https
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location:
https://.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;}
?
Very bad solution.
Don't just tell us it's bad, explain why (even with an RTFM or URL to
look at)... nobody learns from an answer like this.
The only thing I can think of is that $_SERVER variables can be
compromised (ie you can't rely on them, they can be changed via curl or
some other method).
But that's just a guess.
--
Postgresql php tutorials
http://www.designmagick.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
I have separate document roots for the http and the https stuff, say
htdocs and htdocs-secure - this can be done with apache
configuration
then I need only to put a single redirecting line into the
htdocs/index.php like
?php
header(Location: https://my.server.com/;);
?
and that's all
greets
Zoltán Németh
2007. 04. 9, hétfő keltezéssel 08.40-kor Ben Liu ezt írta:
What's the prescribed method for redirecting a user forcibly to from
the non-SSL secured version of a page to the SSL-secured version? Is
this handled at the web server level or at the script level. I found
this by googling:
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER
['SCRIPT_NAME']);exit;}
?
What do people think about this solution?
Thanks,
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/10/07, Zoltán Németh [EMAIL PROTECTED] wrote:
I have separate document roots for the http and the https stuff, say
htdocs and htdocs-secure - this can be done with apache
configuration
then I need only to put a single redirecting line into the
htdocs/index.php like
?php
header(Location: https://my.server.com/;);
?
and that's all
greets
Zoltán Németh
2007. 04. 9, hétfő keltezéssel 08.40-kor Ben Liu ezt írta:
What's the prescribed method for redirecting a user forcibly to from
the non-SSL secured version of a page to the SSL-secured version? Is
this handled at the web server level or at the script level. I found
this by googling:
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER
['SCRIPT_NAME']);exit;}
?
What do people think about this solution?
Thanks,
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I believe you should also be sending a 301 status header so user
agents can be made aware of the redirect and make updates accordingly
(bookmarks, etc.)
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.2
Re: [PHP] redirect http to https
On Mon, April 9, 2007 8:38 am, Martin Marques wrote:
Ben Liu escribió:
What's the prescribed method for redirecting a user forcibly to from
the
non-SSL secured version of a page to the SSL-secured version? Is
this
handled at the web server level or at the script level. I found this
by
googling:
This should be done with the rewrite instruction of apache, or what
ever
instructionyour web server has.
Assume, for the sake of argument, that you have no access to
mod_rewrite, httpd.conf, nor even .htaccess
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !==
on)
{header(Location:
https://.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;}
?
Very bad solution.
What specifically is so bad?
--
Some people have a gift link here.
Know what I want?
I want you to buy a CD from some indie artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] redirect http to https
What's the prescribed method for redirecting a user forcibly to from
the non-SSL secured version of a page to the SSL-secured version? Is
this handled at the web server level or at the script level. I found
this by googling:
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER
['SCRIPT_NAME']);exit;}
?
What do people think about this solution?
Thanks,
- Ben
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
Ben Liu wrote:
What's the prescribed method for redirecting a user forcibly to from
the non-SSL secured version of a page to the SSL-secured version? Is
this handled at the web server level or at the script level. I found
this by googling:
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER
['SCRIPT_NAME']);exit;}
?
What do people think about this solution?
Thanks,
- Ben
Hello,
Why not config this knid of function by using you Web Server ?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
Ben Liu escribió:
What's the prescribed method for redirecting a user forcibly to from the
non-SSL secured version of a page to the SSL-secured version? Is this
handled at the web server level or at the script level. I found this by
googling:
This should be done with the rewrite instruction of apache, or what ever
instructionyour web server has.
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location:
https://.$_SERVER['SERVER_NAME'].$_SERVER['SCRIPT_NAME']);exit;}
?
Very bad solution.
--
select 'mmarques' || '@' || 'unl.edu.ar' AS email;
-
Martín Marqués | Programador, DBA
Centro de Telemática| Administrador
Universidad Nacional
del Litoral
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Martin Marques martin@bugs.unl.edu.ar wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
Ben Liu wrote: On 4/9/07, Martin Marques martin@bugs.unl.edu.ar wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben Hello, FYI : ?php header(Location:https://www.yourdomain_name.com;); exit(); ? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Ben Liu [EMAIL PROTECTED] wrote:
What's the prescribed method for redirecting a user forcibly to from
the non-SSL secured version of a page to the SSL-secured version? Is
this handled at the web server level or at the script level. I found
this by googling:
?php
if($_SERVER['SERVER_PORT'] !== $encport || $_SERVER['HTTPS'] !== on)
{header(Location: https://.$_SERVER['SERVER_NAME'].$_SERVER
['SCRIPT_NAME']);exit;}
?
What do people think about this solution?
Thanks,
- Ben
Apache mod_rewrite maybe?
Tijnema
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] redirect http to https
-Original Message- From: Ben Liu [mailto:[EMAIL PROTECTED] Sent: Monday, April 09, 2007 3:52 PM To: Martin Marques; PHP Subject: Re: [PHP] redirect http to https On 4/9/07, Martin Marques martin@bugs.unl.edu.ar wrote: This should be done with the rewrite instruction of apache, or what ever instructionyour web server has. Um...guess I will have to check with our hosting company about this. Thanks. - Ben -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php [Peter Lauri - DWS Asia] You might be able to do this by putting an .htaccess file in your webroot of non-ssl: -- RewriteEngine On RewriteRule ^/(.*)$ https://www.yourdomain.com/$1 [L] -- Best regards, Peter Lauri www.dwsasia.com - company web site www.lauri.se - personal web site www.carbonfree.org.uk - become Carbon Free -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] redirect http to https
On 4/9/07, Peter Lauri [EMAIL PROTECTED] wrote:
You might be able to do this by putting an .htaccess file in your webroot of
non-ssl:
--
RewriteEngine On
RewriteRule ^/(.*)$ https://www.yourdomain.com/$1 [L]
--
This appears to work:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [L,R]
(sorry if off-topic)
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
