At 2:09 PM -0500 2/25/08, Daniel Brown wrote:
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port of
On Tue, Feb 26, 2008 at 9:39 AM, tedd [EMAIL PROTECTED] wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Well for instance. We have a web server here with
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
You might want to do such checks if your website (www.example.com) is
accessible over
On Tue, Feb 26, 2008 at 9:39 AM, tedd [EMAIL PROTECTED] wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
HTTPS is a protocol:
If you are running Apache you could use a rewrite rule for such a case.
Example below
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(my|folder|examples) /https/://%{HTTP_HOST}%{REQUEST_URI}
[R=301,L]
Aleksander
Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child
On Tue, 2008-02-26 at 09:45 -0500, Dan Joseph wrote:
On Tue, Feb 26, 2008 at 9:39 AM, tedd [EMAIL PROTECTED] wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something
At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
You might want to do such checks if your
tedd [EMAIL PROTECTED] wrote:
At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
data and finalizes the sale. What's wrong with that?
On Tue, Feb 26, 2008 at 10:16 AM, tedd [EMAIL PROTECTED] wrote:
At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
On Tue, Feb 26, 2008 at 10:56 AM, tedd [EMAIL PROTECTED] wrote:
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ?
On Tue, 2008-02-26 at 10:56 -0500, tedd wrote:
At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
On Tue, Feb 26, 2008 at 10:16 AM, tedd [EMAIL PROTECTED] wrote:
At 3:47 PM +0100 2/26/08, Per Jessen wrote:
tedd wrote:
Sometimes I feel like a child here.
Under what circumstances would one require that?
On Tue, 2008-02-26 at 11:00 -0500, Dan Joseph wrote:
On Tue, Feb 26, 2008 at 10:56 AM, tedd [EMAIL PROTECTED] wrote:
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
if($_SERVER['SERVER_PORT'] != '443') {
On Tue, Feb 26, 2008 at 11:04 AM, Robert Cummings [EMAIL PROTECTED]
wrote:
Surely you mean $_SERVER['HTTPS'] and not $_ENV['HTTPS'].
woops! yep, I meant $_SERVER, thanks :)
--
-Dan Joseph
Build a man a fire, and he will be warm for the rest of the day.
Light a man on fire, and will be
Robert Cummings wrote:
On Tue, 2008-02-26 at 11:00 -0500, Dan Joseph wrote:
On Tue, Feb 26, 2008 at 10:56 AM, tedd [EMAIL PROTECTED] wrote:
So, let's say I wanted script secure.php to be forced to use https
-- do I use something like what Dan provided, namely?
?
On Tue, Feb 26, 2008 at 11:12 AM, Jim Lucas [EMAIL PROTECTED] wrote:
And it doesn't say off. It either exists or doesn't.
if ( isset($_SERVER['HTTPS']) ) {
// Is using SSL
} else {
// Is NOT using SSL
}
Almost correct.
From http://php.net/reserved.variables :
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering --
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *slaps hand*
For scripts that don't collect
using the wrong protocol, I'll issue a
redirect to correct things.
HTH,
Warren Vail
-Original Message-
From: Daniel Brown [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 26, 2008 9:11 AM
To: tedd
Cc: PHP General list
Subject: Re: [PHP] checking for and enforcing https
On Tue
At 12:10 PM -0500 2/26/08, Daniel Brown wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd!
On Tue, Feb 26, 2008 at 1:11 PM, tedd [EMAIL PROTECTED] wrote:
At 12:10 PM -0500 2/26/08, Daniel Brown wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or
At 1:27 PM -0500 2/26/08, Daniel Brown wrote:
It's fun to learn, 'cause knowledge is power! ;-P
---*
The More You Know!
Yes, as the ads say A mind is a terrible thing...
Cheers,
tedd
--
---
http://sperling.com http://ancientstones.com
Andrew Ballard wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it
On Tue, Feb 26, 2008 at 4:06 PM, Shawn McKenzie [EMAIL PROTECTED] wrote:
Andrew Ballard wrote:
On Tue, Feb 26, 2008 at 11:54 AM, tedd [EMAIL PROTECTED] wrote:
At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
Am I
On Tue, Feb 26, 2008 at 4:06 PM, Shawn McKenzie [EMAIL PROTECTED] wrote:
When most people talk about a http and https directory, they are most
likely talking about the common convention in shared hosting especially
on Apache where your account will have a httpdocs/ and a httpsdocs/
On Tue, Feb 26, 2008 at 04:46:38PM -0500, Daniel Brown wrote:
Of course, getting into that is a completely different discussion
from the post made by the OP whom, as it appears, gave up and took
off when Tedd *hijacked* his thread. ;-P
No, I've been reading all the posts and have
On Tue, Feb 26, 2008 at 5:39 PM, Rick Pasotto [EMAIL PROTECTED] wrote:
I've had nothing to add although I've been somewhat annoyed by the
excessive quoting.
That's probably on the fault of people like myself who use Gmail.
It hides the quoted text automatically, so we don't even see the
At 5:39 PM -0500 2/26/08, Rick Pasotto wrote:
I've had nothing to add although I've been somewhat annoyed by the
excessive quoting.
--
The most important thing in life is not simply to capitalize on your
gains. Any fool can do that. The important thing is to profit from your
losses. That
Date: Tue, 26 Feb 2008 17:39:13 -0500
From: [EMAIL PROTECTED]
To: php-general@lists.php.net
Subject: Re: [PHP] checking for and enforcing https
On Tue, Feb 26, 2008 at 04:46:38PM -0500, Daniel Brown wrote:
Of course, getting
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
--
The secret of being miserable is to have the leisure to bother about whether
you are happy or not. The cure is occupation. -- George Bernard Shaw
Rick Pasotto[EMAIL
Rick Pasotto wrote:
What is the best or recomended proceedure for making sure that a page
is accessed only via a secure connection?
The guaranteed way is not serving it over an insecure connection.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit:
Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Make the server only send over 443 instead of 80...
But if you don't have the ability to change .htaccess or httpd.conf then you
can
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port of 443,
include this at the very top of every file,
]
Date: Mon, 25 Feb 2008 13:55:41 -0500
To: Rick Pasotto [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] checking for and enforcing https
Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via
PROTECTED]
Date: Mon, 25 Feb 2008 13:55:41 -0500
To: Rick Pasotto [EMAIL PROTECTED]
Cc: php-general@lists.php.net
Subject: Re: [PHP] checking for and enforcing https
Rick Pasotto [EMAIL PROTECTED] wrote:
What is the best or recomended proceedure for making sure that a page
Stephen Johnson [EMAIL PROTECTED] wrote:
Or you can cheat...
$url = $_SERVER['SERVER_NAME'];
header( 'Location:https://'.$url.'');
I think that would cause an infinite loop of redirection...
This would be better
?php
$curPort = $_SERVER['SERVER_PORT'];
$pageTo
On 25 Feb 2008, at 18:40, Rick Pasotto wrote:
What is the best or recomended proceedure for making sure that a
page is
accessed only via a secure connection?
What web server are you using? In my experience this is best done
there rather than in PHP.
-Stut
--
http://stut.net/
--
PHP
To: Stephen Johnson [EMAIL PROTECTED]
Cc: Rick Pasotto [EMAIL PROTECTED], php-general@lists.php.net
Subject: Re: [PHP] checking for and enforcing https
Nope, it works like a charm for me, but I have it in an IF statement checking
to see if the requestor is https or not to begin with.
I
On Mon, Feb 25, 2008 at 2:09 PM, Daniel Brown [EMAIL PROTECTED] wrote:
?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header(Location:
42 matches
Mail list logo