RE: [PHP] Re: HTTPS w/ header() ?
chicken or egg question here...
assuming the directory requires authentication a la .htaccess or httpd.conf
allow/deny
does this methos encapsulate the authentication in the SSL or does this only
eget applied after authenticating and reading the file to get the header
portion.
Example, current setup is to access the secure page via https://mypage
this means the SSL layer is already in place when apache prompts for
user/password, thus transmitting the user/pw pair securely to the server.
without the SSL layer in place, your user/pw pair is essentially being snt open
text for anyone to parse. If the header information contained in the if
statement isn't parsed untill after the uid/pw pair is already sent.
I would suspect that since PHP parses the file prior to delivering it to the
user, that the lack of SSL is detected and the resulting login session is
encapsulated in the SSL layer.
Can anyone verify this?
Dave
>if(getenv("HTTPS")!="on")
>{
>header ("Location: https://logon_screen";);
>}
>
>every page has an include that checks $HTTPS as part of the sessions and
>validation. If https!="on" then it kicks you back to the logon screen.
>
>you could do the same using
>
>if(getenv("HTTPS")!="on")
>{
>header ("Location: https://$SERVER_NAME/$PHP_SELF";);
>}
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Re: HTTPS w/ header() ?
I have done something like this.
For the site I am working on, the user must log on. At the logon screen I
check
if(getenv("HTTPS")!="on")
{
header ("Location: https://logon_screen";);
}
every page has an include that checks $HTTPS as part of the sessions and
validation. If https!="on" then it kicks you back to the logon screen.
you could do the same using
if(getenv("HTTPS")!="on")
{
header ("Location: https://$SERVER_NAME/$PHP_SELF";);
}
I think
Don't know if that's what you're after, but it's what I've done and I have a
high index of suspicion that it is working...
Lee
- Original Message -
From: "Richard Lynch" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 19, 2001 12:50 PM
Subject: [PHP] Re: HTTPS w/ header() ?
> > Is there is a way with PHP (most probably headers) to go HTTPS mode?
> > I don't want to specify https://www.myserver.com/secured_page.php
> > I just want it normal but in it's header to tell the browser to initiate
> an
> > HTTPS mode.
>
> I don't think you can do that...
>
> You could send a header to do:
>
> header("Location: https://www.myserver.com/secured_page.php";);
>
> but pretty much the user will then see the https when the page shows up...
>
> What's the big picture here? I've got a feeling you've gone down a wrong
> path that's making you ask this question...
>
> --
> WARNING [EMAIL PROTECTED] address is an endangered species -- Use
> [EMAIL PROTECTED]
> Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
> Volunteer a little time: http://chatmusic.com/volunteer.htm
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Re: HTTPS w/ header() ?
> Is there is a way with PHP (most probably headers) to go HTTPS mode?
> I don't want to specify https://www.myserver.com/secured_page.php
> I just want it normal but in it's header to tell the browser to initiate
an
> HTTPS mode.
I don't think you can do that...
You could send a header to do:
header("Location: https://www.myserver.com/secured_page.php";);
but pretty much the user will then see the https when the page shows up...
What's the big picture here? I've got a feeling you've gone down a wrong
path that's making you ask this question...
--
WARNING [EMAIL PROTECTED] address is an endangered species -- Use
[EMAIL PROTECTED]
Wanna help me out? Like Music? Buy a CD: http://l-i-e.com/artists.htm
Volunteer a little time: http://chatmusic.com/volunteer.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
