At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
> Then a user wants to purchase something and I direct them to a unique
script in the https directory and that script takes their sensitive
data and finalizes the sale. What's wrong with that?
Nothing. But you do need to manage what files show up in which
directories. Me, I just put them all into a shop directory or whatnot
and check what protocol is required for access. Then I only need to
manage one directory when updating the code.
Why would I also want to check if "that a page is accessed only via a
secure connection?"
Because you're restricting based on access, not based on directory
structure.
Ahhh, I see (I think).
I've been using the actual directories for my scripts, when I don't
really need to do that. I could do it automagically with code. That
would certainly make my work organization a bit easier.
So, let's say I wanted script "secure.php" to be forced to use https
-- do I use something like what Dan provided, namely?
<?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header("Location:
https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
exit;
}
?>
I know I could test the code for myself, but this is quicker.
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
