At 11:03 AM -0500 2/26/08, Robert Cummings wrote:
On Tue, 2008-02-26 at 10:57 -0500, Andrew Ballard wrote:
> Am I misunderstanding you somewhere?
I don't think you are. I think Ted has been doing it the hard way... but
the lightbulb may have just gone on :)
Cheers,
Rob.
It's flickering -- sorry to be so dim.
At present, I use the actual directories (http/https) to determine if
the operation of the script is secure or not.
For scripts that don't collect sensitive date, I physically place in
the http directory. For scripts that do, I place in the https
directory.
That's the hard way, right?
Instead, I could place all my scripts where I want and then add
<?php
if(!isset($_SERVER['HTTPS']) ) {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header("Location:
https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
exit;
}
?>
at the beginning of each secure script -- is that correct?
But the redirect still requires a script to be in the https
directory, does it not?
Thanks,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
