On Tue, Feb 26, 2008 at 11:54 AM, tedd <tedd.sperling@xxxxxxxxx> wrote:
> At present, I use the actual directories (http/https) to determine if
> the operation of the script is secure or not.
You also hijack other people's threads. No-no, Tedd! *slaps hand*
> For scripts that don't collect sensitive date, I physically place in
> the http directory. For scripts that do, I place in the https
> directory.
Not every server configuration has separate directories for secure
and non-secure differentiation. For example, log into your php1.net
account on my server.
> That's the hard way, right?
>
> Instead, I could place all my scripts where I want and then add
>
> <?php
> if(!isset($_SERVER['HTTPS']) ) {
>
> $url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
> $_SERVER['SERVER_NAME'];
> header("Location:
> https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
> exit;
> }
> ?>
>
> at the beginning of each secure script -- is that correct?
I would still at least use the port 80/443 example that I provided
as a backup for portability.
Also, keep in mind that all $_SERVER Superglobals were only
introduced in 4.1.0. Any scripts written before that (and any old
versions of PHP) should be using $HTTP_SERVER_VARS.
> But the redirect still requires a script to be in the https
> directory, does it not?
That depends solely on the server configuration. Check with your sysop.
--
</Dan>
Daniel P. Brown
Senior Unix Geek
<? while(1) { $me = $mind--; sleep(86400); } ?>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
