SSL question.

[tijerina]

I have asked this question previously and have implemented what was responded per tek-tips replies.

How do I HTTPS protect a directory or a couple of web pages on my website.

Meaning. I have a website that has a checkout page, it is located at /var/

http://www/html/checkout

how do I protect checkout with a redirect from HTTP to HTTPS..

I currently have the following code in my index.php (this code snipit is located at the top of the index.php file) page located at /var/

http://www/html/index.php

if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS']!="on")
{
$header = "Location:

https://".$_SERVER

[SERVER_NAME].$_SERVER[REQUEST_URI];
header($header);
exit;
}
$user_login = "";
if(isset($_REQUEST['user_login'])){
$user_login = $_REQUEST['user_login'];
if (isset($_REQUEST['username'])){
session_start();
$HTTP_SESSION_VARS['valid_user'] = $_REQUEST['username'];
$username = $HTTP_SESSION_VARS['valid_user'];
}
}

But this protects the entire site. I do find it annoying that a Windows Security Information gui pops up all the time stating "This page contains both secure and nonsecure items. Do you want to display the nonsecure items>"

I have two files located /var/

http://www/html/checkout/checkout1.php

and checkout2.php.. Can I protect the entire /checkout dir or would you suggest I only HTTPS checout1.php and checkout2.php?

Either way can some instructions be provided as to the what and how. Thanks so much...

 

[sleipnir214]

The annoying "both secure and nonsecure items" message is telling you that you have a web page that you are fetching by HTTPS that contains images or other additional content that is designated to be downloaded by HTTP.

For example, if you have the following page:

<html><body><img src="

http://www.site.foo/images/image.jpg></body></html>

And you point your browser to the page via HTTP, you will get the error because the image is specifically being downloaded by HTTP. Using relative links in the page:

<html><body><img src="/images/image.jpg></body></html>

Will stop the error. The image will be downloaded by whatever protocol is being used to download the entire page.


In terms of SSL, I would only secure those pages you need to.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[BabyJeffy]

If you have the following code:

<iframe src="" width="100" height="100"></iframe>

Then you will also get the error (when loading the parent page using https). Creating a blank.htm to put in the src property fixes that. This little "trivial bit of info" frustrated me for ages *grin*

Jeff

 

[tijerina]

In order to secure the two pages, should I redirect from a .htaccess file?

Suggestions please?

Thanks

 

[DRJ478]

You can protect the subfolder by requiring SSL in the .htaccess file
It depends on the host you use if you can use a rewrite rule in the .htaccess and make it https://
You could also specify an error document that redirects to the same page using https://
Both variants would require extensive privileges not granted by most hosts.

The code you use is fine - so why don't you just use it in the scripts that are in the checkout folder?
If you load modules all from index.php you can use a string match to see if the requested URI is in the checkout folder and just do the redirection then.

 

[tijerina]

Oh, I will give that a try, thanks for the suggestion.