开发者

use https only for login page not the whole website

问答 作者:

i want to open login page of my website with https only,not the comeplete website. after login authenication ( successful), website whoud again run on http.

currently my main login page is test_index.php where i included test_header.php

my basic code on test_header.php is 

if($_SERVER['SERVER_PORT'] != 443) {
   header("HTTP/1.1 301 Moved Permanently");
   header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
   exit();
}

but this make complete website in https

i also read here that it can be possible via .htaccess, so i remove above code snippet from test_header.php and add the following lines in .htaccess file and 

<IfModule mod_rewrite.c>
  RewriteEngine on
  # 301 redirect to domain to 'www.'
  RewriteCond %{HTTP_HOST} ^testweb.com$ [NC]
  RewriteRule ^(.*)$ http://www.testweb.com/$1 [R=301,L]
</IfModule>

<FilesMatch test_index.php>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%开发者_如何学Go{REQUEST_URI} [R,L]
</FilesMatch>

Note: testweb.com is just an imaginary name, not actual website

but still complete website run on https, please tell me where i m doing mistake??

Edit

@webbiedave please check my updated Code , is that right way?? 

if ($_SERVER['REQUEST_URI'] == '/test_index.php') { // only check https on login
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        header("HTTP/1.1 301 Moved Permanently");
        header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();
    } else {
        die("Sorry,Your website is not secure");        
    }
} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        // header("HTTP/1.1 301 Moved Permanently");
        header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();
}

Thanks

Don't check the port number for verifying https as it's not impossible -- although highly unlikely -- for https to be on a non-standard port. Rather, check the $_SERVER['HTTPS'] variable:

if ($_SERVER['REQUEST_URI'] == '/login.php') { // only check https on login
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        // do login stuff
    } else {
        // redirect to https or simply give an error
    }
} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    // redirect to http
}

继续阅读:httpslogin-pagephp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9