Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: SSL page divert

  1. #1
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts

    SSL page divert

    Hi I am having issues with my SSL.

    I have put my admin area in SSL folder and it all works fine with the padlock.

    I am trying to now sort my website and think I should only put in the login, registration forms and things like that.

    However obviously when I click login and it diverts to the requested page i.e.

    login at https://mysite.ssl.com/login.php it should then confirm and divert to a unsecured part http://www.mysite.com/mainsite.php.

    I have the following bit of code at the top of each of my pages.

    Code:
    <?php
    session_cache_expire(40);
    session_start();
    if (!isset($_SESSION['userid'])) {
        header( 'Location: login.php' ) ;
    }
    
    ?>
    obviously becuase it has to go to a my unsecured FTP it is losing the userid on transfer. Can anyone advise how I can do this?

    Also I have some flash files that keep prompting the message unsecure and secure items on page display unsecured items, yes or no (only on Microsoft Explorer) Firefox is fine. Can anyone also advise what do I do with flash?

  • #2
    ess
    ess is offline
    Regular Coder
    Join Date
    Oct 2006
    Location
    United Kingdom
    Posts
    865
    Thanks
    7
    Thanked 29 Times in 28 Posts
    The secure and none-secure popups that appear are due to the source locations of enclosed flash or image objects in the html document. To avoid seeing the pop, change all sources of flash and images to https://yoursite/route_to_flash_object

    As for the redirecting and sharing of sessions between http and https or ssl as you put, you will end to specify protocol when redirecting users from http to https. Before redirecting, store the location of where the user was so that you can redirect them to the page they wanted to see.

    for example
    PHP Code:
    <?php
    session_cache_expire
    (40);
    session_start();
    if (!isset(
    $_SESSION['userid'])) {
       
    $_SESSION['requested_page'] = "http://yoursite/page.php";
        
    header'Location: https://mysite.ssl.com/login.php' ) ;
    }
    ?>
    In the login.php, make sure that the https protocol is in use by ensuring that the request didn't arrive on port 80

    PHP Code:
    if($_SERVER['SERVER_PORT'] == 80) {
      
    // redirect 
      
    header'Location: https://mysite.ssl.com/login.php' ) ;
    //-- ends if 
    After that, I would check user credentials...if they match, redirect to
    PHP Code:
    header("Location: " $_SESSION['requested_page'] ); 

  • #3
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Wo, I thought it would be easier than this gonna have to think how to do it. Not really understanding it. I only added ssl after it was requested.

  • #4
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Right at the minute I have one file in my SSL, I have put it on submit to go to a page i.e. http://www.mysite.com/membersarea.php

    In the membersarea.php page I have put;
    PHP Code:
    <?php
    session_cache_expire
    (40);
    session_start();
    if (!isset(
    $_SESSION['userid'])) {
       
    $_SESSION['requested_page'] = "http://yoursite/CHECK.php";
        
    header'Location: https://mysite.ssl.com/login.php' ) ;
    }
    ?>
    and then I have made a check.php page which has the following code in it;

    PHP Code:
    <?php 
    if($_SERVER['SERVER_PORT'] == 80) {
      
    // redirect 
      
    header'Location: https://mysite.ssl.com/WORNGLOGIN.php' ) ;
    if (!isset(
    $_SESSION['userid'])) {
    header("Location: " $_SESSION['requested_page'] );
    }
    //-- ends if  ?>
    This should then direct them back to the requested page membersarea.php page and the user ID should allow them to use the service site.

    This doesn't seem to be working on this example could anyone guide me correctly?

  • #5
    Regular Coder
    Join Date
    Aug 2008
    Posts
    127
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Can anyone help me ??


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •