[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3210
  • Last Modified:

PHP Smarty - Redirecting from https to http when ssl is not required

I've got a PHP (Smarty) website which uses SSL.   Only a couple of forms on the site use SSL and my problem is that when a user goes in to one of the forms the site kicks over to https:// which is fine.  Problem is when they go back around the rest of the site it carries on using https when it should go back to http.

I know I could use absolute links on the https:// forms to sort this problem but that's not ideal.  I was wondering if there was a way I could put some code in the config file for the site which fires every time a page is loaded, which would sort the problem out
0
noel58
Asked:
noel58
  • 4
  • 3
1 Solution
 
DigitalTyrantCommented:
If you are running Linux, I would use ReWrite rules in your htaccess file to do this.

RewriteEngine on
Options +FollowSymLinks
RewriteBase /

# Redirect secure pages to HTTPS if requested with HTTP
RewriteCond %{HTTPS} !^443$
RewriteRule ^(secure1\.php¬¶secure2\.php)$ https://www.example.com/$1 [R=301,L]
#
# Redirect non-secure pages to HTTP if requested by HTTPS
RewriteCond %{HTTPS} ^443$
RewriteCond %{REQUEST_URI} !^/(secure1\.php¦secure2\.php)$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]

that will redirect any request for secure1.php or secure2.php to an HTTPS connection and all others to an HTTP connection.  
0
 
noel58Author Commented:
That looks like it might be a winner....let me try it out and come back to you.  Thanks very much
0
 
noel58Author Commented:
I've only got one secure page called quotation.php, so I've done something like this does it look like it should work?....

RewriteEngine on
Options +FollowSymLinks
RewriteBase /

# Redirect secure pages to HTTPS if requested with HTTP
RewriteCond %{HTTPS} !^443$
RewriteRule ^(quotation\.php)$ https://www.example.com/$1 [R=301,L]
#
# Redirect non-secure pages to HTTP if requested by HTTPS
RewriteCond %{HTTPS} ^443$
RewriteCond %{REQUEST_URI} !^/(quotation\.php)$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
noel58Author Commented:
Aggh, just discovered that our host providor is Windows so this won't work.  Is there any way we could re-create the same functionality in PHP?
0
 
DigitalTyrantCommented:
try putting the following into a scripts.js file or similar .js file and attach to every page

window.onload = function()
{
  if(window.location.pathname.search("quotation.php") > -1)
  {
    if(window.location.protocol.search("s") == -1)
    {
      rewriteSecure();
    }
  }
  else
  {
    if(window.location.protocol.search("s") > -1)
    {
      rewriteStandard();
    }
  }
}

function rewriteSecure()
{
  window.location = "https://"+window.location.hostname+"/"+window.location.pathname;
}

function rewriteStandard()
{
  window.location = "http://"+window.location.hostname+"/"+window.location.pathname;
}

0
 
noel58Author Commented:
Hey DigitalTyrant, I'm using PHP Smarty so I can apply a global function across the site.  I'm going to start looking in to this but if somebody can put something together fairly quickly for me I'd appreciate it :)
0
 
DigitalTyrantCommented:
Sorry, not familiar with PHP Smarty.  All you have to do is add a <script src="redirect.js"></script> to the <HEAD> of every page.  Adding a PHP function to check and redirect would be similar and would require being at the first line of every page, before any HTML.  PHP doesn't allow redirection after the headers have been sent, the first line of HTML.
0
 
DrBrainiacCommented:
for smarty it is just as easy as for every other application. You most likeley will have a template called header.tpl and footer.tpl which you include in every other page template.

In this case, you just add the script line from the post above in header.tpl, which will make sure it is included on each page.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now