billypilgrim32
asked on
get rid of https prefix on pages that don't need to be secure
Guys---
A client needed me to create a secure donations page. i had my hosting provider give me the access, and was able to create the page.
https://www.bybergforcongress.com/donate
problem is now, whenever someone navigates back to the main site, the browser maintains the https prefix, prompting explorer to warn users of "insecure content".
i really just need the donations page secure---not the rest of the site. what's the best way to do this? It's a wordpress site, so the navigation is triggered by
i have very little php experience, and absolutely none in sql and server knowledge. appreciate your help!
A client needed me to create a secure donations page. i had my hosting provider give me the access, and was able to create the page.
https://www.bybergforcongress.com/donate
problem is now, whenever someone navigates back to the main site, the browser maintains the https prefix, prompting explorer to warn users of "insecure content".
i really just need the donations page secure---not the rest of the site. what's the best way to do this? It's a wordpress site, so the navigation is triggered by
<?php
if ((function_exists("has_nav_menu")) && (has_nav_menu('primary-menu'))) {
echo wp_nav_menu(victory_nav_menu_args());
}
?>i have very little php experience, and absolutely none in sql and server knowledge. appreciate your help!
ASKER
Man this looks like it should work...but i get nothing when i pop it into my header. Am i supposed to modify anything?
do you call any of the functions? like SSLoff()
ASKER
yikes. total noob here...bear with me. here's the code at the top of my header.php file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<link rel="stylesheet" type="text/css" href="http://www.bybergforcongress.com/wp-content/themes/victory/lee.css" />
<title>BE Part of the Movement | Lee Byberg for Congress - 2012</title>
<link rel="shortcut icon" href="http://www.bybergforcongress.com/wp-content/themes/victory/images/adminimages/lee/favicon.ico"/>
<link rel="alternate" type="application/rss+xml" href="http://feeds.feedburner.com/bybergforcongress?format=xml" />
<?php
//This works in 5.2.3
//First function turns SSL on if it is off.
//Second function detects if SSL is on, if it is, turns it off.
//==== Redirect... Try PHP header redirect, then Java redirect, then try http redirect.:
function redirect($url){
if (!headers_sent()){ //If headers not sent yet... then do php redirect
header('Location: '.$url); exit;
}else{ //If headers are sent... do java redirect... if java disabled, do html redirect.
echo '<script type="text/javascript">';
echo 'window.location.href="'.$url.'";';
echo '</script>';
echo '<noscript>';
echo '<meta http-equiv="refresh" content="0;url='.$url.'" />';
echo '</noscript>'; exit;
}
}//==== End -- Redirect
//==== Turn Off HTTPS -- Detect if HTTPS, if so, then turn off HTTPS:
function SSLoff(){
if($_SERVER['HTTPS'] == 'off'){
$url = "http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
redirect($url);
}
}//==== End -- Turn Off HTTPS
?>
<?php
// customized slider
wp_deregister_script('jquery');
wp_register_script('activateslid', CHILDTHEME . '/library/scripts/combine.js');
wp_enqueue_script('activateslid');
wp_enqueue_script(
$in_footer
);
?>ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
beeeeeautiful. that's the one!
Thanks for the points, and thanks for using EE. It's a great question. The effect can go the other way, too. You may have scripts you only want to run behind HTTPS. Just a thought, ~Ray
http://www.php.net/manual/en/function.header.php#83448
Open in new window