8  35713 
On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net> wrote: I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional and
fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) ( http://www.andyh.co.uk)
Space: disk usage analysis tool ( http://www.andyhsoftware.co.uk/space)
ya you can't rely on referer since it cheatable, but I suggest you to use
session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSecure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSecure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:hq********************************@4ax.com... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net>
wrote:I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional
and fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
That would be great except that the page they are coming from is possible to
get to using http as well as httpS.
What I need is a way to force them to use https.
Barring that, I need a way to test if the page they came from was https.
thanks.
"Savut" <we***@hotmail.com> wrote in message
news:NU*****************@news20.bellglobal.com... ya you can't rely on referer since it cheatable, but I suggest you to use
session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSecure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSecure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:hq********************************@4ax.com... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net>
wrote:I need to verify if the page that led the user to this page used http
orhttpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional
and fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
well on the first page, you check the URL of the document itself if it's
https or http, if it's https, you set secure to true
on the first page :
if (substr($_SERVER["PHP_SELF"], 0, 5) == "https") {
$_SESSION["secure"] = true;
} else {
$_SESSION["secure"] = false;
}
then on the second, you verify it :
if ($_SESSION["secure"]) {
echo "you were from the secured page";
} else {
echo "cheating";
}
Savut
"NotGiven" <no****@nonegiven.net> wrote in message
news:EW**********@bignews3.bellsouth.net... That would be great except that the page they are coming from is possible
to get to using http as well as httpS.
What I need is a way to force them to use https.
Barring that, I need a way to test if the page they came from was https.
thanks.
"Savut" <we***@hotmail.com> wrote in message
news:NU*****************@news20.bellglobal.com... ya you can't rely on referer since it cheatable, but I suggest you to
use session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSecure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSecure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:hq********************************@4ax.com... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net>
wrote:
>I need to verify if the page that led the user to this page used http or >httpS.
>
>for example, if the use cam to my page from:
>httpS://www.dm.com/sample/foo.php
>
>I want to know as opposed to coming from:
>http://www.dm.com/sample/foo.php
>
>I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's
optional and fakeable.
But if you still want to, then just check the first five characters
of $_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech: I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL cert
to use which the client asked for.
Without a way to force all pages in the directory to be opened using SSL, I
resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So: https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to: http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using SSL
and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth Apache,
I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:1v*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Regarding this well-known quote, often attributed to NotGiven's famous
"Thu, 4 Dec 2003 17:23:51 -0500" speech: Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL cert
to use which the client asked for.
Without a way to force all pages in the directory to be opened using SSL, I
resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So:
https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to:
http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using SSL
and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth Apache,
I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:1v*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Okay, I'm really in over my head on this one (I don't even know if I HAVE
an SSL-enabled server, much less used the features), but can you get it to
check whether the *current* page is being viewed SSL, then redirect to the
SSL version of itself it's not.
I'm just thinking that any checks would be worlds more safe and reliable if
it was the current page being checked, since HTTP is stateless (preserves
no information) and all information about previous activity has to be
continuously sent back-and-forth (with possible spoofing or security
implications).
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
My solution before would work well, this is a 100% proof as you can't rely
on referer.
Savut
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:m8*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Thu, 4 Dec 2003 17:23:51 -0500" speech:
Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL
cert to use which the client asked for.
Without a way to force all pages in the directory to be opened using
SSL, I resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So:
https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to:
http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using
SSL and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth
Apache, I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:1v*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http
or httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a
better solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Okay, I'm really in over my head on this one (I don't even know if I HAVE
an SSL-enabled server, much less used the features), but can you get it to
check whether the *current* page is being viewed SSL, then redirect to the
SSL version of itself it's not.
I'm just thinking that any checks would be worlds more safe and reliable
if it was the current page being checked, since HTTP is stateless (preserves
no information) and all information about previous activity has to be
continuously sent back-and-forth (with possible spoofing or security
implications).
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Grunff |
last post by:
I'm experiencing an interesting problem with carrying a php session over
from http to https. Much googling later, I'm still stuck.
The application is an online shop, where some user data is...
|
by: MisterKen |
last post by:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.
Are...
|
by: Chris Ashley |
last post by:
Is it possible to persist viewstate information between HTTP and HTTPS
(on the same page obviously)? Trying to get around writing some messy
state transfer code... it doesn't seem to work if I use...
|
by: Saverio Tedeschi |
last post by:
Hi all gurus,
I wrote an Win app with embedded FTP client (well, made some cut and paste
from others' projects :-)) to receive and send files from within the app
itself. Now the server I connect...
|
by: bjohns33 |
last post by:
Hi all
I've written a custom provider for membership services and put my login
control on an ascx. I want this ascx to be available anywhere on the website
so that users don't need to click...
|
by: tarak |
last post by:
Hi, I am working on a site that wants to provide facility to check whether http port and ftp port of given ip address is working or not. I will provide an ip address i need to check status of all...
|
by: totalstranger |
last post by:
My Bluehost site is setup with a dedicated IP address, Rapid SSL
certificate, PHP 5 and FastCGI is set on.
When switching between HTTP and HTTPS I was under the impression the
Session Data was...
|
by: shlim |
last post by:
Currently I'm using VB.Net to perform a http/https multipart form post to a servlet. I'm able to perform the post using HttpWebrequest via GetRequestStream(). However, the servlet returned me with...
|
by: Steve |
last post by:
weird things afoot.
i'd been prototyping a site and had a couple of reports that output in pdf
format. everything has been working fine so far. i added in some ssl last
night so that...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
