8 35731
On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiv en.net> wrote: I need to verify if the page that led the user to this page used http or httpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional and
fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co. uk) icq(5747695) ( http://www.andyh.co.uk)
Space: disk usage analysis tool ( http://www.andyhsoftware.co.uk/space)
ya you can't rely on referer since it cheatable, but I suggest you to use
session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSec ure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSec ure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co. uk> wrote in message
news:hq******** *************** *********@4ax.c om... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiv en.net>
wrote:I need to verify if the page that led the user to this page used http or httpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly. You can't reliably tell anything from the referrer, since it's optional
and fakeable.
But if you still want to, then just check the first five characters of $_SERVER['HTTP_REFERER'] ?
-- Andy Hassall (an**@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk) Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
That would be great except that the page they are coming from is possible to
get to using http as well as httpS.
What I need is a way to force them to use https.
Barring that, I need a way to test if the page they came from was https.
thanks.
"Savut" <we***@hotmail. com> wrote in message
news:NU******** *********@news2 0.bellglobal.co m... ya you can't rely on referer since it cheatable, but I suggest you to use session, when he is in the secure page, you define something like $_SESSION["haveVisitedSec ure"] = true;
then on your second page, if ($_SESSION["haveVisitedSec ure"]) { //.... } else { echo "you must come from the secure page"; }
Savut
"Andy Hassall" <an**@andyh.co. uk> wrote in message news:hq******** *************** *********@4ax.c om... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiv en.net> wrote:I need to verify if the page that led the user to this page used http
orhttpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional
and fakeable.
But if you still want to, then just check the first five characters of $_SERVER['HTTP_REFERER'] ?
-- Andy Hassall (an**@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk) Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
well on the first page, you check the URL of the document itself if it's
https or http, if it's https, you set secure to true
on the first page :
if (substr($_SERVE R["PHP_SELF"], 0, 5) == "https") {
$_SESSION["secure"] = true;
} else {
$_SESSION["secure"] = false;
}
then on the second, you verify it :
if ($_SESSION["secure"]) {
echo "you were from the secured page";
} else {
echo "cheating";
}
Savut
"NotGiven" <no****@nonegiv en.net> wrote in message
news:EW******** **@bignews3.bel lsouth.net... That would be great except that the page they are coming from is possible
to get to using http as well as httpS.
What I need is a way to force them to use https.
Barring that, I need a way to test if the page they came from was https.
thanks.
"Savut" <we***@hotmail. com> wrote in message news:NU******** *********@news2 0.bellglobal.co m... ya you can't rely on referer since it cheatable, but I suggest you to
use session, when he is in the secure page, you define something like $_SESSION["haveVisitedSec ure"] = true;
then on your second page, if ($_SESSION["haveVisitedSec ure"]) { //.... } else { echo "you must come from the secure page"; }
Savut
"Andy Hassall" <an**@andyh.co. uk> wrote in message news:hq******** *************** *********@4ax.c om... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiv en.net> wrote: >I need to verify if the page that led the user to this page used http or >httpS. > >for example, if the use cam to my page from: >httpS://www.dm.com/sample/foo.php > >I want to know as opposed to coming from: >http://www.dm.com/sample/foo.php > >I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's
optional and fakeable.
But if you still want to, then just check the first five characters
of $_SERVER['HTTP_REFERER'] ?
-- Andy Hassall (an**@andyh.co. uk) icq(5747695) (http://www.andyh.co.uk) Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech: I need to verify if the page that led the user to this page used http or httpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.ev il.ones.will.bo w-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL cert
to use which the client asked for.
Without a way to force all pages in the directory to be opened using SSL, I
resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So: https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to: http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using SSL
and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth Apache,
I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mm ers.and.evil.on es.will.bow-down-to.us> wrote in
message news:1v******** *************** ******@40tude.n et... Regarding this well-known quote, often attributed to NotGiven's famous "Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http or httpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better solution to the greater problem.
-- -- Rudy Fleminger -- sp@mmers.and.ev il.ones.will.bo w-down-to.us (put "Hey!" in the Subject line for priority processing!) -- http://www.pixelsaredead.com
Regarding this well-known quote, often attributed to NotGiven's famous
"Thu, 4 Dec 2003 17:23:51 -0500" speech: Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL cert to use which the client asked for.
Without a way to force all pages in the directory to be opened using SSL, I resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So: https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to: http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using SSL and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth Apache, I have tried, SSLRequireSSL directive - doesn't work. Tried directory cirective - doesn't work.
Thanks. "FLEB" <so*********@mm ers.and.evil.on es.will.bow-down-to.us> wrote in message news:1v******** *************** ******@40tude.n et... Regarding this well-known quote, often attributed to NotGiven's famous "Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http or httpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better solution to the greater problem.
-- -- Rudy Fleminger -- sp@mmers.and.ev il.ones.will.bo w-down-to.us (put "Hey!" in the Subject line for priority processing!) -- http://www.pixelsaredead.com
Okay, I'm really in over my head on this one (I don't even know if I HAVE
an SSL-enabled server, much less used the features), but can you get it to
check whether the *current* page is being viewed SSL, then redirect to the
SSL version of itself it's not.
I'm just thinking that any checks would be worlds more safe and reliable if
it was the current page being checked, since HTTP is stateless (preserves
no information) and all information about previous activity has to be
continuously sent back-and-forth (with possible spoofing or security
implications).
--
-- Rudy Fleminger
-- sp@mmers.and.ev il.ones.will.bo w-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
My solution before would work well, this is a 100% proof as you can't rely
on referer.
Savut
"FLEB" <so*********@mm ers.and.evil.on es.will.bow-down-to.us> wrote in
message news:m8******** *************** ******@40tude.n et... Regarding this well-known quote, often attributed to NotGiven's famous "Thu, 4 Dec 2003 17:23:51 -0500" speech:
Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL
cert to use which the client asked for.
Without a way to force all pages in the directory to be opened using
SSL, I resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So: https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to: http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using
SSL and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth
Apache, I have tried, SSLRequireSSL directive - doesn't work. Tried directory cirective - doesn't work.
Thanks. "FLEB" <so*********@mm ers.and.evil.on es.will.bow-down-to.us> wrote in message news:1v******** *************** ******@40tude.n et... Regarding this well-known quote, often attributed to NotGiven's famous "Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http
or httpS.
for example, if the use cam to my page from: httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from: http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a
better solution to the greater problem.
-- -- Rudy Fleminger -- sp@mmers.and.ev il.ones.will.bo w-down-to.us (put "Hey!" in the Subject line for priority processing!) -- http://www.pixelsaredead.com Okay, I'm really in over my head on this one (I don't even know if I HAVE an SSL-enabled server, much less used the features), but can you get it to check whether the *current* page is being viewed SSL, then redirect to the SSL version of itself it's not.
I'm just thinking that any checks would be worlds more safe and reliable
if it was the current page being checked, since HTTP is stateless (preserves no information) and all information about previous activity has to be continuously sent back-and-forth (with possible spoofing or security implications).
-- -- Rudy Fleminger -- sp@mmers.and.ev il.ones.will.bo w-down-to.us (put "Hey!" in the Subject line for priority processing!) -- http://www.pixelsaredead.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Grunff |
last post by:
I'm experiencing an interesting problem with carrying a php session over
from http to https. Much googling later, I'm still stuck.
The application is an online shop, where some user data is stored in the
session. As the user proceeds to checkout, we switch over to https. This
is all done on the same physical server, under the same domain...
|
by: MisterKen |
last post by:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.
Are session variables suppose to lose values across different domain names?
The www50.ssldomain.com is hosted by the same webhost. It's just how they...
|
by: Chris Ashley |
last post by:
Is it possible to persist viewstate information between HTTP and HTTPS
(on the same page obviously)? Trying to get around writing some messy
state transfer code... it doesn't seem to work if I use
response.redirect.
|
by: Saverio Tedeschi |
last post by:
Hi all gurus,
I wrote an Win app with embedded FTP client (well, made some cut and paste
from others' projects :-)) to receive and send files from within the app
itself. Now the server I connect to from 1st Jan on will allow just
http/https connection, so I can no longer use FTP. I've thought to use
System.Net.WebClient class and SendFiles...
|
by: bjohns33 |
last post by:
Hi all
I've written a custom provider for membership services and put my login
control on an ascx. I want this ascx to be available anywhere on the website
so that users don't need to click twice to login. The rest of the site is
running over http, but I want the login process to run over https (obviously
don't want the password being...
| |
by: tarak |
last post by:
Hi, I am working on a site that wants to provide facility to check whether http port and ftp port of given ip address is working or not. I will provide an ip address i need to check status of all ports
|
by: totalstranger |
last post by:
My Bluehost site is setup with a dedicated IP address, Rapid SSL
certificate, PHP 5 and FastCGI is set on.
When switching between HTTP and HTTPS I was under the impression the
Session Data was independent for each protocol and I've read about
various methods of storing session data in a database to bypass this
problem. However while testing...
|
by: shlim |
last post by:
Currently I'm using VB.Net to perform a http/https multipart form post to a servlet. I'm able to perform the post using HttpWebrequest via GetRequestStream(). However, the servlet returned me with "The remote server returned an error: (500) Internal Server Error". Obviously, this means that I have not posted all the parameters as the servlet...
|
by: Steve |
last post by:
weird things afoot.
i'd been prototyping a site and had a couple of reports that output in pdf
format. everything has been working fine so far. i added in some ssl last
night so that pages/scripts that set an $enableSecurity flag dynamically
change from http to https (avoids mixed security messages for things like
resource links, etc.)....
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |