8  35507 
On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net> wrote: I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional and
fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) ( http://www.andyh.co.uk)
Space: disk usage analysis tool ( http://www.andyhsoftware.co.uk/space)
ya you can't rely on referer since it cheatable, but I suggest you to use
session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSecure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSecure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:hq********************************@4ax.com... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net>
wrote:I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional
and fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
That would be great except that the page they are coming from is possible to
get to using http as well as httpS.
What I need is a way to force them to use https.
Barring that, I need a way to test if the page they came from was https.
thanks.
"Savut" <we***@hotmail.com> wrote in message
news:NU*****************@news20.bellglobal.com... ya you can't rely on referer since it cheatable, but I suggest you to use
session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSecure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSecure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:hq********************************@4ax.com... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net>
wrote:I need to verify if the page that led the user to this page used http
orhttpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's optional
and fakeable.
But if you still want to, then just check the first five characters of
$_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
well on the first page, you check the URL of the document itself if it's
https or http, if it's https, you set secure to true
on the first page :
if (substr($_SERVER["PHP_SELF"], 0, 5) == "https") {
$_SESSION["secure"] = true;
} else {
$_SESSION["secure"] = false;
}
then on the second, you verify it :
if ($_SESSION["secure"]) {
echo "you were from the secured page";
} else {
echo "cheating";
}
Savut
"NotGiven" <no****@nonegiven.net> wrote in message
news:EW**********@bignews3.bellsouth.net... That would be great except that the page they are coming from is possible
to get to using http as well as httpS.
What I need is a way to force them to use https.
Barring that, I need a way to test if the page they came from was https.
thanks.
"Savut" <we***@hotmail.com> wrote in message
news:NU*****************@news20.bellglobal.com... ya you can't rely on referer since it cheatable, but I suggest you to
use session, when he is in the secure page, you define something like
$_SESSION["haveVisitedSecure"] = true;
then on your second page,
if ($_SESSION["haveVisitedSecure"]) {
//....
} else {
echo "you must come from the secure page";
}
Savut
"Andy Hassall" <an**@andyh.co.uk> wrote in message
news:hq********************************@4ax.com... On Wed, 3 Dec 2003 15:48:51 -0500, "NotGiven" <no****@nonegiven.net>
wrote:
>I need to verify if the page that led the user to this page used http or >httpS.
>
>for example, if the use cam to my page from:
>httpS://www.dm.com/sample/foo.php
>
>I want to know as opposed to coming from:
>http://www.dm.com/sample/foo.php
>
>I've tried looking at PORT but it doesn't seem to work properly.
You can't reliably tell anything from the referrer, since it's
optional and fakeable.
But if you still want to, then just check the first five characters
of $_SERVER['HTTP_REFERER'] ?
--
Andy Hassall (an**@andyh.co.uk) icq(5747695) (http://www.andyh.co.uk)
Space: disk usage analysis tool (http://www.andyhsoftware.co.uk/space)
Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech: I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL cert
to use which the client asked for.
Without a way to force all pages in the directory to be opened using SSL, I
resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So: https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to: http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using SSL
and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth Apache,
I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:1v*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Regarding this well-known quote, often attributed to NotGiven's famous
"Thu, 4 Dec 2003 17:23:51 -0500" speech: Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL cert
to use which the client asked for.
Without a way to force all pages in the directory to be opened using SSL, I
resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So:
https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to:
http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using SSL
and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth Apache,
I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:1v*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http or
httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a better
solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Okay, I'm really in over my head on this one (I don't even know if I HAVE
an SSL-enabled server, much less used the features), but can you get it to
check whether the *current* page is being viewed SSL, then redirect to the
SSL version of itself it's not.
I'm just thinking that any checks would be worlds more safe and reliable if
it was the current page being checked, since HTTP is stateless (preserves
no information) and all information about previous activity has to be
continuously sent back-and-forth (with possible spoofing or security
implications).
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
My solution before would work well, this is a 100% proof as you can't rely
on referer.
Savut
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:m8*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Thu, 4 Dec 2003 17:23:51 -0500" speech:
Yes, thanks.
I am doing a series of pages and my hosting company offers a shared SSL
cert to use which the client asked for.
Without a way to force all pages in the directory to be opened using
SSL, I resort to forcing it in the code - PHP.
Thus you can rewrite the URL to access the page without using SSL. So:
https://ssl.myhost.com/sssl.mydomain.com/page1.php
could be rewritten to:
http://www.mydomain.com/page1.php
and viewed. I need to distinguish between what is being loaded using
SSL and not so I can do a location: redirect to the https version.
If anyone knows of a way to do this using Apache, let me know. WIth
Apache, I have tried, SSLRequireSSL directive - doesn't work. Tried directory
cirective - doesn't work.
Thanks.
"FLEB" <so*********@mmers.and.evil.ones.will.bow-down-to.us> wrote in
message news:1v*****************************@40tude.net... Regarding this well-known quote, often attributed to NotGiven's famous
"Wed, 3 Dec 2003 15:48:51 -0500" speech:
I need to verify if the page that led the user to this page used http
or httpS.
for example, if the use cam to my page from:
httpS://www.dm.com/sample/foo.php
I want to know as opposed to coming from:
http://www.dm.com/sample/foo.php
I've tried looking at PORT but it doesn't seem to work properly.
Any ideas?
Thanks.
Could I ask why? More details might make it possible to provide a
better solution to the greater problem.
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com
Okay, I'm really in over my head on this one (I don't even know if I HAVE
an SSL-enabled server, much less used the features), but can you get it to
check whether the *current* page is being viewed SSL, then redirect to the
SSL version of itself it's not.
I'm just thinking that any checks would be worlds more safe and reliable
if it was the current page being checked, since HTTP is stateless (preserves
no information) and all information about previous activity has to be
continuously sent back-and-forth (with possible spoofing or security
implications).
--
-- Rudy Fleminger
-- sp@mmers.and.evil.ones.will.bow-down-to.us
(put "Hey!" in the Subject line for priority processing!)
-- http://www.pixelsaredead.com This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Grunff |
last post by:
I'm experiencing an interesting problem with carrying a php session over
from http to https. Much googling later, I'm still stuck.
The application is an online shop, where some user data is...
|
by: MisterKen |
last post by:
It appears that I'm losing values for session variables when I move from a
page like http://www.my_site.com/catalog.aspx to
https://www50.ssldomain.com/my_site/login.aspx and vice versa.
Are...
|
by: Chris Ashley |
last post by:
Is it possible to persist viewstate information between HTTP and HTTPS
(on the same page obviously)? Trying to get around writing some messy
state transfer code... it doesn't seem to work if I use...
|
by: Saverio Tedeschi |
last post by:
Hi all gurus,
I wrote an Win app with embedded FTP client (well, made some cut and paste
from others' projects :-)) to receive and send files from within the app
itself. Now the server I connect...
|
by: bjohns33 |
last post by:
Hi all
I've written a custom provider for membership services and put my login
control on an ascx. I want this ascx to be available anywhere on the website
so that users don't need to click...
|
by: tarak |
last post by:
Hi, I am working on a site that wants to provide facility to check whether http port and ftp port of given ip address is working or not. I will provide an ip address i need to check status of all...
|
by: totalstranger |
last post by:
My Bluehost site is setup with a dedicated IP address, Rapid SSL
certificate, PHP 5 and FastCGI is set on.
When switching between HTTP and HTTPS I was under the impression the
Session Data was...
|
by: shlim |
last post by:
Currently I'm using VB.Net to perform a http/https multipart form post to a servlet. I'm able to perform the post using HttpWebrequest via GetRequestStream(). However, the servlet returned me with...
|
by: Steve |
last post by:
weird things afoot.
i'd been prototyping a site and had a couple of reports that output in pdf
format. everything has been working fine so far. i added in some ssl last
night so that...
|
by: isladogs |
last post by:
The next Access Europe meeting will be on Wednesday 2 August 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM)
The start time is equivalent to 19:00 (7PM) in Central...
|
by: erikbower65 |
last post by:
Using CodiumAI's pr-agent is simple and powerful. Follow these steps:
1. Install CodiumAI CLI: Ensure Node.js is installed, then run 'npm install -g codiumai' in the terminal.
2. Connect to...
|
by: linyimin |
last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
|
by: erikbower65 |
last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA:
1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
|
by: DJRhino1175 |
last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this -
If...
|
by: Rina0 |
last post by:
I am looking for a Python code to find the longest common subsequence of two strings. I found this blog post that describes the length of longest common subsequence problem and provides a solution in...
|
by: lllomh |
last post by:
How does React native implement an English player?
|
by: Mushico |
last post by:
How to calculate date of retirement from date of birth
|
by: DJRhino |
last post by:
Was curious if anyone else was having this same issue or not....
I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
| |
