I have designed a Online shopping website. Everything works fine with http. Now I want that the profile and the payment gateway should use HTTPS instead of HTTP. I have not dealt with https before and so I am stuck here. Here is my code snippet. I want profile.php to use https. I have seen some post where it has been told to edit mod_rewrite or use some https redirect function. But how will I do that? I am using XAMPP.
if($rws['user_email']==$UserName && $rws['user_pass']==$UserPwd){
if($_REQUEST['remember']==1){
setcookie('uname',$UserName,time()+24*60*60);
setcookie('pwd',$UserPwd,time()+24*60*60);
}
$_SESSION['fname'] = $rws['user_fname'];
$_SESSION['ud'] = $rws['user_id'];
header('Location:profile.php');
}
You need to put a rewrite condition in your .htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
Related
I am having a php html site hosted on server. I've url like http://www.test.com/sales.php when user click on the link of this url then it should show www.test.com/services/sales.php instead of www.test.com/sales.php.
I've tried following code but it is not working.
RewriteEngine On
RewriteRule ^http://www.test.com/services/sales.php$ http://www.test.com/sales.php [R=301,NE,NC,L]
You can use like that
htaccess:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^sales/? http://www.test.com/services/sales.php [R=301,L]
This is the more robust version that can also be used in the real http server configuration:
RewriteEngine On
RewriteRule ^/?sales\.php$ /services/sales.php [R=301]
RewriteRule ^/?services/sales\.php$ /sales.php [END]
If you want to have a clean URL ("https://example.com/services/sales" instead of "https://example.com/services/sales.php"), then this variant would make sense:
RewriteEngine On
RewriteRule ^/?sales\.php?$ /services/sales [R=301]
RewriteRule ^/?sales/?$ /services/sales [R=301]
RewriteRule ^/?services/sales/?$ /sales.php [END]
It is a good idea to start with a 302-redirection and only change that to a 301 once everything is working as expected. When using a 301 right away you might run into issues with caching, so you should always use a fresh anonymous browser tab when testing.
I am trying to redirect my site to always open in HTTPS. I am using CloudFlare and they have a setting to "Always use HTTPS". But there is a page on my website where I do not want to use HTTPS as it opens other websites under an iFrame. And if that page also loads in HTTPS then under iFrame any website whose URL hasn't been mentioned with HTTPS doesn't open. Therefore, for that particular page I want to keep the website to be opened under HTTP.
Things I am doing:
In CloudFlare Crypto settings "Always Use HTTPS" is ON.
Then in my page where I want it to opened under HTTP say surf.php
I am using the following PHP code:
if($_SERVER['HTTP_HOST'] != 'localhost'){
if(isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'on'){
if(!headers_sent()){
header("Status: 301 Moved Permanently");
header(sprintf('Location: http://%s%s',$_SERVER['HTTP_HOST'],$_SERVER['REQUEST_URI']));
exit();
}
}
}
Now the page doesn't open and says "The page isn’t redirecting properly". What should I do? Is there any other method to accomplish this? I want to use HTTPS in whole website so "Always use HTTPS" settings in cloudflare should be ON except just surf.php. What should be the best method here?
It sounds like you are in a redirect loop. Where you have a .htaccess file that forces HTTPS, and then you redirect to HTTP using PHP. Then that new request has all the same rules applied to it so that it gets redirected by .htaccess again to HTTPS, and so on (to infinity)
So I would first make sure your not forcing HTTPS in your .htaccess file. If so you can add a RewriteCond to exclude your URL:
#RewriteEngine On #-- if not included elsewhere
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
When mod rewrite hits a Rewrite condition if it fails (is false) it will disregard the next rewrite rule. So with this in place your PHP code could do it's job, but you can also do this in htaccess alone. Because you will have dependence on the URL in there anyway, I don't see an issue doing it all in the .htaccess file.
This would basically be the opposite of the above except you know the url. Something like this:
#if HTTPS is not on (then continue)
RewriteCond %{HTTPS} !=on
#add this rule in (if not our page, then redirect to HTTPS)
RewriteCond %{REQUEST_URI} !^/surf\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#if HTTPS is not off (then continue)
RewriteCond %{HTTPS}!=off
# (if is our page, then redirect to HTTP)
RewriteCond %{REQUEST_URI} ^/surf\.php$
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I can't really test this though, but that's the general idea. If HTTPS is no off, and the %{REQUEST_URI} is our page !^/surf.php$ redirect to HTTP... Basically you have to punch a hole through the HTTPS rule and then force http.
I am pretty sure with %{REQUEST_URI} you only have to check if it starts with your URL (minus the host and protocal).
I'll admit I'm a bit rusty with complex HTACCESS rules, spoiled by MVC routers, so this may very well not be 100% correct. But the general idea is sound.
Anyway hope it helps.
I need some help with URL rewriting.
I need just 1 dynamic page (signin) to be handled via SSL, all other pages need to be redirected to HTTP.
So here my .htaccess file for :443 virtualhost:
RewriteEngine on
RewriteRule ^signin$ https://www.page.com/?s=signin [L,NC]
RewriteCond %{REQUEST_URI} !^\/(signin)+ [NC]
RewriteRule ^(.*)$ http://%{SERVER_NAME}/$1 [R=302,L]
What happens is, that https://www.page.com/signin gets redirected via the 302 redirect to http://www.page.com/?s=signin
What am I doing wrong?
Your question is tagged with PHP. Is your signin page PHP?
Add this to the top of your signin page and that page will force itself to the HTTPS.
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "") {
$redirect = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
header("Location: $redirect");
}
Ok, I take this as an apache question. To explain what seems to happen first:
Your first rule redirects to
https://www.page.com/?s=signin
This does not match the REQUEST_URI Condition !^/(signin)+; so the second rule redirects to
http://www.page.com/?s=signin
Probably your condition should read something along the lines of:
RewriteCond %{REQUEST_URI} !^\/\?s=signin [NC]
To see what exactly mod_rewrite does, enable the rewrite log, if you can - how to do this depends on the apache version.
User clicks link (from their email): http://www.site.com/edit/wih293f73y
Browser window opens and gets them to the correct page.
But now the browser's address bar shows: http://www.site.com/editor.php?editCode=wih293f73y
Extra info:
My rewrite rule is:RewriteRule ^edit/([A-Za-z0-9-]+)/?$ editor.php?editCode=$1 [NC,L]
This problem ONLY occurs when the user has clicked a link. It works perfectly when you just type the pretty url into the address bar.
This problem ONLY occurs for links that include the www. - the link http://site.com/edit/wih293f73y works like a charm.
My .htaccess file includes the following code (from HTML5 boilerplate, which I wasn't aware of previously):
# Rewrite www.example.com → example.com
<IfModule mod_rewrite.c>
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
</IfModule>
If it's important, this occurs after my other rewrite rules.
I just took a look and it is apparent that your www rules is causing this. Question is do you want it be fixed? If you do then move this rule on top of all other rules and your problem should be fixed.
Move this to top of all other rules
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
You can use use the redirect directive
redirect 301 ^edit/([A-Za-z0-9-]+)/?$ editor.php?editCode=$1
There are some pros and cons to this strategy. The pros being;
It's super fast. You don't even need to load up your application for this to work.
It's minimal code.
Redirects are an intrinsic part of Apache (or any http server) and aren't going anywhere soon.
The cons being;
It's not part of your application proper. Should you decide to change logic or URLs, you'll have to change this, too.
It's slower, as you need to invoke php, as opposed to just having Apache issue the redirect.
Due to my hosting company's policies I am using pretty url in CakePHP (without the Apache mod rewrite). My homepage is at:
http://stthomasedu.org/index.php/home
How can I redirect traffic from
'http://stthomasedu.org/' to 'http://stthomasedu.org/index.php/home' ?
I've tried to edit index.php with
header("Location:http://stthomasedu.org/index.php/home");
but it's not working, every time I have to manually enter the URL "http://stthomasedu.org/index.php/home"
Any ideas?
SOLVED : IN C-PANEL I HAVE AN OPTION TO REDIRECT ALL MY TRAFFIC TO (http://stthomasedu.org) ANY LOCATION (now i set it to http://stthomasedu.org/index.php/home)
Since you are using Apache, you can add these lines in a .htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^$
RewriteCond %{HTTP_HOST} ^stthomasedu.org$
RewriteRule ^$ http://stthomasedu.org/index.php/home [L,R=301]
Did you remember to exit after your header() call?
header('Location: /index.php/home');
exit;