Thread: HTTP vs HTTPS

    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    3
    Rep Power
    0

    HTTP vs HTTPS


    Hi,

    I have a live chat widget. To have the widget to work in SSL pages, I had to change in all .php from:
    PHP Code:
     if(!strstr($hostdomain,"http")){ $hostdomain="http://".$hostdomain; } 
    to:
    PHP Code:
    if(!strstr($hostdomain,"https")){ $hostdomain="https://".$hostdomain; }. 
    The problem is when I change the http to https in the code above, now the widget don't appear in non-ssl pages.

    So my question is how can I modify the code below to have it to work with both http and https pages ?
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    you already got an answer, so why not link to that instead of letting us repeat what you already know?

    You've been told the exact value in the $_SERVER array you need to check in order to determine whether the page has been requested via HTTPS. So do that:

    PHP Code:
    $protocol =
        empty(
    $_SERVER['HTTPS']) ? 'http' 'https'
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by Jacques1
    Hi,

    you already got an answer, so why not link to that instead of letting us repeat what you already know?

    You've been told the exact value in the $_SERVER array you need to check in order to determine whether the page has been requested via HTTPS. So do that:

    PHP Code:
    $protocol =
        empty(
    $_SERVER['HTTPS']) ? 'http' 'https'
    Thank you to try to help. On the other forum, as I said, I was not understanding the answer. It's why I came here to see if I can get more friendly help.

    The php code you just give me here not solve my problem if I insert it in my php code.
  6. #4
  7. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by stephanes
    The php code you just give me here not solve my problem if I insert it in my php code.
    That's a bit vague, isn't it? How did you insert the code? What exactly doesn't work? Is there an error? Does $protocol contain the wrong protocol string? How does $_SERVER['HTTPS'] look like etc.

    We do need some info if you want us to help you.
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2013
    Posts
    3
    Rep Power
    0
    Originally Posted by Jacques1
    That's a bit vague, isn't it? How did you insert the code? What exactly doesn't work? Is there an error? Does $protocol contain the wrong protocol string? How does $_SERVER['HTTPS'] look like etc.

    We do need some info if you want us to help you.
    I don't receive any error. The widget work perfectly well on my https pages but it simply don't appear on http pages. If I add <?php $protocol = empty($_SERVER['HTTPS']) ? 'http' : 'https'; to the code below, it change nothing.

    I use this code in my php script:
    PHP Code:
    $urlData parse_url($_SERVER['HTTP_REFERER']); $hostdomain $urlData['host']; if(!strstr($hostdomain,"https")){ $hostdomain="https://".$hostdomain; } header('Access-Control-Allow-Methods: GET'); header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Headers: Content-Type, *'); header("Access-Control-Allow-Origin: $hostdomain "); ?> 
    If you have any suggestion, it would be appreciated.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2005
    Location
    Vancouver, WA, USA
    Posts
    399
    Rep Power
    190
    Originally Posted by stephanes
    I don't receive any error. The widget work perfectly well on my https pages but it simply don't appear on http pages. If I add ..... to the code below, it change nothing.

    If you have any suggestion, it would be appreciated.
    This is probably because this EXACT syntax may not be perfect for your use. You need to look at the problem, and see what it is doing, and what it needs. It would help if you understood PHP, or considered hiring someone that does.

    It's not perfect, because your line of code doesn't use $protocol anywhere.. They were just trying to show how one MIGHT use the $_SERVER['HTTPS'] to check the protocol status.

    You have not given enough information to go on. You have not answered questions asked by other members (like the contents of $_SERVER['HTTPS'] )

    The change in your original line of code, looks like it should work, but one line of code is not enough to be sure of what is going on.
    Last edited by ttremain; April 26th, 2013 at 08:08 AM.
    Thomas Tremain
  12. #7
  13. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    This stuff is two weeks old. The only reason it's been moved up again is because some spam bot has dug it out.

    Comments on this post

    • requinix agrees : and now they're gone
    The 6 worst sins of security ē How to (properly) access a MySQL database with PHP

    Why canít I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2005
    Location
    Vancouver, WA, USA
    Posts
    399
    Rep Power
    190
    Sorry, didn't look at the date...
    Thomas Tremain

IMN logo majestic logo threadwatch logo seochat tools logo