[FX.php List] [OFF] https per page?
Joel Shapiro
jsfmp at earthlink.net
Mon Dec 7 22:09:37 MST 2009
Got it. Thanks Dale!
-Joel
On Dec 7, 2009, at 9:06 PM, Dale Bengston wrote:
> The absolute references started because I had clients with weird
> requirements for where files got stored. With absolute references,
> you can pretty-much put your parent page(s) anywhere and all the
> includes will still work. It was the only way I could get my code
> framework to function across all my clients' environments.
>
>
> On Dec 7, 2009, at 10:17 PM, Joel Shapiro wrote:
>
>> Thanks Dale. I can definitely see the value in that approach.
>> I've never needed to be that flexible, but it's something to work
>> towards.
>>
>> Out of curiosity, do you choose to use absolute references for
>> everything specifically because of this method, or is there some
>> other reason you find them preferable to relative references?
>>
>> -Joel
>>
>>
>> On Dec 7, 2009, at 6:32 PM, Dale Bengston wrote:
>>
>>> I handle this problem by including a config file at the top of my
>>> pages that toggles a whole bunch of constants. These constants
>>> include http vs https, data source, default ports, domain names,
>>> default page (for testing) vs. none (controlled by Apache on live
>>> server), etc. I build all my urls from these constants -
>>> everything uses absolute references, even JavaScript includes,
>>> AJAX calls, image references and CSS files.
>>>
>>> I am currently developing a site that runs on my laptop using
>>> MySQL and http, and when I put the pages live, it "knows" to do
>>> https and use MS SQL Server. No interaction necessary... which is
>>> good because I used to forget to change *something* every time. I
>>> toggle a lot of other things in this config too, like error
>>> reporting, debugging feedback, and so on.
>>>
>>> This was a bit of a hassle to get set up, but it was definitely
>>> worth the effort. Toggling this way not only allows you to work on
>>> different servers, but also different platforms and with different
>>> data sources by flipping a few environment variables. I recently
>>> adapted it to work with SQL Server (yes, FX.php too) so I can spin
>>> in yet another direction.
>>>
>>> Dale
>>>
>>>
>>> On Dec 7, 2009, at 7:44 PM, Joel Shapiro wrote:
>>>
>>>> Hi again
>>>>
>>>> Having full https... links makes it difficult to have a copy of
>>>> the site on my development machine and be able to just copy pages
>>>> over to the client's server (href="https://localhost/login.php"
>>>> vs href="https://client.com/login.php")
>>>>
>>>> Using the php script from that link below seems to work really
>>>> well.
>>>>
>>>> Can anybody see any reasons why it might be a bad/unsafe idea to
>>>> use it? This way, I can keep all my links relative, and the
>>>> login and checkout pages will still *always* be https.
>>>>
>>>> <?php
>>>> if ($_SERVER['SERVER_PORT']!=443)
>>>> {
>>>> $url = "https://". $_SERVER['SERVER_NAME'] . ":443".
>>>> $_SERVER['REQUEST_URI'];
>>>> header("Location: $url");
>>>> }
>>>> ?>
>>>>
>>>> (I suppose I could use a variable for the domain with https
>>>> links, but I kinda like this script)
>>>>
>>>> -Joel
>>>>
>>>>
>>>> On Dec 7, 2009, at 4:45 PM, Joel Shapiro wrote:
>>>>
>>>>> Thanks everybody
>>>>>
>>>>> It's good to hear that SSL doesn't really slow things down too
>>>>> much. I think I'll make the links to the login & checkout pages
>>>>> full https... links, and then let users stay in https via
>>>>> relative links to other pages on the site.
>>>>>
>>>>> FWIW: I had been thinking of checking in the PHP, via something
>>>>> like this:
>>>>> <http://www.iis-aid.com/articles/how_to_guides/three_methods_redirect_http_https
>>>>> >
>>>>>
>>>>> Best,
>>>>> -Joel
>>>>>
>>>>>
>>>>>
>>>>> On Dec 7, 2009, at 4:29 PM, Troy Meyers wrote:
>>>>>
>>>>>>> ...The thing about loading the page (say from a menu link)
>>>>>>> under https is
>>>>>>> that the user could come from anywhere...
>>>>>>
>>>>>> On our site I use a Rewrite Rule to force every page to be
>>>>>> https regardless of how it's approached.
>>>>>>
>>>>>> When we switched to this there was no noticeable slowdown. For
>>>>>> us it's a good idea because every page has a little log in box
>>>>>> (just so you can log in from any page an stay on the same page)
>>>>>> and some users want their username prefilled in the box, and I
>>>>>> don't want to be sending anything like that out in the clear.
>>>>>> AND, as Bob said, people seem to like that "warm feeling" of
>>>>>> already being secure.
>>>>>>
>>>>>> -Troy
>>>>>>
>>>>>> _______________________________________________
>>>>>> FX.php_List mailing list
>>>>>> FX.php_List at mail.iviking.org
>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list
More information about the FX.php_List
mailing list