[FX.php List] [OFF] https per page?

Joel Shapiro jsfmp at earthlink.net
Mon Dec 7 22:09:37 MST 2009 

Got it.  Thanks Dale!

-Joel


On Dec 7, 2009, at 9:06 PM, Dale Bengston wrote:

> The absolute references started because I had clients with weird  
> requirements for where files got stored. With absolute references,  
> you can pretty-much put your parent page(s) anywhere and all the  
> includes will still work. It was the only way I could get my code  
> framework to function across all my clients' environments.
>
>
> On Dec 7, 2009, at 10:17 PM, Joel Shapiro wrote:
>
>> Thanks Dale.  I can definitely see the value in that approach.   
>> I've never needed to be that flexible, but it's something to work  
>> towards.
>>
>> Out of curiosity, do you choose to use absolute references for  
>> everything specifically because of this method, or is there some  
>> other reason you find them preferable to relative references?
>>
>> -Joel
>>
>>
>> On Dec 7, 2009, at 6:32 PM, Dale Bengston wrote:
>>
>>> I handle this problem by including a config file at the top of my  
>>> pages that toggles a whole bunch of constants. These constants  
>>> include http vs https, data source, default ports, domain names,  
>>> default page (for testing) vs. none (controlled by Apache on live  
>>> server), etc. I build all my urls from these constants -  
>>> everything uses absolute references, even JavaScript includes,  
>>> AJAX calls, image references and CSS files.
>>>
>>> I am currently developing a site that runs on my laptop using  
>>> MySQL and http, and when I put the pages live, it "knows" to do  
>>> https and use MS SQL Server. No interaction necessary... which is  
>>> good because I used to forget to change *something* every time. I  
>>> toggle a lot of other things in this config too, like error  
>>> reporting, debugging feedback, and so on.
>>>
>>> This was a bit of a hassle to get set up, but it was definitely  
>>> worth the effort. Toggling this way not only allows you to work on  
>>> different servers, but also different platforms and with different  
>>> data sources by flipping a few environment variables. I recently  
>>> adapted it to work with SQL Server (yes, FX.php too) so I can spin  
>>> in yet another direction.
>>>
>>> Dale
>>>
>>>
>>> On Dec 7, 2009, at 7:44 PM, Joel Shapiro wrote:
>>>
>>>> Hi again
>>>>
>>>> Having full https... links makes it difficult to have a copy of  
>>>> the site on my development machine and be able to just copy pages  
>>>> over to the client's server (href="https://localhost/login.php"  
>>>> vs href="https://client.com/login.php")
>>>>
>>>> Using the php script from that link below seems to work really  
>>>> well.
>>>>
>>>> Can anybody see any reasons why it might be a bad/unsafe idea to  
>>>> use it?  This way, I can keep all my links relative, and the  
>>>> login and checkout pages will still *always* be https.
>>>>
>>>> <?php
>>>> if ($_SERVER['SERVER_PORT']!=443)
>>>> {
>>>> $url = "https://". $_SERVER['SERVER_NAME'] . ":443". 
>>>> $_SERVER['REQUEST_URI'];
>>>> header("Location: $url");
>>>> }
>>>> ?>
>>>>
>>>> (I suppose I could use a variable for the domain with https  
>>>> links, but I kinda like this script)
>>>>
>>>> -Joel
>>>>
>>>>
>>>> On Dec 7, 2009, at 4:45 PM, Joel Shapiro wrote:
>>>>
>>>>> Thanks everybody
>>>>>
>>>>> It's good to hear that SSL doesn't really slow things down too  
>>>>> much.  I think I'll make the links to the login & checkout pages  
>>>>> full https... links, and then let users stay in https via  
>>>>> relative links to other pages on the site.
>>>>>
>>>>> FWIW: I had been thinking of checking in the PHP, via something  
>>>>> like this:
>>>>> <http://www.iis-aid.com/articles/how_to_guides/three_methods_redirect_http_https 
>>>>> >
>>>>>
>>>>> Best,
>>>>> -Joel
>>>>>
>>>>>
>>>>>
>>>>> On Dec 7, 2009, at 4:29 PM, Troy Meyers wrote:
>>>>>
>>>>>>> ...The thing about loading the page (say from a menu link)  
>>>>>>> under https is
>>>>>>> that the user could come from anywhere...
>>>>>>
>>>>>> On our site I use a Rewrite Rule to force every page to be  
>>>>>> https regardless of how it's approached.
>>>>>>
>>>>>> When we switched to this there was no noticeable slowdown. For  
>>>>>> us it's a good idea because every page has a little log in box  
>>>>>> (just so you can log in from any page an stay on the same page)  
>>>>>> and some users want their username prefilled in the box, and I  
>>>>>> don't want to be sending anything like that out in the clear.  
>>>>>> AND, as Bob said, people seem to like that "warm feeling" of  
>>>>>> already being secure.
>>>>>>
>>>>>> -Troy
>>>>>>
>>>>>> _______________________________________________
>>>>>> FX.php_List mailing list
>>>>>> FX.php_List at mail.iviking.org
>>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>>
>>>>> _______________________________________________
>>>>> FX.php_List mailing list
>>>>> FX.php_List at mail.iviking.org
>>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>>
>>>> _______________________________________________
>>>> FX.php_List mailing list
>>>> FX.php_List at mail.iviking.org
>>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
>
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list