[Eclug] Looking for PHP resource lists?

  • Previous message: [Eclug] Looking for PHP resource lists?
  • Next message: [Eclug] Looking for PHP resource lists?
    • R. Mariotti r.mariotti at fdcx.net
    Wed Jul 26 10:00:11 EDT 2006

     

    Jason Morrill wrote:
> Hi Bob,
> 
> I don't have an answer but I have a question. How are you getting a PHP 
> session to leap from HTTP to HTTPS ?? Or aren't you and that's the trouble?
> 
> jason m
> 
> 
> Bob Mariotti wrote:
>>
>> I'm currently working on a PHP app that deals with a lot of different 
>> functions (screens that is).   Most of these functions are non-secured 
>> and work just fine.    However, when the time comes to collect 
>> sensitive info such as credit card information it must be handled 
>> securely.    On my servers I support named virtual hosts therefore 
>> only ONE of those virtual servers is SSL.   So, when I am about to 
>> deliver one of these "secured" pages I code the SSL site on the 
>> action= tag on the form 
>> (i.e."https://$known-ssl-server-name/$PHP_SELF")  which does get me 
>> there (sort of).
>>

Hi All;

For those who MIGHT be interested, here is the results of this dilemma:

I WAS able to accomplish what I set out to do by using the 
"header(location:...)" function from within my PHP program.

The PROBLEM was that I apparent could NOT output to a secured session 
when my current session was NOT secured.  So what I did was insert a 
logic block within the code that gets executed upon the detection of a 
certain URL decoded field combo.  When executed it constructed the 
desired page.

An example would be:   within my non-secured session when I desired to 
have my next page on the secured server I issued the following command:

header(location:https://secured_server_name/program.php?s=3&t=4
exit;

This tells apache to load and run the referenced program from the 
referenced site.  What that program starts it extracts the values of "s" 
and "t" from the URL and if the values equal "3" and "4" respectively, 
then output the desired page.

I use the same technique to get back to the non-secured page but 
referencing the non-secured server name and use different values for s 
and t.

Works like a charm.  In fact, I defined the various server name values 
externally and include them in the program to the logic works for 
several named servers transparently.

I feel "enlightened".

Hope this tidbit helps someone.  And, of course, if there is a better 
way I certainly would like to hear/read about it.  As always, I'm eager 
to learn.

Bob

     

     

    More information about the ECLUG mailing list