4


我只想打开我的网站的登录页面https,而不是完整的网站。登录验证(成功)后,网站 whoud 再次运行http

目前我的主要登录页面是test_index.php我包含的地方test_header.php

我的基本代码test_header.php

if($_SERVER['SERVER_PORT'] != 443) {
   header("HTTP/1.1 301 Moved Permanently");
   header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
   exit();
}

但这使https
在此处制作了完整的网站,因此可以通过.htaccess,因此我从中删除了上面的代码片段,并在文件test_header.php中添加了以下行.htaccess

<IfModule mod_rewrite.c>
  RewriteEngine on
  # 301 redirect to domain to 'www.'
  RewriteCond %{HTTP_HOST} ^testweb.com$ [NC]
  RewriteRule ^(.*)$ http://www.testweb.com/$1 [R=301,L]
</IfModule>

<FilesMatch test_index.php>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</FilesMatch>

注意:testweb.com 只是一个虚构的名称,而不是实际的网站

但仍然在 https 上运行完整的网站,请告诉我我在哪里做错了?

编辑

@webbiedave 请检查我更新的代码,这样对吗?

if ($_SERVER['REQUEST_URI'] == '/test_index.php') { // only check https on login
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        header("HTTP/1.1 301 Moved Permanently");
        header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();
    } else {
        die("Sorry,Your website is not secure");        
    }
} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        // header("HTTP/1.1 301 Moved Permanently");
        header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();
}

谢谢

4

1 回答 1

4

不要检查用于验证 https 的端口号,因为 https 位于非标准端口上并非不可能(尽管可能性极小)。相反,检查$_SERVER['HTTPS']变量:

if ($_SERVER['REQUEST_URI'] == '/login.php') { // only check https on login
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        // do login stuff
    } else {
        // redirect to https or simply give an error
    }
} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    // redirect to http
}
于 2011-02-10T07:10:20.493 回答