i want to open login page of my website with https
only,not the comeplete website. after login authenication ( successful), website whoud again run on http
.
currently my main login page is test_index.php
where i included test_header.php
my basic code on test_header.php
is
if($_SERVER['SERVER_PORT'] != 443) {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
but this make complete website in https
i also read here that it can be possible via .htaccess
, so i remove above code snippet from test_header.php
and add the following lines in .htaccess
file and
<IfModule mod_rewrite.c>
RewriteEngine on
# 301 redirect to domain to 'www.'
RewriteCond %{HTTP_HOST} ^testweb.com$ [NC]
RewriteRule ^(.*)$ http://www.testweb.com/$1 [R=301,L]
</IfModule>
<FilesMatch test_index.php>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</FilesMatch>
Note: testweb.com is just an imaginary name, not actual website
but still complete website run on https, please tell me where i m doing mistake??
Edit
@webbiedave please check my updated Code , is that right way??
if ($_SERVER['REQUEST_URI'] == '/test_index.php') { // only check https on login
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
} else {
die("Sorry,Your website is not secure");
}
} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
// header("HTTP/1.1 301 Moved Permanently");
header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
Thanks
Don't check the port number for verifying https as it's not impossible -- although highly unlikely -- for https to be on a non-standard port. Rather, check the
$_SERVER['HTTPS']
variable: