dongmian5325 2014-11-25 05:04
浏览 72

每个页面上的PHP函数导致重定向循环

I am working with non-profit on an application that was built by someone else earlier this year. The site needs to be secure, so I worked with their host to get a SSL cert installed. I understand that updating the .htaccess server file would be easier to perform the redirect, but our engagement ends in about 3 weeks. It has been difficult getting the requirements fed through the non-profit customer contact to host company. As an alternative, I would like to have a php based redirect in place just in case.

This is the beginning section on the apps header page included on all pages. We have 3 test servers with different domains and a production domain. I have added a condition so the redirect will not occur when running locally. When I call the function with my condition causes a redirect loop on the test servers (they have SSL certs). Can someone help with what I can not quite figure out? Thanks.

Or does any know if the apache .htaccess file can be updated as a customer user with Dreamhost?

<?php 

function redirectToHTTPS() {
    if($_SERVER['HTTPS']!="on") {
        $redirect= "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
        header("Location:$redirect");
    }
}


$serverList = array('localhost', '127.0.0.1');
if(!in_array($_SERVER['HTTP_HOST'], $serverList)) {
    redirectToHTTPS();
}

ob_start();
    include ($_SERVER['DOCUMENT_ROOT'].'/rmhcOmahaTeam/config/paths.php');
    include ($_SERVER['DOCUMENT_ROOT'].'/rmhcOmahaTeam/config/db_connect.php');
?>
  • 写回答

1条回答

  • doqvzh345334 2014-11-25 05:32
    关注

    Your problem lies here:

    $serverList = array('localhost', '127.0.0.1');
    if(!in_array($_SERVER['HTTP_HOST'], $serverList)) {
        redirectToHTTPS();
    }
    

    What this code says is "if the HTTP_HOST variable is localhost or 127.0.0.1, then redirect to the SSL site". Then, in the redirectToHTTPS() function, you're redirecting to the exact same HTTP_HOST you were checking against. So, basically, what you are saying is:

    if (true) {
        redirectToHTTPS();
    }
    

    You need to be checking the protocol, not the HTTP_HOST:

    define('HTTPS', isset($_SERVER['HTTPS']) && filter_var($_SERVER['HTTPS'], FILTER_VALIDATE_BOOLEAN));
    if ( ! HTTPS) {
        redirectToHTTPS();
    }
    
    评论

报告相同问题?

悬赏问题

  • ¥50 汇编语言除法溢出问题
  • ¥65 C++实现删除N个数据列表共有的元素
  • ¥15 Visual Studio问题
  • ¥15 state显示变量是字符串形式,但是仍然红色,无法引用,并显示类型不匹配
  • ¥20 求一个html代码,有偿
  • ¥100 关于使用MATLAB中copularnd函数的问题
  • ¥20 在虚拟机的pycharm上
  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波
  • ¥15 针对曲面部件的制孔路径规划,大家有什么思路吗