William Raymond
|
| Posted: 04/15/2002, 11:24 AM |
|
Hello,
I have been wrestling with integrating SSL into certain pages I am designing
with CodeCharge. The biggest challenge? Having one or two out of a whole
bunch of pages display with SSL using the "HTTPS://" nomenclature.
CodeCharge does not facilitate this, but you can write special code. The
problem is, an SSL page is like any other, so one incorrectly typed link
(HTTP://) and the customer could potentially have their credit card
information stolen.
The solution? Write code in the "ON OPEN" event of any page that requires
SSL that simply gets the servername, path and associated parameters and
re-build the web address by replacing "HTTP://" with "HTTPS://". If a link
points to your SSL page properly, then just display it.
The solution below is for ASP but can easily be written for PHP or any other
language. This code can be used freely (but mention of my name is always
nice 
'---------------
' If the customer enters this site without an "HTTPS" in the header, then
' send change the URL so it displays the "HTTPS://" header and
' re-load the page.
'
' WRITTEN BY: Bill Raymond / Office Collaborators, Inc. /
braymond@officecollab.com
' WRITTEN ON: 4/15/2002
' NOTES: This code does not take ports into consideration. If you want to
add that functionality, use
' the "SERVER_PORT" Server Variable. For complex/custom
URL's, use the "ALL_HTTP"
' server variable and search the string for the initial
protocol, then replace.
'---------------
IF Request.ServerVariables("HTTPS") = "off" THEN
Response.Redirect "HTTPS://" & Request.ServerVariables("server_name") &
Request.ServerVariables("URL") & "?" &
Request.ServerVariables("query_string")
END IF
-Bill
--
Bill Raymond
Microsoft MVP
braymond@officecollab.com
Office Collaborators, Inc.
http://www.mvps.org/project/
|
|
|
 |
|
