我想只用https打开我网站的登录页面，而不是打开网站。登录验证（成功）后，网站再次运行http。

目前我的主要登录页面为test_index.php，其中包含test_header.php

test_header.php上的基本代码是

if($_SERVER['SERVER_PORT'] != 443) {
   header("HTTP/1.1 301 Moved Permanently");
   header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
   exit();
}

但是这会在https中生成完整的网站我还通过.htaccess阅读了here，因此我可以从test_header.php删除上面的代码段并在.htaccess文件中添加以下行并

<IfModule mod_rewrite.c>
  RewriteEngine on
  # 301 redirect to domain to 'www.'
  RewriteCond %{HTTP_HOST} ^testweb.com$ [NC]
  RewriteRule ^(.*)$ http://www.testweb.com/$1 [R=301,L]
</IfModule>

<FilesMatch test_index.php>
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</FilesMatch>

注意：testweb.com只是一个虚构的名称，而不是实际的网站

但仍然完整的网站运行https，请告诉我我在哪里做错了？

修改

@webbiedave请检查我的更新的代码，这是正确的方法吗？

if ($_SERVER['REQUEST_URI'] == '/test_index.php') { // only check https on login
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        header("HTTP/1.1 301 Moved Permanently");
        header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();
    } else {
        die("Sorry,Your website is not secure");        
    }
} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
        // header("HTTP/1.1 301 Moved Permanently");
        header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
        exit();
}

由于

if ($_SERVER['REQUEST_URI'] == '/login.php') { // only check https on login if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { // do login stuff } else { // redirect to https or simply give an error } } elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { // redirect to http }

使用https仅用于登录页面而不是整个网站

修改

1 个答案: