I have a whole series of mod_rewrites in my .htaccess file like this…
#--------------
#PRETTY: account/profile/JohnDoe/about-me
#UGLY: account/profile.php?user=JohnDoe&tab=about-me
#Rewrite only if the request is not pointing to a real file.
RewriteCond %{REQUEST_FILENAME} !-f
#Match valid Usernames, and any Tab Name. PHP will determine if Tab Name is valid.
RewriteRule account/profile/((.+)/)?(.+)?$ account/profile.php?user=$2&tab=$3 [L]
#--------------
#PRETTY: account/send-pm/JohnDoe
#UGLY: account/send-pm.php?user=JohnDoe
#Rewrite only if the request is not pointing to a real file.
RewriteCond %{REQUEST_FILENAME} !-f
#Match valid Usernames.
RewriteRule account/send-pm/(.*)$ account/send-pm.php?user=$1 [L]
#--------------
# SHOW ARTICLE
#PRETTY: finance/tax-season/saves-your-taxes-for-a-cpa
#UGLY: articles/article.php?section=finance&subsection=tax-season&article=saves-your-taxes-for-a-cpa
#Rewrite only if the request is not pointing to a real file.
RewriteCond %{REQUEST_FILENAME} !-f
#Match any kind of Section, Subsection and Article. PHP will decide if it's valid or not.
RewriteRule (.+)/(.+)/(.+)$ articles/article.php?section=$1&subsection=$2&article=$3 [L]
It would seem that I would want to place the code you gave me as the last few lines of my .htaccess.
My thinking being that first I would want the mod_rewrites to take the “Pretty URLs” and turn them into something Apache can use, and then as a last step, rewrite the “Ugly URL” with an https: at the beginning.
For example, this Pretty URL…
http://www.Debbie.com/finance/tax-season/saves-your-taxes-for-a-cpa
…would first get changed to…
http://www.Debbie.com/articles/article.php?section=finance&subsection=tax-season&article=saves-your-taxes-for-a-cpa
And then finally your code would kick in and change things to…
[b]https[/b]://www.Debbie.com/articles/article.php?section=finance&subsection=tax-season&article=saves-your-taxes-for-a-cpa
How does that sound?
the R=301 is a flag that tells apache what sort of rewrite/redirect it is. In this case, it’s a 301 redirect.
Isn’t it bad to have a whole bunch of redirects?
For instance, let’s say I forgot to update my PHP code and the BASE_URL constant from http://local.debbie to https://local.debbie.
Would I get penalized by Google for every web page on my website being redirected?! :-/
It will only work where there is an SSL certificate in place. So, in your development environment, you will have to comment it out.
Is there a way to have a “Test SSL Certificate” locally on my test MacBook?
Technically yes, but like I said above, each time you visit an HTTP URL it will be a 301 redirect. So, it might mess up a few things here and there.
That would be the preferred approach.
Or, you can detect HTTPS using PHP:
$protocol=((isset($_SERVER['HTTPS']) || $_SERVER['HTTPS']==true)) ? 'https://' : 'http://';
$url = $protocol.$_SERVER['HTTP_HOST'];
echo '<a href="'.$url.'">clickme</a>';
Am I going to have to go through all of my code base and make sure that I have the constant BASE_URL prepended to every URL?? :-/
For example, I am thinking I can no longer have code like this…
<?php echo "<p id='breadcrumb'><a href='/'>Home</a> > <a href='/$sectionSlug/'>$sectionName</a> > <a href='/$sectionSlug/$subsectionSlug/'>$subsectionName</a> > $heading</p>"; ?>
Yes or no?
(If not, that would suck, because it is so much easier and prettier to just use the HTML root like /$sectionSlug/$subsectionSlug/)
Also, from a security standpoint, do I have to add new code at the top of every script, and “sanitize” my URL’s to make sure they load as…
https://
If I am going to make every page encrypted, I want to be sure I implement things 110% correctly, so there are NO security holes!!!
Sincerely,
Debbie