Handling Logo in HTTPS Connection

Let’s see if I can remember/explain this…

In the past I had a Config file that looked like this…


<?php
	define('ENVIRONMENT', 'development');
	//define('ENVIRONMENT', 'production');

	// File Root
	define('ROOT', ENVIRONMENT === 'development'
					? '/Users/user1/Documents/DEV/++htdocs/03_MySite/'
					: '/var/www/vhosts/mysite.com/httpdocs/');

	// Web Server Root
	define('WEB_ROOT', ENVIRONMENT === 'development'
					? 'http://local.dev3/'
					: 'http://www.mysite.com/');

	// Secure Web Server Root
	define('SECURE_WEB_ROOT', ENVIRONMENT === 'development'
					? 'http://local.dev3/'
					: 'https://www.mysite.com/');
?>

So a few months ago I finally learned how to create Virtual Hosts on my laptop so that I didn’t need this silliness above?! :blush:

But one problem still exists…

As I recall, when someone goes to check out on my website, I was getting some error message complaining that a unencrypted image/file was being sent over the HTTPS connection.

To fix this, I did this…


	<div id="header">
		<a href="<?php echo WEB_ROOT ?>index.php">
			<img id="logo" src="<?php echo SECURE_WEB_ROOT ?>images/mylogo_200x50.png"
					 width="200" alt="My Logo" />
		</a>
	</div>

Is there some way that I can get rid of this code so I can totally eliminate my “Config” file? (Obviously I could hard-code in the HTTPS path, but I am wondering - as I re-factor my website - if maybe there is a better approach?!)

Thanks,

Debbie

I usually use a bit of code that checks if the page is HTTPS, and if it does it prints the HTTPS version of the page.

Here is a stripped down version of the code:


$is_https = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']);

function getDomain() {
  if($is_https)
    return 'https://' . WEB_ROOT;
  return 'http://' . WEB_ROOT;
}

And then you can just do something like:


<img src="<?php echo getDomain() ?>/image.png">

This is a stripped down version, but shows the basic idea. I generally have this wrapped up in functions that I just feed some info and it prints out the HTML for the image/script/style/etc.

Where would you put this code…


$is_https = isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']);

I’m not getting how/when/where $_SERVER[‘HTTPS’] gets a value?! :-/

And then you can just do something like:


<img src="<?php echo getDomain() ?>/image.png">

This is a stripped down version, but shows the basic idea. I generally have this wrapped up in functions that I just feed some info and it prints out the HTML for the image/script/style/etc.

Is this code secure from hackers?

Debbie

$_SERVER[‘HTTPS’] is one of the many variables that are already available to you in any PHP script.
see http://php.net/manual/en/reserved.variables.server.php for more information on the other ones.

Here’s a question though, Why are you defining your image URL with the full url anyway? If you used
<img src=“/image.png”> then it would serve from the proper location whether you were using http or https

Good point!

I think this was a downside of my Config file…

Since my Logo was in the Header file which was “included” in all pages in my site, sometimes I needed:

<?php echo WEB_ROOT ?>

and other times I needed

<?php echo SECURE_WEB_ROOT ?>

So I just used this all of the time…

<?php echo SECURE_WEB_ROOT ?>

:blush::blush:

Now that I am using a “Virtual Server”, maybe I don’t need to do that, huh?

Debbie