I am helping to build a website for a church, and the website will allow members of the congregation to register, create profiles, and view member-only areas as well as public areas.
We bought an SSL certificate with GoDaddy, and I was able to use some code in an .htaccess file to switch the entire webiste to HTTPS - which is really neat to see in action - but I don’t know how to switch back in forth between the too.
GoDaddy is lame in that the clearly state they will not help with “scripting”, so even though they took our money for the SSL certificate, they aren’t very helpful in helping us getting it to work like needed?!
I was just going to do this in the .htaccess file and leave SSL on permanently, but then I found out that if I do that, our website will never get indexed by Google?!
I am not exactly sure what you are trying to accomplish, but generally all you need to do to switch between http and http is to provide an anchor link to the page using https rather than http (to make the transition), when they select a link with https the certificate and encryption on the subsequent page will be encrypted (until such a time they navigate to an http link). An example would be having a “click here to buy” link which uses an absolute https link (to trigger SSL) and once they have completed the purchase you have a “click here to return to the homepage” which has an absolute http link
There just needs to be secured areas like when church members register, log in, or go to member-only areas.
Everything else is public access, though.
but generally all you need to do to switch between http and http is to provide an anchor link to the page using https rather than http (to make the transition), when they select a link with https the certificate and encryption on the subsequent page will be encrypted (until such a time they navigate to an http link). An example would be having a “click here to buy” link which uses an absolute https link (to trigger SSL) and once they have completed the purchase you have a “click here to return to the homepage” which has an absolute http link
Will this work with relative links as well?
I tried this before by changing a constant that I had defined in PHP for our church’s root URL (e.g. OurURL = ‘www.GreatChurch.org’) but it didn’t seem to work.
When I changed the .htaccess file to redirect the entire website to HTTPS it works great, but as I said before, that messes up the ability for search engines to see our site.
It won’t work with relative linking as you don’t add the protocol being used (which would trigger the switch), in the examples above it would work fine, just use an absolute link with https (to go from http to https) and use an absolute link with http (to go from https to http), from that initial link you can go back to relative links (if you wish) as it will continue using the existing protocol in use, spiders naturally follow http links and will naturally ignore https, so it will be fine as the only pages to be ignored will be those subsequently using the https absolute link (and any relative pages only linked to through that)
Relative links aren’t bad, you just need to use absolute links when you switch between protocols like HTTP and HTTPS, all you need to do is change the link which goes to a page needing to be secure to an absolute one using HTTPS, and any going from the secure page back to the normal one to an absolute link using HTTP… nothing else, surely changing a couple of links to absolute ones isn’t hard? All your other links can stay relative, No need to touch PHP whatsoever.
Oh, I agree if I have to type out the absolute link in a few palces it won’t be a major deal, I am just trying to understand why the approach I proposed would not also work.
Maybe I am just calling things the wrong name?
To me, if I define two constants for the URL-root with one having HTTP and the other HTTPS, then…
It probably would work (if the redirection was triggered to force HTTPS) I just don’t see a need for scripting when a simple absolute anchor would suffice
if I define “constants”, then all I have to change is ONE LINE of code when I transfer the website from home development computer to our online “Test” account at GoDaddy, and then once again, only one more line of code needs to be changed going from the “Test” account at GoDaddy to the actual “Live” account at GoDaddy.
If I take your advice, I would possibly have to change dozens of absolute links that were hard-coded, and it is easy to forget to update everything - especially as the website grows in complexity. (There could eventually be dozens of places where users go between HTTP and HTTPS.)
Ah well see, I was not aware that you were testing offline, I would go with whichever is easiest for your development cycle, both methods should work fine and it probably won’t be that much of an impact on the servers resources running the script so it’s really down to what does the job