[OT] Using mod rewrite to ensure secure/non secure?



Well, you could do a simple check on s.documenturl at the top of each
file and see if what the URL is. If the s.documenturl variable for
index.mv contains https://, then put up a link that says, "Click Here"
and have it link to index.mv via a http call.

Same with checkout.mv. Check for https:// in s.documenturl, and if it's
not there, make a link that says "click here" that uses the correct URL.

It's quick and dirty and not as elegant as dealing with the .htaccess
file, but it should work.

Example for index.mv:

<MvIF EXPR = "{'https://' CIN s.documenturl}">
Click Here
<MvELSE>
continue with script here
</MvIF>

Scot

<A HREF ="http://www.scotsscripts.com">http://www.scotsscripts.com</A>


Richard Grevers wrote:
> I have a system (non-merchant) with two main scripts in the same folder:
> index.mv and checkout.mv
>
> I want to ensure that checkout.mv is always accessed via https: and
> that index.mv can only be accessed via http: (the latter because my
> common init script detects secure mode and assigns a minimalised
> stylesheet which doesn't have any of the positioning styles needed by
> index - not to mention that index.mv has way too many images to be
> served securely).
>
> The most bulletproof way to do this would be by .htaccess and mod
> rewrite, but I'm not sure how to construct the rewrite rules for these
> cases. Anyone?
>
> Tia
> Richard
>

[OT] Using mod rewrite to ensure secure/non secure?



Why you wouldn't do it in the Miva script I don't know, but if
you want to do it outside just check for the existence of the
HTTPS environment variable. If it is there, then you are secure,
if not then you are not.

I hope that helps.

- Jeff Huber
President 4TheBest eCommerce Solutions
http://4TheBest.com
[email protected]
Office: 760-742-1469
Cell: 760-445-8454
=20


-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Richard Grevers
Sent: Sunday, October 17, 2004 2:11 PM
To: [email protected]
Subject: [meu] [OT] Using mod rewrite to ensure secure/non
secure?


I have a system (non-merchant) with two main scripts in the same
folder:
index.mv and checkout.mv

I want to ensure that checkout.mv is always accessed via https:
and that =20
index.mv can only be accessed via http: (the latter because my
common init =20
script detects secure mode and assigns a minimalised stylesheet
which =20
doesn't have any of the positioning styles needed by index - not
to =20
mention that index.mv has way too many images to be served
securely).

The most bulletproof way to do this would be by .htaccess and mod
rewrite, =20
but I'm not sure how to construct the rewrite rules for these
cases. =20
Anyone?

Tia
Richard

--=20
Richard Grevers
Between two evils always pick the one you haven't tried

[OT] Using mod rewrite to ensure secure/non secure?



Well if you were going to do it in the Miva script, and assuming
we are talking compiled, and assuming we are talking UNIX which
is a fair assumption since we were talking about mod_rewrite as
an option then I suggest something like this:

<MIVA STANDARDOUTPUTLEVEL=3D"">
<MvEVAL EXPR=3D"{ main() }">
<MvEXIT>
<MvFUNCTION NAME=3D"main" STANDARDOUTPUTLEVEL=3D"">
<MvIF EXPR=3D"{ 'https://' CIN s.documenturl NE 1 }">
<MvFUNCTIONRETURN VALUE=3D"{
redirect('http://site.com/path/index.mvc') }">
</MvIF>
<MvFUNCTIONRETURN VALUE=3D"{ main2() }">
</MvFUNCTION>
<MvFUNCTION NAME =3D "main2" STANDARDOUTPUTLEVEL =3D "text,html">
This is were the code is.
</MvFUNCTION>
<MvFUNCTION NAME =3D "Redirect" PARAMETERS =3D "location"
STANDARDOUTPUTLEVEL =3D "">
<MvASSIGN NAME =3D "l.crlf" VALUE =3D "{
asciichar(13)$asciichar(10) }">
<MvASSIGN NAME =3D "l.html" VALUE =3D "{ =20
'<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML
2.0//EN">'=20
$ l.crlf $ '<HTML>' $ l.crlf $ '<HEAD>'=20
$ l.crlf $ '<TITLE>302 Found</TITLE>' =20
$ l.crlf $ '</HEAD><BODY>' $=20
l.crlf $ '<H1>Found</H1>'=20
$ l.crlf $ 'The document has moved <A HREF=3D"'=20
$ l.location $ '">here</A>.

' $ l.crlf $ '<HR>'

$ s.server_signature $ '</BODY>' $ l.crlf $
'</HTML>' $ l.crlf }">
<MvASSIGN NAME =3D "l.null" VALUE =3D "{ miva_output_header(
'Location' , l.location ) }">
<MvASSIGN NAME =3D "l.null" VALUE =3D "{ miva_output_header(
'Content-Type', 'text/html; charset=3Diso-8859-1' ) }">
<MvASSIGN NAME =3D "l.null" VALUE =3D "{ miva_output_header(
'Cache-Control', 'no-cache' ) }">
<MvASSIGN NAME =3D "l.null" VALUE =3D "{ miva_output_header(
'Content-Length', len(l.html) ) }">
<MvEVAL EXPR =3D "{ l.html }">
<MvFUNCTIONRETURN VALUE =3D "">
</MvFUNCTION>

You put your "real code" in main2()

That way they just get sent to the other page without any
hesitation.

- Jeff Huber
President 4TheBest eCommerce Solutions
http://4TheBest.com
[email protected]
Office: 760-742-1469
Cell: 760-445-8454
=20



-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of Scot Ranney
Sent: Sunday, October 17, 2004 2:54 PM
To: Richard Grevers
Cc: [email protected]
Subject: Re: [meu] [OT] Using mod rewrite to ensure secure/non
secure?


Well, you could do a simple check on s.documenturl at the top of
each=20
file and see if what the URL is. If the s.documenturl variable
for=20
index.mv contains https://, then put up a link that says, "Click
Here"=20
and have it link to index.mv via a http call.

Same with checkout.mv. Check for https:// in s.documenturl, and
if it's=20
not there, make a link that says "click here" that uses the
correct URL.

It's quick and dirty and not as elegant as dealing with the
.htaccess=20
file, but it should work.

Example for index.mv:

<MvIF EXPR =3D "{'https://' CIN s.documenturl}">
<a href=3D"http://somedomain.com/index.mv">Click Here</a>
<MvELSE>
continue with script here
</MvIF>

Scot

<A HREF ="http://www.scotsscripts.com">http://www.scotsscripts.com</A>


Richard Grevers wrote:
> I have a system (non-merchant) with two main scripts in the
same folder:
> index.mv and checkout.mv
>=20
> I want to ensure that checkout.mv is always accessed via https:
and=20
> that index.mv can only be accessed via http: (the latter
because my=20
> common init script detects secure mode and assigns a
minimalised=20
> stylesheet which doesn't have any of the positioning styles
needed by=20
> index - not to mention that index.mv has way too many images
to be=20
> served securely).
>=20
> The most bulletproof way to do this would be by .htaccess and
mod=20
> rewrite, but I'm not sure how to construct the rewrite rules
for these=20
> cases. Anyone?
>=20
> Tia
> Richard
>=20

[OT] Using mod rewrite to ensure secure/non secure?



And if you don't have "miva_output_header" since you do have ".mv"s (engi=
ne
v3.97)
then you could still try HTML meta-tags, they mostly work. Or Javascript=
is
another option to do redirection.


Best,
Mikl=F3s


----- Original Message -----
From: "Jeff Huber - Listmail" <[email protected]>
To: "'Scot Ranney'" <[email protected]>; "'Richard Grevers'"
<[email protected]>
Cc: <[email protected]>
Sent: Monday, October 18, 2004 6:36 AM
Subject: RE: [meu] [OT] Using mod rewrite to ensure secure/non secure?


Well if you were going to do it in the Miva script, and assuming
we are talking compiled, and assuming we are talking UNIX which
is a fair assumption since we were talking about mod_rewrite as
an option then I suggest something like this:

[stuff removed ]


- Jeff Huber
President 4TheBest eCommerce Solutions
http://4TheBest.com
[email protected]
Office: 760-742-1469
Cell: 760-445-8454