Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

Force HTTPS for certain pages otherwise force HTTP

+6 votes
535 views
asked May 12, 2014 in Q2A Core by Richard Prestone

I've seen this question in old posts but it never seems to get answered in full. I'd like to force https connections for login page and register but plain http for everything else. Gidgreen suggested the following which forces https correctly but the rest of the site is then accessed over https instead of http. I've also tried doing it in .htaccess but I keep introducing loops.

Any help would be appreciated.

 

function doctype() 

  if ( 
    ( ($this->template=='login') || ($this->template=='register') ) && 
    (!qa_is_http_post()) && 
    (!qa_is_https_probably()) 
  ) { 
    // your code to redirect to https page... 
    exit; 
  }

  qa_html_theme_base::doctype(); 
}

Q2A version: 1.6.3
commented May 14, 2014 by Scott
Why not just have the whole site HTTPS?
commented May 23, 2014 by Richard Prestone
Scott, that's a good point and is an option. I'm not sure how much that would affect page load times for uneccessary https pages. I'm sure with modern processors it wouldn't make a lot of difference but not sure how it would affect hosted web server if I get a lot of concurrent connections.

1 Answer

+1 vote
answered Mar 16, 2015 by Huy Nguyen 1

I face the same problem, and to avoid that, I wrote a small plugin to override a function and redirect to https or http. Basically, it will check: 

  • if the page need to use https and is using http: redirect to https
  • if the page need to use http and is using https: redirect to http
  • otherwise, continue

Note: You must enable both http and https for your website.

function qa_get_request_content()
{
//    echo "Test call";
    $forced_https_pages = array('login', 'register', 'user', 'admin');
    $is_forced_https = in_array(qa_request_part(0), $forced_https_pages) ? true : false;
    if ($is_forced_https && !qa_is_https_probably()) {
        header('Location: ' . "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
        die();
    } else if (!$is_forced_https && qa_is_https_probably()) {
        header('Location: ' . "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
        die();
    } else {
        return qa_get_request_content_base();
    }
}

There are 2 problems:

  1. If user login by the login form (http page) then it will redirect to Login page (https page) instead of login immidiately.
  2. I'm not sure qa_get_request_content is the right function to redirect.
...