Forum Moderators: phranque
My site uses a basic header.php file that is included at the top of every page.
Within my site, there is a shopping cart page that is secured with a shared SSL certificate.
(so the page looks like [myhost.com...]
rather than www.mysite.com
I have recently used mod_rewrite to redirect,
[mysite.com...] to
[mysite.com?showitem.php?pid=123456...]
(which by the way, worked GREAT for the search engines).
So now, I have run into 2 problems:
(1) My showitem.php page (and header.php file) has problems loading images properly because they are now referenced at [mysite.com...] instead of www.mysite.com/pics/image.jpg.
I can change these to absolute links (the full path) BUT......
(2) when I make the absolute path, I will get the 'this page contains both secure and insecure items' when users are taken to the shopping cart page, because it is loading images from a direct link.
Any ideas on the best way to handle this?
Thanks,
Neil
-----
RewriteEngine on
RewriteBase /
RewriteRule ^pid\/(.*) /showitem.php?pid=$1
-----
converts
mysite.com/pid/123456 to mysite.com/showitem.php?pid=123456
Just quickly, I'd say you should either leave the "pid" in the rewritten file path and put the script in that subdir (or maybe use a symbolic link to make it look like it's there), or add a second redirect to redirect the image requests as well.
I'm not a secure servers expert, but it's a very good idea to keep all files at or below the URL/directory level where the security was invoked, and avoid any redirection after that point... Basically, it helps if you "keep all files together in directories at or below the level where "authorization" took place, and don't try to make references to files "above" that level or outside the originating domain at all.
Hopefully, this'll get you thinking about the authorization procedure and where and in what order things should happen, even if it's not very useful... :(
Jim
