Have a PHP Lead Site.. Problem with SSL mixed content

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
jon121970
Forum Newbie
Posts: 1
Joined: Sun Dec 14, 2008 10:19 am

Have a PHP Lead Site.. Problem with SSL mixed content

Post by jon121970 »

Hi everyone..

I'm new to PHP I need some help please!

Ok.. I've got a lead generation website built in PHP.. I have an SSL certificate. When I just type in the address: (example: https://www.loan.com), I get a 'your page contains secure and non secure content' message.

I dont want to load the entire site using SSL because it would be too slow.

Is there a way to load the page normally(example: http://www.loan.com), but.. when the visitor clicks on a link to apply for a loan.. it would reload: http://www.loan.com, along with the form for the visitor to fill out to apply for the loan.

That form is: quote.php, so when the page loads.. it would load the website normally but.. would then load the 'quote form' in SSL ?

Is this possible?

Any help would be greatly appreciated.
SteveC
Forum Commoner
Posts: 44
Joined: Thu Dec 04, 2008 2:39 pm
Location: Lansing, MI

Re: Have a PHP Lead Site.. Problem with SSL mixed content

Post by SteveC »

I had this very problem.

I created a variable at the beginning of every script, just before the config/init script is included called $securepage.

If the page was meant to host via HTTPS I'd set $securepage to true, otherwise I'd set it to false.

Then, config.php would check to see if the page requested was requested via HTTPS. If it was but wasn't specified in $securepage, config.php would adjust the URL to the non-secure page. And vice versa, if it wasn't secure but should be, it'd adjust the URL to the secure page.

This has worked well for me and saves me having to write in full URLs everywhere.
Post Reply