Client wants login pages to load via https. This is easily accomplished, but since the site uses pretty url's, we now stay in https mode when clicking around after login is finished. This breaks secure files which are uploaded in the CMS, stored above webroot, and downloaded by streaming through a php script if user has the appropriate permissions. So, we need to switch back to regular http when we're no longer on a login page. Here's what I have in my .htaccess file:
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.domain\.com [NC]
RewriteRule ^(login\.php|members\.php)$ https://%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTP_HOST} ^domain\.com$ [NC]
RewriteRule ^(login\.php|members\.php)$ https://www.%{HTTP_HOST}%{REQUEST_URI}
RewriteCond %{HTTPS} on
RewriteCond %{IS_SUBREQ} false
RewriteRule !^(login\.php|members\.php)$ http://%{HTTP_HOST}%{REQUEST_URI}
Everything is working fine except the last line, which is getting confused by the pretty url's and redirecting to view.php (which handles translating pretty url lookup codes to database id's that are used in the querystring) if I use {REQUEST_URI}, and the homepage if I use $1 or the path.
I need to figure out a way to make this rewrite to switch back to http mode bypass the pretty url rewrite, but I don't know how to get the actual address that was typed in rather than what it was rewritten to by Apache.
Please help and thanks in advance!