views:

410

answers:

2

I made a form process and broke the code up into different files to stay clean and organized.

Now I am setting up the form for https security.

Do all the files I pull into my page have to be called as https as well? In which case I can no longer use include(); as it no longer allows relative paths?

Is the solution to use file_get_contents();? Or does only the (master) page itself need to be called as https?

+3  A: 

It sounds like you are confusing terminology. HTTPS is the protocol used to request a page from the server using SSL or TLS encryption. That is separate from how you serve the request.

In your PHP source includes are processed server-side. All of the includes will be done before PHP hands the page off to your web server to be returned over the TLS link.

file.php:

<?php
include 'fileA.php';
include 'fileB.php';
?>

In the example above, the user agent (browser) never sees fileA.php or fileB.php. The page request is returned as a single document. You might request it via https://my-server.com/file.php, in which case that is all you need.

Will Bickford
thank you sir. Someone else had confused me.
chris
+3  A: 

IF the files are on the same server you don't need to change anything.

include("file.php");

Will work just fine.

Also if you were to include a file from a nother https server, as long as you have the tls libraries setup properly, https isn't a problem

include("https://anotherserver.com/file.php");

would work provided the other server serves the PHP and does not execute it.

Byron Whitlock
I thought as of PHP5 include(); with absolute paths dont work... Is including with https an exception?
chris
no. The path on the server is differnt than the path on the web site. so site.com/path might be /home/www/html/site.com/path. Include looks at the path of the servers filesystem.
Byron Whitlock
Absolute paths work with include() in PHP 5.
Frank Farmer