Page 1 of 1
Get Full URL Inc "http://"
Posted: Wed Mar 10, 2004 10:54 am
by gbow
Hi
I need to check whether my user has visited http:// or https:// on my site. I have been trying to gather the url string from the location bar but can only seem to get the parts after the http://. The reason I need this is so that I can redirect to https:// if they have accidentally visited through unsecure http://.
We have the SSL certificate installed but I would appreciate any ideas on how i can get this redirect going.
Cheers
Gbow
Posted: Wed Mar 10, 2004 11:01 am
by m3mn0n
I was wondering about this too. Here is something I grabbed from a Google search:
Code: Select all
<?php
//Determine protocol of web pages
if( isset ($_SERVER['HTTPS']) && strcasecmp ($_SERVER['HTTPS'],'ON') == 0)
{
$conf['protocol'] = 'https://';
} else {
$conf['protocol'] = 'http://';
}
?>
Posted: Wed Mar 10, 2004 11:26 am
by gbow
thats cool but could you give me a quick talk through it?
I have just tried using the following - see what you think
-----
// ***GET URL & PUT https:// IN FRONT OF IT TO SET THE URL FOR REDIRECT***
$secure_url = sprintf("%s%s%","https://",$HTTP_HOST,$REQUEST_URI);
// ***CHECK SERVER PORT***
if($SERVER_PORT == 80) {
// ***REDIRECT TO SECURE VERSION OF THE CURRENT URL
Header("Location: $secure_url");
}
-----
$SERVER_PORT gives either 80 or 443 i have found
if its 80 then http:// was typed in
443 = https://
if u can see any glaring problems with this then please let me know!
im not sure about using $SERVER_PORT cos it seems to be using superglobals which im not happy about but i cudnt find another way to get the information. maybe ur way will help with this if u cud explain it to me.
Cheers
Posted: Wed Mar 10, 2004 1:20 pm
by Weirdan
There is HTTPS element set in $_SERVER superglobal on https requests:
Code: Select all
if(isset($_SERVER["HTTPS"])){
//redirect to https
}else{
//redirect to http
}
$SERVER_PORT is not an option because you can run Apache at any port you want, even plain http at port 443

. Use $_SERVER["HTTPS"] . Or just $HTTPS if you don't like superglobals and have your register_globals turned on (for some weird reason

)
A Simple Solution
Posted: Wed Mar 10, 2004 1:30 pm
by Brian
This is not a problem that you should be solving via PHP. You should not have your secure and non-secure pages mapped to the same Web space.
Posted: Thu Mar 11, 2004 3:30 am
by gbow
Thanks for your help guys
I used
if(isset($_SERVER["HTTPS"])){
// do nothing
}else{
// redirect to https
}
this seems to work well - many thanks
the port thing would have worked for us because we control the ports in this case but we wanted a solution we could use for all sites so your idea is better for future use.
is there a list anywhere (that you know of) of all the globals similar to the one i used here? because it would be useful to know what superglobals there are. might save me time in future trying to figure stuff like this out. have a nice day.
Gareth
Posted: Thu Mar 11, 2004 6:32 am
by m3mn0n
You can see them all by making a simple script that contains:
And that way you can see
all the variables.
Or a more complex way:
Code: Select all
<?php
foreach ($_SERVER as $key => $value)
{
echo "[". $key. "] is set to [". $value ."]\n";
}
?>
This will just show the $_SERVER variables instead of all the rest of that stuff.
Posted: Thu Mar 11, 2004 8:45 am
by Morpheus
What about:
Code: Select all
<?php
if (strpos ($PHP_SELF, "https://") !== false) {
// in https:// site
} else {
// in http:// site
} // end if
?>
You have to use "!== false", because if it finds "https://" it'll probably by at position zero (which amounts to false if you parse it).
Njoy
