Page 1 of 1

Get Full URL Inc "http://"

Posted: Wed Mar 10, 2004 10:54 am
by gbow
Hi

I need to check whether my user has visited http:// or https:// on my site. I have been trying to gather the url string from the location bar but can only seem to get the parts after the http://. The reason I need this is so that I can redirect to https:// if they have accidentally visited through unsecure http://.

We have the SSL certificate installed but I would appreciate any ideas on how i can get this redirect going.

Cheers

Gbow

Posted: Wed Mar 10, 2004 11:01 am
by m3mn0n
I was wondering about this too. Here is something I grabbed from a Google search:

Code: Select all

<?php
//Determine protocol of web pages 
if( isset ($_SERVER['HTTPS']) && strcasecmp ($_SERVER['HTTPS'],'ON') == 0) 
{
    $conf['protocol'] = 'https://';
} else {
    $conf['protocol'] = 'http://';
} 
?>

Posted: Wed Mar 10, 2004 11:26 am
by gbow
thats cool but could you give me a quick talk through it?
I have just tried using the following - see what you think

-----

// ***GET URL & PUT https:// IN FRONT OF IT TO SET THE URL FOR REDIRECT***

$secure_url = sprintf("%s%s%","https://",$HTTP_HOST,$REQUEST_URI);

// ***CHECK SERVER PORT***

if($SERVER_PORT == 80) {

// ***REDIRECT TO SECURE VERSION OF THE CURRENT URL
Header("Location: $secure_url");

}

-----

$SERVER_PORT gives either 80 or 443 i have found
if its 80 then http:// was typed in
443 = https://

if u can see any glaring problems with this then please let me know!
im not sure about using $SERVER_PORT cos it seems to be using superglobals which im not happy about but i cudnt find another way to get the information. maybe ur way will help with this if u cud explain it to me.

Cheers

Posted: Wed Mar 10, 2004 1:20 pm
by Weirdan
There is HTTPS element set in $_SERVER superglobal on https requests:

Code: Select all

if(isset($_SERVER["HTTPS"])){
  //redirect to https
}else{
  //redirect to http
}
$SERVER_PORT is not an option because you can run Apache at any port you want, even plain http at port 443 ;). Use $_SERVER["HTTPS"] . Or just $HTTPS if you don't like superglobals and have your register_globals turned on (for some weird reason ;) )

A Simple Solution

Posted: Wed Mar 10, 2004 1:30 pm
by Brian
This is not a problem that you should be solving via PHP. You should not have your secure and non-secure pages mapped to the same Web space.

Posted: Thu Mar 11, 2004 3:30 am
by gbow
Thanks for your help guys
I used

if(isset($_SERVER["HTTPS"])){
// do nothing
}else{
// redirect to https
}

this seems to work well - many thanks
the port thing would have worked for us because we control the ports in this case but we wanted a solution we could use for all sites so your idea is better for future use. :D

is there a list anywhere (that you know of) of all the globals similar to the one i used here? because it would be useful to know what superglobals there are. might save me time in future trying to figure stuff like this out. have a nice day.

Gareth

Posted: Thu Mar 11, 2004 6:32 am
by m3mn0n
You can see them all by making a simple script that contains:

Code: Select all

<?php
phpinfo();
?>
And that way you can see all the variables.

Or a more complex way:

Code: Select all

<?php
foreach ($_SERVER as $key => $value)
{
   echo "[". $key. "] is set to [". $value ."]\n";
}
?>
This will just show the $_SERVER variables instead of all the rest of that stuff.

Posted: Thu Mar 11, 2004 8:45 am
by Morpheus
What about:

Code: Select all

<?php
if (strpos ($PHP_SELF, "https://") !== false) {
   // in https:// site
} else {
   // in http:// site
} // end if
?>
You have to use "!== false", because if it finds "https://" it'll probably by at position zero (which amounts to false if you parse it).

Njoy ;)