Page 1 of 1

force the user to utilize https

Posted: Tue Dec 10, 2002 11:07 pm
by soshea
been reading the docs and prior messages in the forum but have not found the answer yet.
is there a way to force the user to utilize https i.e. something at the top of the page to say if not https then exit. i am making a login script but have noticed that the users are capable of accessin the pages i want encrypted with http and https.
any ideas? i looked at the mod_ssl page and only got more confused on the httpd.conf modification.
thanx for any advice!!
sean

found it

Posted: Tue Dec 10, 2002 11:37 pm
by soshea
exactly what i was looking for

Code: Select all

<?php
if ($_SERVER['HTTPS'] !== 'on') {
die("Must be a secure connections");
}
?>

?>

Posted: Wed Dec 11, 2002 9:05 am
by pistolfire99
Hey mate this might just solve some of my problems. Thank you for this small code.

Posted: Wed Dec 11, 2002 9:06 am
by pistolfire99
Hey mate this might just solve some of my problems. Thank you for this small code. Also is there any way you can send them to another page if they are not using https.

Thank You.

Posted: Wed Dec 11, 2002 10:24 am
by soshea
you will want to use header()

Code: Select all

<?php
header('location: http//www.yourpagehere.com');
exit();
?>
but you may also want to inform them of why they were redirected away.

http://www.php.net/manual/en/function.header.php

later
soshea

Posted: Wed Dec 11, 2002 11:39 am
by kcomer
I've been using the SERVER_PORT to check for this, but I like your way much better. Anyone know if this works for IIS or just Apache? I don't have a Windows test server right now.

Posted: Wed Dec 11, 2002 1:49 pm
by soshea
doing this on linux-apache no idea about IIS.
soshea