I have a register page, an administration page, and an update profile page, where credit cards are dealt with. And I don't want that kind of information to be flowing freely on my website, with the possibility of it being intercepted by 3rd parties.
I am using $_SERVER['HTTPS'] which, on the PHP Manual, is said to not be empty in case the request was made using HTTPS.
I am just wondering, is there a better way to do this?
Check for SSL
Moderator: General Moderators
-
Bruno De Barros
- Forum Commoner
- Posts: 82
- Joined: Mon May 12, 2008 8:41 am
- Location: Ireland
- vargadanis
- Forum Contributor
- Posts: 158
- Joined: Sun Jun 01, 2008 3:48 am
- Contact:
Re: Check for SSL
You can always check if the user is https and if not redirect the user to the very same page with HTTPS.
Eg: by examining the $_SERVER['SERVER_PROTOCOL' ] var.
I might have misunderstood what you wrote because it wasn't quite clear what you want to do in a better way. I am just gessing..
Eg: by examining the $_SERVER['SERVER_PROTOCOL' ] var.
I might have misunderstood what you wrote because it wasn't quite clear what you want to do in a better way. I am just gessing..
-
WebbieDave
- Forum Contributor
- Posts: 213
- Joined: Sun Jul 15, 2007 7:07 am
Re: Check for SSL
The manual also states: " Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol."
You can use something along the lines of:
You can use something along the lines of:
Code: Select all
function httpsOn() {
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
return true;
}
return false;
}