Check for SSL

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Bruno De Barros
Forum Commoner
Posts: 82
Joined: Mon May 12, 2008 8:41 am
Location: Ireland

Check for SSL

Post by Bruno De Barros »

I have a register page, an administration page, and an update profile page, where credit cards are dealt with. And I don't want that kind of information to be flowing freely on my website, with the possibility of it being intercepted by 3rd parties.

I am using $_SERVER['HTTPS'] which, on the PHP Manual, is said to not be empty in case the request was made using HTTPS.

I am just wondering, is there a better way to do this?
User avatar
vargadanis
Forum Contributor
Posts: 158
Joined: Sun Jun 01, 2008 3:48 am
Contact:

Re: Check for SSL

Post by vargadanis »

You can always check if the user is https and if not redirect the user to the very same page with HTTPS.
Eg: by examining the $_SERVER['SERVER_PROTOCOL' ] var.

I might have misunderstood what you wrote because it wasn't quite clear what you want to do in a better way. I am just gessing..
WebbieDave
Forum Contributor
Posts: 213
Joined: Sun Jul 15, 2007 7:07 am

Re: Check for SSL

Post by WebbieDave »

The manual also states: " Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol."

You can use something along the lines of:

Code: Select all

function httpsOn() {
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
        return true;
    }
    return false;
}
Post Reply