Page 1 of 1

Check for SSL

Posted: Tue Jun 03, 2008 11:13 am
by Bruno De Barros
I have a register page, an administration page, and an update profile page, where credit cards are dealt with. And I don't want that kind of information to be flowing freely on my website, with the possibility of it being intercepted by 3rd parties.

I am using $_SERVER['HTTPS'] which, on the PHP Manual, is said to not be empty in case the request was made using HTTPS.

I am just wondering, is there a better way to do this?

Re: Check for SSL

Posted: Tue Jun 03, 2008 12:46 pm
by vargadanis
You can always check if the user is https and if not redirect the user to the very same page with HTTPS.
Eg: by examining the $_SERVER['SERVER_PROTOCOL' ] var.

I might have misunderstood what you wrote because it wasn't quite clear what you want to do in a better way. I am just gessing..

Re: Check for SSL

Posted: Fri Jun 13, 2008 10:34 pm
by WebbieDave
The manual also states: " Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol."

You can use something along the lines of:

Code: Select all

function httpsOn() {
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
        return true;
    }
    return false;
}