HTTPS

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
SheDesigns
Forum Commoner
Posts: 42
Joined: Tue Nov 18, 2008 9:51 am
Location: Buffalo, NY

HTTPS

Post by SheDesigns »

So apparently my client has a secure server.. I have no idea how to utilize that. We're taking social security numbers, so it's a big deal that it is secure.

How do I make a page a HTTPS instead of a regular ol' HTTP?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: HTTPS

Post by kaisellgren »

Mostly things are handled by the server. Not much to do with PHP. You have to ensure that the page is loaded in HTTPS, for instance:

Code: Select all

<?php
function force_ssl()
 {
  if ($_SERVER['SERVER_PORT'] != "443") // HTTPS
   {
    $url = "https://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'].($_SERVER['QUERY_STRING'] ? '?'.$_SERVER['QUERY_STRING'] : '');
    header("Location: $url");
    exit;
   }
 }
force_ssl();
echo <<<HTML
<form method="post">
<input type="text" />
</form>
HTML;
 
?>
That form will be forced to load in HTTPS.
User avatar
arjan.top
Forum Contributor
Posts: 305
Joined: Sun Oct 14, 2007 4:36 am
Location: Hoče, Slovenia

Re: HTTPS

Post by arjan.top »

you have $_SERVER['HTTPS'] too
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: HTTPS

Post by kaisellgren »

arjan.top wrote:you have $_SERVER['HTTPS'] too
Yes. Just remember that on IIS through ISAPI, the value is "off" in case the connection is not HTTPS.
Post Reply