Alain Roger wrote:
> Richard,
>
> as i wrote you before, i've gotthe following suggestion to implement before
> to run the rest of my PHP code.
>
> if($_SERVER['HTTPS']!='on')
> {
> header('location:https://www.mysite.com');
> exit;
> }
> ...
>
> but i do not know if it's enough.
it is enough - but I'd like to clean it up for you just a tiny bit:
1. use isset on thwe var your checking
2. strtolower() the var your checking to cover your ass on even the weirdest
webserver SAPIs (I have seen the values of 'On' and 'on' for $_SERVER['HTTPS'])
3. 'Location: ' not 'location:' (1 more 'location' and I'm a realestate agent, ack dang too late ;-)
if(!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
header('Location: https://www.mysite.com');
exit;
}
>
> Alain
>
>
> On 12/2/06, Richard Lynch <ceo@xxxxxxxxx> wrote:
>>
>> On Sat, December 2, 2006 2:17 am, Alain Roger wrote:
>> > I would like to know how can i be sure to make customer use the SSL
>> > all the
>> > time.
>> > all the time in my PHP code, i write links as relative links, so
>> > without
>> > HTTPS.
>> >
>> > I was thinking to check everything if the port is the SSL port
>> > (default :
>> > 443), but it does not mean that protocol is HTTPS.
>> > So, how do you ensure that customer uses SSL protocol all the time ?
>>
>> I was asking myself that same question last week, but I searched on
>> http://php.net for the answer.
>>
>> Did you try that?
>>
>> :-)
>>
>> --
>> Some people have a "gift" link here.
>> Know what I want?
>> I want you to buy a CD from some starving artist.
>> http://cdbaby.com/browse/from/lynch
>> Yeah, I get a buck. So?
>>
>>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
