At 2:09 PM -0500 2/25/08, Daniel Brown wrote:
On Mon, Feb 25, 2008 at 1:40 PM, Rick Pasotto <rick@xxxxxxxx> wrote:
What is the best or recomended proceedure for making sure that a page is
accessed only via a secure connection?
Provided you're running SSL on the standard HTTPS port of 443,
include this at the very top of every file, before any output or
session information is sent. The best option would be to include it
in a file in a switched index.php or similar design.
<?
if($_SERVER['SERVER_PORT'] != '443') {
$url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
$_SERVER['SERVER_NAME'];
header("Location:
https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
exit;
}
?>
--
</Dan>
Sometimes I feel like a child here.
Under what circumstances would one require that?
If your script is in a https directory, isn't that secure? OR, is
this something else?
Please explain.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
