Re: checking for and enforcing https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-02-26 at 10:56 -0500, tedd wrote:
> At 10:24 AM -0500 2/26/08, Robert Cummings wrote:
> >On Tue, 2008-02-26 at 10:16 -0500, tedd wrote:
> >  > Then a user wants to purchase something and I direct them to a unique
> >>  script in the https directory and that script takes their sensitive
> >>  data and finalizes the sale. What's wrong with that?
> >
> >Nothing. But you do need to manage what files show up in which
> >directories. Me, I just put them all into a shop directory or whatnot
> >and check what protocol is required for access. Then I only need to
> >manage one directory when updating the code.
> >
> >>  Why would I also want to check if "that a page is accessed only via a
> >>  secure connection?"
> >
> >Because you're restricting based on access, not based on directory
> >structure.
> 
> 
> Ahhh, I see (I think).
> 
> I've been using the actual directories for my scripts, when I don't 
> really need to do that. I could do it automagically with code. That 
> would certainly make my work organization a bit easier.
> 
> So, let's say I wanted script "secure.php" to be forced to use https 
> -- do I use something like what Dan provided, namely?
> 
> <?
>      if($_SERVER['SERVER_PORT'] != '443') {
>          $url = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] :
> $_SERVER['SERVER_NAME'];
>          header("Location:
> https://".$url.$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']);
>          exit;
>      }
> ?>
> 
> I know I could test the code for myself, but this is quicker.

This is almost right, but you're presuming that HTTPS must be served
over port 443. It is the most likely port, but not always the case when
browsing an intranet. What you really want to check is:

    $_SERVER['HTTPS'] == 'on'

Cheers,
Rob.
-- 
.------------------------------------------------------------.
| InterJinn Application Framework - http://www.interjinn.com |
:------------------------------------------------------------:
| An application and templating framework for PHP. Boasting  |
| a powerful, scalable system for accessing system services  |
| such as forms, properties, sessions, and caches. InterJinn |
| also provides an extremely flexible architecture for       |
| creating re-usable components quickly and easily.          |
`------------------------------------------------------------'

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux