...

View Full Version : PHP force HTTPS SSL



jeffshead
01-16-2010, 03:21 PM
I add the following code to the tops of certain pages in order to force HTTPS access:


<?php
if($_SERVER["HTTPS"] != "on") {
$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newurl");
exit();
}
?>

The issue I have is that it causes "PHP Notice: Undefined index: HTTPS..." entries in my error log.

I've tried adding isset and !isset to the code, but it did not work since I don't know what the heck I'm doing.

What is the proper code to use? I do not want to change the level of error reporting and I do not want to use @'s.

Thanks!

kbluhm
01-16-2010, 04:19 PM
If you don't have the HTTPS key available in $_SERVER, you could try the SERVER_PORT key, or .htaccess:

$_SERVER['SERVER_PORT']


if ( 80 == $_SERVER['SERVER_PORT'] )
{
// redirect to https
}


.htaccess


RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

jeffshead
01-16-2010, 08:11 PM
@kbluhm

Thank you for your fast reply.

The script I posted works fine. I just wanted to stop the PHP Notice entries in the error log.

I did some more Googling and I'm currently using this:


<?php
if(empty($_SERVER["HTTPS"])) {
$newurl = "https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newurl");
exit();
}
?>

So far it seems to work the same and I do not get any PHP Notices in the error log.

Does my code look OK or is there better syntax?

I really did not want to use .htaccess.

Thanks!



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum