PHP Forcing a User to Use SSL-Encrypted Pages

Dec 06, 2009 Author: makedon

When handling credit card information, you want to guarantee that all card information always goes through an SSL (Secure Socket Layer) connection.

If a user types www.example.com in his web browser, he gets http://www.example.com/, not https://www.example.com/. This isn't a problem if all of your forms specifically refer to pages under https://www.example.com/ but it's difficult to ensure that and to maintain it if your hostname happens to change.

Here is a simple function to see if a user is connecting via SSL or not:

function is_SSL() {
    /* Checks to see whether the page is in secure mode */
    if ($_SERVER['SERVER_PORT'] == "443") { 
        return true;
    } else {
        return false;
    }
}

This function works by checking the port through which the client connected to the server (SSL is port 443). If the access is not secure and it should be, you can use $_SERVER['PHP_SELF'] and the header() function described in the preceding section to redirect to a secure version of the page.


views 3632
  1. Add New Comment

gravatar
Lilly
December 6,2009 at 18:17:15
Lol very nice tip really short and fast way for checking. Continue with good work