Verifying https

robsayers

I have a script that I want to verify is server over https before it displays any data.

Can someone point me in the right direction as I'm sorta lost on this one

Thanks.

Mordecai

I'm not positive, but I think that $_SERVER["SERVER_PROTOCOL"] will change to https.

robsayers

that stayed the same... but server_port did change, thanks!

Mordecai

Try running phpinfo() to see what else may change.

robsayers

yeah... thats how I found it, dont know why I didnt think of it before, 8 straight hours of coding + little sleep will do it I guess.

mogster

You can do parse_url($REQUEST_URI), then access the scheme value as:

$chkScheme = parse_url($_SERVER['REQUEST_URI]');
if($chkScheme[scheme] != "https") {
die("Wrong protocol");
## Or do a header location ##
header("Location:https://".$_SERVER['PHP_SELF']."");
}

Note that it is also possible to set wether or not cookie-values are to be sent, in case the protocol happens to be wrongly set in the client:

## This cookie will only be transmitted if the protocol is https ##
$secure = "1";
setcookie("name", $value, $expire,  $path, $domain, $secure);

But the right place to set the request protocol is really in apache - I'll look it up 😉

knutm