detecting protocal and redirecting to https

I know of two methods to verify the protocal, Im just wondering which one is more efficient

if ($_SERVER["HTTPS"] == "off")
// DO THIS

if($_SERVER["SERVER_PORT"] != "443")
// DO THIS

Thanks
prowebinteractiveincAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

prerakgCommented:
Efficient in which manner? These are simply if statements. Both look good to me depending on the case.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
fundacionrtsAdministrador de SistemasCommented:
If you use

if($_SERVER["SERVER_PORT"] != "443")

you always must have your https webs under 443 tcp port and this is not always true. Sometimes, tcp ports like 8443 are used to https.

You can use $_SERVER["SERVER_PROTOCOL"] and search inside for http or https
Lalit ChandraCommented:
According to the Standards:

'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_PORT'
The port being used on the user's machine to communicate with the web server.

So,If you are using IIS then the above (fist) one is ok.other wise the value will be empty.
In case of PORT, if you use default port to install SSL Certificate,the above code(second) is good,other wise you have to know the port on which your site is working.

So,Which should you use,it tatally depends on you.Both of it will work in the same context.
Why Diversity in Tech Matters

Kesha Williams, certified professional and software developer, explores the imbalance of diversity in the world of technology -- especially when it comes to hiring women. She showcases ways she's making a difference through the Colors of STEM program.

Ray PaseurCommented:
This is my teaching example of how to get HTTPS only.  HTH, ~Ray
<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://us2.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

designatedinitializerCommented:
Notice that Ray's solution won't work in IIS, which is the case in question ...
YES, in IIS, this:

$_SERVER['HTTPS']=='off'

...will return TRUE if the request was not for https.

NO, you must not rely on the port number.
This is a matter of efficacy, not efficiency, as both things you are trying to compare are exactly the same from an efficiency (memory, processing) point of view.
It's a matter of efficacy, because one method (port number) will fail more often than the other.
Ray PaseurCommented:
From the question, I did not get that this was IIS (and I would never use IIS anyway), but if it is a question for IIS, maybe someone can take my code which works correctly on *nix systems and show the Asker how it can be done in IIS.  @prowebinteractiveinc: You might save yourself some time if you run this script (shown here in its entirety) on both HTTP and HTTPS platforms and compare the output carefully.  The parts you want to see are likely to be near the bottom of the output.
<?php phpinfo();

Open in new window

Best to all, over-and-out, ~Ray
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.