Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 170
  • Last Modified:

detecting protocal and redirecting to https

I know of two methods to verify the protocal, Im just wondering which one is more efficient

if ($_SERVER["HTTPS"] == "off")
// DO THIS

if($_SERVER["SERVER_PORT"] != "443")
// DO THIS

Thanks
0
prowebinteractiveinc
Asked:
prowebinteractiveinc
1 Solution
 
prerakgCommented:
Efficient in which manner? These are simply if statements. Both look good to me depending on the case.
0
 
fundacionrtsAdministrador de SistemasCommented:
If you use

if($_SERVER["SERVER_PORT"] != "443")

you always must have your https webs under 443 tcp port and this is not always true. Sometimes, tcp ports like 8443 are used to https.

You can use $_SERVER["SERVER_PROTOCOL"] and search inside for http or https
0
 
Lalit ChandraCommented:
According to the Standards:

'HTTPS'
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.

'REMOTE_PORT'
The port being used on the user's machine to communicate with the web server.

So,If you are using IIS then the above (fist) one is ok.other wise the value will be empty.
In case of PORT, if you use default port to install SSL Certificate,the above code(second) is good,other wise you have to know the port on which your site is working.

So,Which should you use,it tatally depends on you.Both of it will work in the same context.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
Ray PaseurCommented:
This is my teaching example of how to get HTTPS only.  HTH, ~Ray
<?php // RAY_https_only.php
error_reporting(E_ALL);


// DEMONSTRATE HOW TO RESTRICT A SCRIPT SO THAT IT ONLY RUNS BEHIND HTTPS


// IF NOT HTTPS
if (empty($_SERVER["HTTPS"]))
{
    // CONSTRUCT THE HTTPS URL WE WANT, PRESERVING GET VARS
    $my_uri
    = 'https://'
    . $_SERVER["HTTP_HOST"]
    . $_SERVER["REQUEST_URI"]
    ;

    // BAIL OUT WITH 301 AND LOCATION
    header("HTTP/1.1 301 Moved Permanently");
    header("Location: $my_uri");
    exit;
}

// ELSE WE ARE ALREADY IN HTTPS - START SESSION FOR HTTPS ONLY IN ALL SUBDIRECTORIES AND ALL SUBDOMAINS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
    $cookie_domain = $x[0];
}
else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
    // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
    $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}

$sess_name = session_name();
if (session_start())
{
    // MAN PAGE: http://us2.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $cookie_domain, TRUE, TRUE);
}

Open in new window

0
 
designatedinitializerCommented:
Notice that Ray's solution won't work in IIS, which is the case in question ...
YES, in IIS, this:

$_SERVER['HTTPS']=='off'

...will return TRUE if the request was not for https.

NO, you must not rely on the port number.
This is a matter of efficacy, not efficiency, as both things you are trying to compare are exactly the same from an efficiency (memory, processing) point of view.
It's a matter of efficacy, because one method (port number) will fail more often than the other.
0
 
Ray PaseurCommented:
From the question, I did not get that this was IIS (and I would never use IIS anyway), but if it is a question for IIS, maybe someone can take my code which works correctly on *nix systems and show the Asker how it can be done in IIS.  @prowebinteractiveinc: You might save yourself some time if you run this script (shown here in its entirety) on both HTTP and HTTPS platforms and compare the output carefully.  The parts you want to see are likely to be near the bottom of the output.
<?php phpinfo();

Open in new window

Best to all, over-and-out, ~Ray
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now