PHP detecting if SSL is used

[AFB]

I need a way to figure out if SSL is used or not with a particular connection. I looked on the PHP website with the traditional ways of going the the $_SERVER constants, but none of them seem to work for me.

I've tried $_SERVER['HTTPS'] which doesn't show up on php_info
I've tried SERVER_PORT' which shows port 80 even when connecting via ssl.


I'm not sure what to do at this point, since it doesn't show any difference when using http or https.


BTW, this is for a redirect script so I can make sure people connect via SSL.

PM me if you want a link to the php_info file.

 

[jjones]

I use something like this:

if (!isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != "on") {
header('Location: https://mysite.com/');
}

 

[AFB]

See, that's my problem. HTTPS is never set.

 

[jjones]

I'm not sure I understand. If you're trying to check if they are connecting via ssl, and then redirecting them if they are not, this will do it for you.

 

[AFB]

Normally yes, but for some reason when Network Solutions set up the SSL, they fudged around with php and now things are screwy. When connecting over http (unsecure) the port that is listed under that variable is 80. Likewise, $_SERVER['HTTPS'] is not set.

 

[jjones]

Well, the standard port for https is 443, http is 80. But this is a web server issue, not related to php. How could Network Frustrations mess with your php install? Are they hosting you?

Have you tried the code I provided? From what you are saying, it should still work unless you do not have ssl available.

Do you have a secure connection available? an example url?

BTW, I wouldn't let Network Solutions wipe my ass, let alone get anywhere near my domains or web sites. If you're using them for anything, I'd suggest changing that as soon as reasonably possible. Perhaps they've gotten a little better in recent years, I really wouldn't know, but I distanced myself from them long ago, for very good reasons. The principal one being they suck tremendously.

Edit: Also, you do see in the code that I'm stating that if https is not set, then redirect. It's for exactly the kind of scenario you describe. So if they connect via http, on port 80, and https is not set, then they should be redirected. Does this not work?

One other thing, that code should be at the very top of the page, before anything else. It needs to be evaluated before any headers are sent.

 

[jjones]

I got your PM and looked at the page. If I'm understanding you correctly, what you're saying is that even in an https page, php does not return that https is set, even though it really is. (The page you sent me shows https and the browser says I'm on a secure connection and I can even view your cert, but your note on top says https is not set and you're on port 80.)

The problem would then be, I guess, that when you check via php, you have no way to determine whether it's http or https. Unfortunately, I know of no way to check that without checking whether or not https is set. When you need the actual browser url of a page, you first check the server variables for https to get http or https, then you can add an http_host and php_self to get the full url.

I'm thinking that you'll need to get in touch with Network Frustrations to get this fixed. Or there might be a javascript solution, but I wouldn't know.

 

[AFB]

Originally posted by: jjones
I got your PM and looked at the page. If I'm understanding you correctly, what you're saying is that even in an https page, php does not return that https is set, even though it really is. (The page you sent me shows https and the browser says I'm on a secure connection and I can even view your cert, but your note on top says https is not set and you're on port 80.)

The problem would then be, I guess, that when you check via php, you have no way to determine whether it's http or https. Unfortunately, I know of no way to check that without checking whether or not https is set. When you need the actual browser url of a page, you first check the server variables for https to get http or https, then you can add an http_host and php_self to get the full url.

I'm thinking that you'll need to get in touch with Network Frustrations to get this fixed. Or there might be a javascript solution, but I wouldn't know.

Thank you for your help.

I called them and they up'd me to the Engineers and they said they'd look into it and give me a call or email. I really don't want to have to use JS, but I will if that's my only option.

 

[Furor]

What is the SSL cert installed on? I have the same problem (with ColdFusion) where it doesn't see the server being on https (even when it is) because the web server doesn't have the certificate installed, but the load balancer does - and php/coldfusion can't see that.

 

[AFB]

Originally posted by: Furor
What is the SSL cert installed on? I have the same problem (with ColdFusion) where it doesn't see the server being on https (even when it is) because the web server doesn't have the certificate installed, but the load balancer does - and php/coldfusion can't see that.

I had a feeling that's what they did because they're cheap, but who knows. I'll wait till they get back to me at yell at them.

 

[bsobel]

Originally posted by: AFB
<div class="FTQUOTE"><begin quote>Originally posted by: Furor
What is the SSL cert installed on? I have the same problem (with ColdFusion) where it doesn't see the server being on https (even when it is) because the web server doesn't have the certificate installed, but the load balancer does - and php/coldfusion can't see that.</end quote></div>

I had a feeling that's what they did because they're cheap, but who knows. I'll wait till they get back to me at yell at them.

Thats what I was thinking, it's a ssl accelerator/load balancer in front of your server. Did you check what additional http headers your getting on the connection, it's very likely there will be something there indicating the connection was originally ssl...

 

[AFB]

They replied back and told me there was nothing they could do and they realized it was a problem.

<-- Another satisfied customer =\