| Author |
Referer site is https or not
|
|
| Evil Bert 2005-11-19, 6:57 pm |
| I'm creating a site that wiill be submitting post data but I want to
verify how that the site sending the data is using SSL(https). Is
there any way of validating that in PHP?
TIA
| |
| Pat Farrell 2005-11-21, 6:59 pm |
| Evil Bert wrote:
> I'm creating a site that wiill be submitting post data but I want to
> verify how that the site sending the data is using SSL(https). Is
> there any way of validating that in PHP?
Don't have the URL under non-ssl
--
Pat
| |
| Neeper 2005-11-22, 3:56 am |
| Actually I meant accepting for submitting. The site I have right now
is using https(SSL) and I need the submitting sites to be using SSL as
well. How do I verify this?
On Mon, 21 Nov 2005 16:46:35 -0500, Pat Farrell <pfarrell@nospam.com>
wrote:
>Evil Bert wrote:
>
>Don't have the URL under non-ssl
| |
|
|
| Neeper 2005-11-22, 9:56 pm |
| I did, the $_SERVER['HTTP_REFERER'] isn't very reliable from my
readings on the Internet. Is there any other way how?
On Tue, 22 Nov 2005 09:43:33 -0500, JDS <jeffrey@example.invalid>
wrote:
>On Tue, 22 Nov 2005 08:12:11 +0000, Neeper wrote:
>
>
>look at $_SERVER
| |
|
| On Wed, 23 Nov 2005 02:42:15 +0000, Neeper wrote:
> I did, the $_SERVER['HTTP_REFERER'] isn't very reliable from my
> readings on the Internet. Is there any other way how?
If I am understanding you correctly...
It doesn't matter; i.e. your concerns are moot.
Example: A person clicking on a "submit" button on a form located on a
non-SSL website.
If the "action=" of that form points to an SSL-enabled site, then all of
the form data is transmitted encrypted.
So it doesn't matter if the form itself is or is not an SSL site. Only
that the destination of the form data is.
Does this describe your situation?
--
JDS | jeffrey@example.invalid
| http://www.newtnotes.com
DJMBS | http://newtnotes.com/doctor-jeff-master-brainsurgeon/
| |
| usenet@isotopeREEMOOVEmedia.com 2005-11-28, 6:58 pm |
| On Tue, 22 Nov 2005 09:43:33 -0500, JDS <jeffrey@example.invalid> wrote:
>On Tue, 22 Nov 2005 08:12:11 +0000, Neeper wrote:
>
>
>look at $_SERVER
Expanding on jeffrey's reply, this will force a page from http:// to https:// in
PHP. Of course, it must be sent before any output to the browser.
<?php
if (!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
header ('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
?>
HTH
|
|
|
|