#60: Forcing a User to Use SSL-Encrypted Pages

When handling credit card information, you want to guarantee that all card information always goes through an SSL (Secure Socket Layer) connection.

If a user types www.example.com in his web browser, he gets http://www.example.com/, not https://www.example.com/. This isn't a problem if all of your forms specifically refer to pages under https://www.example.com/ but it's difficult to ensure that and to maintain it if your hostname happens to change.

Here is a simple function to see if a user is connecting via SSL or not:

function is_SSL() {
    /* Checks to see whether the page is in secure mode */
    if ($_SERVER['SERVER_PORT'] == "443") { 
        return true;
    } else {
        return false;
    }
}

This function works by checking ...

Get Wicked Cool PHP now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Wicked Cool PHP by William Steinmetz, Brian Ward

#60: Forcing a User to Use SSL-Encrypted Pages

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly