[deutsch]
where : ibrtses php

force an encrypted SSL/https connection

a php page can force the communication through an encrypted https connection.

This simple code reconnets through port 443, if not yet done.
 
 if($_SERVER['SERVER_PORT'] != '443') { 
   header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); 
   exit(); 
 };
 
however this encrypted connection requires a https certificate. Usually one doesn't have such a certificate on a development server. We compare to the development server and skip this option. Thus the improved code actually is implemented as.
 
 if ($_SESSION['mydebugserver']!=1) {
  if($_SERVER['SERVER_PORT'] != '443') { 
    header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']); 
    exit(); 
  }
 }
 

remove crappy input parameters

to prevent the site being taken over, the parameters sent to the page should be cleaned. The shown section checks $_GET, $_POST, $_COOKIE, $_REQUEST
 if (get_magic_quotes_gpc()) {
   $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
   while (list($key, $val) = each($process))  {
    foreach ($val as $k => $v) {
      unset($process[$key][$k]);
      if (is_array($v)) {
        $process[$key][stripslashes($k)] = $v;
        $process[] = &$process[$key][stripslashes($k)];  }
      else  {
        $process[$key][stripslashes($k)] = stripslashes($v);  }
    }  // foreach
   }  // while list
   unset($process);
 }
 
 
 






last updated subpage : 15.Jan.16 or perhaps later


Copyright (2016) Ing.Büro R.Tschaggelar