使用PHP检查是否使用SSL访问了页面

Question

使用PHP检查是否使用SSL访问了页面

有没有办法检查当前页面是否使用SSL打开？例如,我希望我的登录页面(login.php)检查是否使用SSL(https://mywebserver.com/login.php)访问它.如果没有,请将它们重定向到页面的SSL版本.

差不多,我想让用户安全地使用该页面.

Answer 1

您应该能够检查是否$_SERVER['HTTPS']已设置,例如:

if (empty($_SERVER['HTTPS'])) {
    header('Location: https://mywebserver.com/login.php');
    exit;
}

Run Code Online (Sandbox Code Playgroud)

除了在IIS上,$ _SERVER ['HTTPS']始终是"开启"或"关闭" (5认同)

Answer 2

小智 32

小心.在我的IIS服务器上,$ _SERVER ['HTTPS']不为空,但值为'off'.

所以我必须这样做

if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') {
    // no SSL request
}

Run Code Online (Sandbox Code Playgroud)

Answer 3

Sae*_*ven 9

如果您正在处理转发的协议,您会发现这可能不起作用.例如,亚马逊的ELB可以处理SSL协商并通过端口80与您的应用服务器进行交互.

这个块处理:

    public function isSSL()
    {
        if( !empty( $_SERVER['https'] ) )
            return true;

        if( !empty( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )
            return true;

        return false;
    }

Run Code Online (Sandbox Code Playgroud)

当没有SSL时,IIS返回`$ _SERVER ['HTTPS'] ="off"`所以你必须使用`if(!empty($ _SERVER ['HTTPS'] && $ _SERVER ['HTTPS']!='off' )`以确保它在IIS上工作;) (6认同)

Answer 4

Nee*_*ngh 7

好吧，这是另一段代码。该代码将返回带有 https/http 的完整 url。

<?php

/**
 * Check whether URL is HTTPS/HTTP
 * @return boolean [description]
 */
function isSecure()
{

    if (
        ( ! empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
        || ( ! empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
        || ( ! empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
        || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443)
        || (isset($_SERVER['HTTP_X_FORWARDED_PORT']) && $_SERVER['HTTP_X_FORWARDED_PORT'] == 443)
        || (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] == 'https')
    ) {
        return true;
    } else {
        return false;
    }

}
/**
 * Example Use
 */
define('APP_URL', (isSecure() ? 'https' : 'http') . "://{$_SERVER['SERVER_NAME']}".str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']));
echo APP_URL;


/**
 * +++++++++++++++++++++++++
 * OR - One line Code
 * +++++++++++++++++++++++++
 */
define('APP_URL', ((( ! empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || ( ! empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') || ( ! empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') || (isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) || (isset($_SERVER['HTTP_X_FORWARDED_PORT']) && $_SERVER['HTTP_X_FORWARDED_PORT'] == 443) || (isset($_SERVER['REQUEST_SCHEME']) && $_SERVER['REQUEST_SCHEME'] == 'https') ) ? 'https' : 'http') . "://{$_SERVER['SERVER_NAME']}".str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']));
echo APP_URL;

?>

Run Code Online (Sandbox Code Playgroud)

归档时间：	14 年，8 月前
查看次数：	53112 次
最近记录：	8 年，9 月前