[SOLVED] PHP and SSL

Star-Dust · Sep 8, 2021

Goodmorning everyone,

I'm doing a little PHP code that interfaces with B4X

I need to figure out if the requested page is SSL, i.e. if the address starts with https. This is because in case I want to redirect to the secure page.

I have tried many sources found on the web but none have worked.

Sandman · Sep 8, 2021

(Should probably have been posted in Chit Chat or something like that.)

Your question is a bit strange. Usually this is something that is handled by the webserver. Like my site, for instance. It answers at http://www.example.com/what/ever/here but instantly redirects the browser to https://www.example.com/what/ever/here. So, in effect, my code never gets a request over http, only over https.

Star-Dust · Sep 8, 2021

Sandman said:
(Should probably have been posted in Chit Chat or something like that.)

Your question is a bit strange. Usually this is something that is handled by the webserver. Like my site, for instance. It answers at http://www.example.com/what/ever/here but instantly redirects the browser to https://www.example.com/what/ever/here. So, in effect, my code never gets a request over http, only over https.

Unfortunately the Hosting server does not manage it for me and the same page is called with http://www.mydomain.it/index.php and https://www.mydomain.it/index.php.

I would like to understand with PHO if it is calling with secure page (https)

Many sources that I have found around do not work

Sandman · Sep 8, 2021

Well, that's a poor hosting server solution you got going there. If it's an option I'd upgrade it to something that's above hobby level. But in case that's not possible, here's the first hit I got when I searched for php check if request over https

How to find out if you're using HTTPS without $_SERVER['HTTPS']

I've seen many tutorials online that says you need to check $_SERVER['HTTPS'] if the server is connection is secured with HTTPS. My problem is that on some of the servers I use, $_SERVER['HTTPS'] i...

stackoverflow.com

The first answer seems fine to me, would that work for you?

Star-Dust · Sep 8, 2021

Already tried unfortunately it does not work

Sandman · Sep 8, 2021

At some point you should consider changing to a hosting provider that doesn't work against you.

LucaMs · Sep 8, 2021

Tried this one too?

B4X:

$isSecure = false;
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    $isSecure = true;
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
    $isSecure = true;
}
$REQUEST_PROTOCOL = $isSecure ? 'https' : 'http';

Source: https://stackoverflow.com/questions...-without-serverhttps#comment102520055_2886224

Sandman · Sep 8, 2021

I just want to add one aspect: Considering how very limited the hosting provider keep their servers, even if @Star-Dust would find a working solution (like the one posted by @LucaMs above) would work - it's no guarantee it will work the day after. Just sayin’ - it might be risky to depend on them if this is something that people actually will be using.

Star-Dust · Sep 8, 2021

LucaMs said:

Tried this one too?

B4X:

$isSecure = false;
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    $isSecure = true;
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
    $isSecure = true;
}
$REQUEST_PROTOCOL = $isSecure ? 'https' : 'http';

Source: https://stackoverflow.com/questions...-without-serverhttps#comment102520055_2886224

Yes, tried

Star-Dust · Sep 8, 2021

This $ _SERVER ['HTTPS'] or $ _SERVER ['SERVER_PORT'] should give and fail.

It's a server problem

LucaMs · Sep 8, 2021

Star-Dust said:
Yes, tried

Sandman · Sep 8, 2021

Which hosting provider are you using?

LucaMs · Sep 8, 2021

Star-Dust said:
Yes, tried

Are you sure your tests are correct?

Star-Dust · Sep 8, 2021

I have seen that it is indeed a server problem, I have found other complaints.

Joomla must be activated and from there set a force for all addresses such as https.

I currently use altervista for testing. Offers free php, ftp, database, backup etc ...

However at this point it is not important as it is only for testing the App. Then with the final server I suppose the php code should work or better the server will set everything to https

Star-Dust · Sep 8, 2021

LucaMs said:

Tried this one too?

B4X:

$isSecure = false;
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    $isSecure = true;
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') {
    $isSecure = true;
}
$REQUEST_PROTOCOL = $isSecure ? 'https' : 'http';

Source: https://stackoverflow.com/questions...-without-serverhttps#comment102520055_2886224

It looks like it's working now.

The redirect I got in html doesn't work ... I'm happy with that

I just hope it keeps working

Star-Dust · Sep 8, 2021

SOLVED

PHP:

if ($_SERVER['HTTP_X_FORWARDED_PROTO']!='https') {
        echo '<SCRIPT>window.location = "https://'. $_SERVER['HTTP_HOST']. $_SERVER['PHP_SELF']. '";</SCRIPT>';
        die("");
}

[SOLVED] PHP and SSL

Star-Dust

Expert

Sandman

Expert

Star-Dust

Expert

Sandman

Expert

How to find out if you're using HTTPS without $_SERVER['HTTPS']

Star-Dust

Expert

Sandman

Expert

LucaMs

Expert

Sandman

Expert

Star-Dust

Expert

Star-Dust

Expert

LucaMs

Expert

Sandman

Expert

LucaMs

Expert

Star-Dust

Expert

Star-Dust

Expert

Star-Dust

Expert