Have Geek Brain

How to check if ssl exists on web server via php?

I have this function in a class:

function enable_ssl() {
    if ($_SERVER[HTTPS] != "on") {
        $domain = "https://".$_SERVER['HTTP_HOST'] . "/" . $_SERVER['SCRIPT_NAME'];
        header("Location: {$domain}");
    }
}

The problem is when the server is not SSL installed and I have this function initiating a page redirect to a 404 page. I was wondering how this function can only work when SSL is installed and working?

Is it possible?

Thanks.

PS: I've done some google research but couldn't find anything.

+1


a source to share


7 replies


On a * nix server, you can try to parse the output netstat -A inet -lnp

for a webserver listening on port 443. Kinda clunky.



The best option I would say is to make it a config option for the user. Let them tell your app if they have HTTPS enabled.

+2


a source


The extension is loaded!

http://php.net/manual/en/function.extension-loaded.php



eg.

if(!extension_loaded('openssl'))
{
    throw new Exception('This app needs the Open SSL PHP extension.');
}
+2


a source


two ideas

  • Establish a socket connection to port 443 and check if it is connected.
  • Read the apache config file and see if there is anything listening on that port
+1


a source


You can try to connect to the server using curl . However, I would also try to make a configuration option. If you are using below, make sure you are not calling an infinite loop.

function ignoreHeader($curl, $headerStr)
{
  return strlen($headerStr);
}

$curl = curl_init("https://example.com/");
curl_setopt($curl, CURLOPT_NOBODY, TRUE);
curl_setopt($curl, CURL_HEADERFUNCTION, 'ignoreHeader');
curl_exec($curl);
$res = curl_errno($curl);

if($res == 0)
{
  $info = curl_getinfo($curl);
  if($info['http_code'] == 200)
  {
    # Supports SSL
    enable_ssl();
  }
}
else
{
  # Doesn't.
}
0


a source


I am using xampp as my development server on my laptop. I still need to set up an SSL connection on xampp. My production server has SSL and also has a valid certificate.

I noticed that $ _SERVER ['HTTPS'] does not exist on my xampp development server, but does exist on my production server.

I am assuming (possibly incorrectly) that if $ _SERVER ['HTTPS'] is not set, SSL is not enabled on the server.

<?php

if (isset($_SERVER['HTTPS')) echo 'SSL Exists'
else echo 'No SSL'

?>
0


a source


I just use file_get_contents

to try and open the same file via https and if successful, force a redirect ...

    function IsHttps() 
    { 
        return 
            (!empty($_SERVER["HTTPS"]) && (strtolower($_SERVER["HTTPS"])!=="off")) 
            || ($_SERVER["SERVER_PORT"]==443); 
    }

    if (!IsHttps() && extension_loaded("openssl"))
    {
        $target = "https://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
        ini_set("allow_url_fopen", true);
        if (file_get_contents($target)!==false) 
        { 
            header("Location: https://".$_SERVER["HTTP_HOST"].$_SERVER["URL"]); 
            die(); 
        }
    }
0


a source


This is how Wordpress does it:

<?php
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
return true;
if ( '1' == $_SERVER['HTTPS'] )
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
?>

You can use your check between "return true"! Go to: http://tutes.in/2012/02/13/check-if-ssl-exists-on-a-webserver-through-php/ for an explanation and more detailed source code.

-2


a source






More articles:


All Articles