Use PHP to check if page was accessed with SSL
You should be able to check that $_SERVER['HTTPS']
is set, e.g.:
if (empty($_SERVER['HTTPS'])) {
header('Location: https://mywebserver.com/login.php');
exit;
}
How to detect secure connection (https) using PHP?
You could do something like this in your config file rather than editing every script.
<?php
// will match /login.php and /checkout.php as examples
$force_ssl = preg_match('/\/(login|checkout)\.php(.+)?/', $_SERVER['REQUEST_URI']);
$using_ssl = (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) ? true : false;
$url = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
if ($force_ssl && !$using_ssl) {
// redirect to SSL
header('Location: https://' . $url);
} elseif (!$force_ssl && $using_ssl) {
// redirect back to normal
header('Location: http://' . $url);
}
Then if your certificate expires, just set $force_ssl
to false
in your config file and it'll take care of every script which previously redirected.Now the question has been clarified, you could create a PHP script like this (code taken from https://stackoverflow.com/a/4741196/654678)
<?php
// get and check certificate
$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
$read = stream_socket_client("ssl://www.google.com:443", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
$cert = stream_context_get_params($read);
$valid = ($cert["options"]["ssl"]["peer_certificate"] != NULL) ? true : false;
// save validity in database or somewhere else accessible
Then set up a crontab, or daily task or whatever to hit that PHP script daily. If there is no certificate, it'll return NULL and be marked as invalid. Check the validity with your script and you're good to go. How to check if website is secure using PHP
If you access a web page via https the browser encodes you request with SSL.
If you access a web page via http it is not encoded.
The certificate is just the proof for the user that the encoding is safe. The variable $_SERVER['HTTPS'] just says whether the user accessed the page via https or http.
How to find out if you're using HTTPS without $_SERVER['HTTPS']
This should always work even when $_SERVER['HTTPS']
is undefined:
function isSecure() {
return
(!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off')
|| $_SERVER['SERVER_PORT'] == 443;
}
The code is compatible with IIS.From the PHP.net documentation and user comments :
Also, Apache 1.x servers (and broken installations) might not have
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note that when using ISAPI with IIS, the value will be "off" if the request was not made through the HTTPS protocol. (Same behaviour has been reported for IIS7 running PHP as a Fast-CGI application).
$_SERVER['HTTPS']
defined even if connecting securely. Although not guaranteed, connections on port 443 are, by convention, likely using secure sockets, hence the additional port check.Additional note: if there is a load balancer between the client and your server, this code doesn't test the connection between the client and the load balancer, but the connection between the load balancer and your server. To test the former connection, you would have to test using the HTTP_X_FORWARDED_PROTO
header, but it's much more complex to do; see latest comments below this answer.
Check if a website is using SSL using CURL
PHP - cURL
I think using cURL is an overkill but anyways here you go.
<?php
function ignoreHeader( $curl, $headerStr ) {
return strlen( $headerStr );
}
$curl = curl_init( "https://example.com/" );
curl_setopt( $curl, CURLOPT_NOBODY, TRUE );
curl_setopt( $curl, CURL_HEADERFUNCTION, 'ignoreHeader' );
curl_exec( $curl );
$result = false;
if ( curl_errno($curl) == 0 ) {
$info = curl_getinfo( $curl );
if ( $info['http_code'] == 200 ) {
$result = true;
}
}
?>
PHP - without cURLIf you want to check if a website has an SSL certificate. You can just open a stream and check for SSL certificate parameter.
<?php
// Create a stream context
$stream = stream_context_create ( array( "ssl" => array( "capture_peer_cert" => true ) ) );
// Bind the resource 'https://www.example.com' to $stream
$read = fopen( "https://www.example.com", "rb", false, $stream );
// Get stream parameters
$params = stream_context_get_params( $read );
// Check that SSL certificate is not null
// $cert should be for example "resource(4) of type (OpenSSL X.509)"
$cert = $params["options"]["ssl"]["peer_certificate"];
$result = ( !is_null( $cert ) ) ? true : false;
?>
If you want to check if a host accepts a connection on 443 port, you can use fsockopen
to initiate a socket connection with the host.<?php
// Set host and port.
$host = 'example.com';
$port = 443;
// Initiate a socket connection with 'example.com' and check the result.
$fp = fsockopen('ssl://'. $host, $port, $errno, $errstr, 30);
$result = ( !is_null( $fp ) ) ? true : false;
?>
How to find out SSL certificate is installed on a server? (Using PHP)
You can check the $_SERVER['HTTPS']
variable.
PHP redirect to HTTPS if page is
Here You go.
//force the page to use ssl
if ($_SERVER["SERVER_PORT"] != 443) {
$redir = "Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];
header($redir);
exit();
}
$_SERVER, It is an array containing information such as headers, paths, and script locations. Detecting SSL With PHP
Ergo, this'll do:
$_SERVER['HTTPS']
Set to a non-empty value if the script was queried through the HTTPS protocol.
Note: Note that when using ISAPI with IIS, the value will be off if the request was not made through the HTTPS protocol.http://www.php.net/manual/en/reserved.variables.server.php
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
// SSL connection
}
How can I prevent access to PHP files if the caller isn't using HTTPS?
Slightly off topic, but if you're using PHP with Apache Httpd and mod_ssl
, you can force SSL access to files (and PHP scripts) by placing the SSLRequireSSL
directive in .htaccess
or in the Directory configuration.
Related Topics
How to Insert JSON Array into MySQL Database
MySQL Fulltext Search Multiple Words
How to Retrieve Date from Table Cell Using PHPspreadsheet
Possible to View PHP Code of a Website
Setting Up PHPmailer with Office365 Smtp
PHP Curl: Curlopt_Connecttimeout VS Curlopt_Timeout
Check If SQL Row Exists with PHP
Running PHP 5.4 Built-In Web Server Outside Localhost
PHP Flush() Not Working in Chrome
Yii Framework: Using Data from Related Active Record Models for Searching
Doctrine2 Findby Relationship Object Triggers String Conversion Error
Codeigniter Force Download Files
Storing Leading Zeros of Integers in MySQL Database as Integer
Bool Parameter from Jquery Ajax Received as Literal String "False"/"True" in PHP
Mail Not Sending with PHPmailer Over Ssl Using Smtp
Why Use Output Buffering in PHP
MySQL Insert ....On Duplicate Update - Adds One to the Autoincrement