sarmenhb
sarmenhb

Reputation:

how to check if ssl exists on a webserver through php?

I have this function in a class:

function enable_ssl() {
    if ($_SERVER[HTTPS] != "on") {
        $domain = "https://".$_SERVER['HTTP_HOST'] . "/" . $_SERVER['SCRIPT_NAME'];
        header("Location: {$domain}");
    }
}

The problem is that when the server doesn't have SSL installed and I have this function initiating the page redirects to a 404 page. I was wondering how I can have this function work only when SSL is installed and working?

Is it possible?

Thanks.

P.S.: I did some Google research but couldn't find much of anything.

Upvotes: 1

Views: 7556

Answers (8)

Richard
Richard

Reputation: 51

I have used the code below

$file ="https://mydomain/index.php";        
$file_headers = @get_headers($file);
$DomainName=(!$file_headers || $file_headers[0] == 'HTTP/1.1 404 Not Found')?'http://mydomain':'https://mydomain';

This basically checks if a file can be found (accessed) via HTTPS.

Upvotes: 0

NetXpert
NetXpert

Reputation: 649

I just use file_get_contents to try and open the same file via https and if it was successful, force a redirect...

    function IsHttps() 
    { 
        return 
            (!empty($_SERVER["HTTPS"]) && (strtolower($_SERVER["HTTPS"])!=="off")) 
            || ($_SERVER["SERVER_PORT"]==443); 
    }

    if (!IsHttps() && extension_loaded("openssl"))
    {
        $target = "https://".$_SERVER["HTTP_HOST"].$_SERVER["PHP_SELF"];
        ini_set("allow_url_fopen", true);
        if (file_get_contents($target)!==false) 
        { 
            header("Location: https://".$_SERVER["HTTP_HOST"].$_SERVER["URL"]); 
            die(); 
        }
    }

Upvotes: 0

Ryan
Ryan

Reputation: 9

This is how wordpress does it:

<?php
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
return true;
if ( '1' == $_SERVER['HTTPS'] )
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
?>

You can use your validation in between 'return true' stuff! Go to: http://tutes.in/2012/02/13/check-if-ssl-exists-on-a-webserver-through-php/ for explanation and more detailed source code.

Upvotes: -2

Waqar Alamgir
Waqar Alamgir

Reputation: 9978

Extension Loaded!

http://php.net/manual/en/function.extension-loaded.php

e.g.

if(!extension_loaded('openssl'))
{
    throw new Exception('This app needs the Open SSL PHP extension.');
}

Upvotes: 2

mrbinky3000
mrbinky3000

Reputation: 4301

I use xampp as my development server on my laptop. I have yet to set up a SSL connection on xampp. My production server does have SSL enabled and also has a valid cert.

I noticed that $_SERVER['HTTPS'] does not exist on my xampp development server, but does exist on my production server.

I am assuming (perhaps incorrectly) that if $_SERVER['HTTPS'] is not set, SSL is not enabled on the server.

<?php

if (isset($_SERVER['HTTPS')) echo 'SSL Exists'
else echo 'No SSL'

?>

Upvotes: 0

Matthew Flaschen
Matthew Flaschen

Reputation: 285077

You can try to connect to the server using curl. However, I would also try to do a config option. If you use the below, make sure you don't cause an infinite loop.

function ignoreHeader($curl, $headerStr)
{
  return strlen($headerStr);
}

$curl = curl_init("https://example.com/");
curl_setopt($curl, CURLOPT_NOBODY, TRUE);
curl_setopt($curl, CURL_HEADERFUNCTION, 'ignoreHeader');
curl_exec($curl);
$res = curl_errno($curl);

if($res == 0)
{
  $info = curl_getinfo($curl);
  if($info['http_code'] == 200)
  {
    # Supports SSL
    enable_ssl();
  }
}
else
{
  # Doesn't.
}

Upvotes: 0

SeanDowney
SeanDowney

Reputation: 17764

two ideas

  1. Setup a socket connection to port 443 and see if it connects.
  2. Read through an apache config file and see if there's anything listening on that port

Upvotes: 2

ceejayoz
ceejayoz

Reputation: 180176

On a *nix server, you could try parsing the output of netstat -A inet -lnp for a web server listening on port 443. Kinda clunky.

Better option, I'd say, is to make it a configuration option for the user. Let them tell your app if they've got HTTPS enabled.

Upvotes: 2

Related Questions