Thread: HTTPS for Admin?
View Single Post
  #4  
Old 03-14-2003, 09:53 AM
 
tlieberman tlieberman is offline
 

Newbie
   
Join Date: Mar 2003
Posts: 1
 
Default Solution To Force HTTPS for admin pages (works with IIS)
Add to the top of admin/auth.php:

Defines $REQUEST_URI (since IIS doesn't provide it). I'm not sure if apache provides $_SERVER['HTTPS'], but you can do some string manipulation to determine whether the client is using ssl or not.

Anyway, if https is not active, it redirects to the secure version

Code:
$REQUEST_URI=$_SERVER['PHP_SELF']."?".$_SERVER['QUERY_STRING']; #For IIS's sake
if($_SERVER['HTTPS'] == 'off'){
	Header("Location: $https_location".substr($REQUEST_URI, 1, strlen($REQUEST_URI)-1)); 
}
Reply With Quote