-1

I have a PHP script which receives user and pass as a URL parameter and stores this in a database. In order to use this script I have to access 

http://ipadress/script.php?user=testuser&pass=1234

that's the IP address of a Linux machine.

What changes should I make in order to be able to change from http to https? I have to use SLL certificates or is there a solution which allow me to do this from my PHP script?

Can you offer me some hints, please ?

Andrea
  • 11,801
  • 17
  • 65
  • 72
Pandoranum
  • 89
  • 9
  • The server needs to have SSL enabled. Then from your PHP script you can just change `http://` to `https://` in order to access the URL. – Maximus2012 Sep 10 '15 at 19:44
  • See if this helps: http://manual.seafile.com/deploy/https_with_apache.html. I don't think you can do anything from your PHP script if the server itself is not running SSL. – Maximus2012 Sep 10 '15 at 19:45
  • Additionally, SSL Certificate itself is optional. You can have SSL enabled without a certificate. – Maximus2012 Sep 10 '15 at 19:46
  • You will need an SSL certificate and then you can rewrite all requests in the htaccess, https://www.sslshopper.com/apache-redirect-http-to-https.html.. more http://security.stackexchange.com/questions/38589/can-https-server-configured-without-a-server-certificate – chris85 Sep 10 '15 at 19:46
  • possible duplicate http://stackoverflow.com/questions/3865143/what-do-i-have-to-code-to-use-https – mattslone Sep 10 '15 at 19:52

1 Answers1

1

I hope this helps!

    $redirect= false;
    if (!isset($_SERVER['HTTPS'])) {
        $redirect= true;
    } else {
        if ($_SERVER['HTTPS'] != "on")
            $redirect= true;
    }
    if ($redirect) {
        $url = "https://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
        header("HTTP/1.1 301 Moved Permanently");
        header("Location: ".$url); 
        exit();
    }
Jonathan Kuhn
  • 15,279
  • 3
  • 32
  • 43
Allan Andrade
  • 670
  • 10
  • 26
  • I corrected this to fix a variable that was not renamed and changed the redirect to make actual header calls. This is more correct now as far as redirecting someone from http to https. I also added a `301 Moved Permanently` header which will help with stuff like SEO. – Jonathan Kuhn Sep 10 '15 at 19:52