Within a standard "brochure" site I have a subsystem where private data is passed back and forth in a series of pages. The site is done and working now without HTTPS.
Can someone point me to a list of steps that I need to do, to implement HTTPS on the secure part of the site?
The only thing you as a programmer need to do is checking that the user in fact uses HTTPS:
if($_SERVER['SERVER_PORT'] !== 443 &&
(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off')) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
Then (have your sysadmin) order and install a SSL certificate on the web server.
The web site must be configured itself, this is not related to php itself at this point.
On your local PC I think you use Apache as web server. So for Apache you need install a certificate, Apache need to listen https port (443 by default).
You can view this link, it can help you: http://www.onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html
Also, in all sections of the web site you need use https protocol in url, not http. E.g. https://example.com
There is no PHP code change involved. HTTPS means the data that the communication between the browser and the webserver will be encrypted. The browser is already setup for HTTPS, all you have to do is to configure your web server. Most probably you can do the whole change from your hosting control panel itself.
If you want to force HTTPS, you can use a one line mod_rewrite code
Try this:
<?php
if ($_SERVER['HTTPS'] != 'on') {
echo '<script type="text/javascript">window.location = "https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '";</script>';
}
?>
