some question about encrypt page

[mic]

hi guys;
im quite new to php and web development;

i have some questions and hope u guys could spare sometimes to explain/help me out.

currently i have a website and a form for customer register; i tried to use SSL to encryot the php page ; so it can make ppl unreadable the infos.

however; when i access to the https:// and http:// it is also the same; what i mean is there are anyway just make ppl only can access to https:// (because my hosting ; it can make your webpage encrypted useing SSL in the same folder http:// ; so dont need to copy the file to https:// folder) . it is fine but just at the adress bar; when i change it to http from my form; then it wont redirect to https:// . example: my form at https://xxx.com/form.php; but when i click on the address bar and change it to http://xxx.com/form.php then it just become http:// wont access to https:// again.

So there are anyway to restrict ppl to do that ?

Please explain to me

thanks a lot

regards

[toplay]

At the top of your script check if you're on the non-secure page (HTTP) and redirect to the secure page instead (HTTPS). Example:

[code=php:0]
    /**
    * secureConnection - Determines whether current connection is secure (SSL).
    *
    * @return bool Returns TRUE when this web connection is using SSL (HTTPS).
    * @access public
    */
    function secureConnection()
    {

        if (isSet($_SERVER['HTTPS']))
            return (0 === strcmp(strtolower($_SERVER['HTTPS']), 'on')) ? TRUE : FALSE;
        else
            return FALSE;

    }

    if (!secureConnection()) {
        header('Location: https://xxx.com/form.php');
        exit;
    }

    // Rest of code here

[/code]

[mic]

thx for your reply:
i tried to add it to my script, but there are 2 problems:
1.Warning: Cannot modify header information - headers already sent by.
2. because im using $chdir; like index.php?page=order ; so...

can u please explain a little bit more?

thanks
regards

[toplay]

1) You cannot send ANYTHING to the browser before issuing a header() (unless you use output buffering). Have nothing (like HTML, space, tab, JavaScript, CSS, etc.) sent before the code listed. Look at the pinned topics in the forum or search this forum for more info.

2) Don't know what $chdir is all about, however, if you're referring to having a query string, then you can do:

[code=php:0]
    if (!secureConnection()) {
        header('Location: https://xxx.com/form.php?' . $_SERVER['QUERY_STRING']);
        exit;
    }
[/code]

FYI: http://us3.php.net/manual/en/reserved.variables.php#reserved.variables.server

[mic]

yes i do know about the header;
here is the situation:

my main page is index.php which im using

[code]switch($page) {
case: "form":
include ("/form.php");
break;
[/code]

so the form (which i only want to enrypt in the whole site) will be called at the URL http://xxx.com/index.php?page=form ; i do want it just redirect from http://xxx.com/index.php?page=form to httos://xxx.com/index.php?page=form.

I tried to put your code at the index ; no errors at all, but no effect. if i put it at the form; then have header error... so what should i do?

thanks

[toplay]

I don't know you're code but I would guess something like this:
[code=php:0]

// No output sent before here

switch($page) {
case: "form":

    if (!secureConnection()) {
        header('Location: https://xxx.com/index.php?' . $_SERVER['QUERY_STRING']);
        exit;
    }

    include ("/form.php");
    break;
[/code]

[mic]

yeah i mean index is my main page which included many other scripts not just only the switch($page) function; and the switch page isnt at the header; so it still not work out; however if i just go straigh to http://xxx.com/form.php then it work ( of course no style)....

thx for your reply...

[toplay]

It sounds like you're trying to do a MVC design pattern approach.

Anyway, you can always turn on output buffering on at the start of your index.php page and that will stop you from getting the headers already sent error. See:

http://us3.php.net/manual/en/function.ob-start.php

[mic]

cool thanks a lot; im new to php; so takes qyite long time to understand all what u gave; but thats great. thanks again