Within a standard "brochure" site I have a subsystem where private data is passed back and forth in a series of pages. The site is done and working now without HTTPS.
Can someone point me to a list of steps that I need to do, to implement HTTPS on the secure part of the site?
The only thing you as a programmer need to do is checking that the user in fact uses HTTPS:
if($_SERVER['SERVER_PORT'] !== 443 &&
(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] === 'off')) {
header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
exit;
}
Then (have your sysadmin) order and install a SSL certificate on the web server.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With