We Keep Coding

Wordpress: http / https hyperlink problem

An admin input field on a website I'm working on has https://url.co.uk in it, but is outputted on the frontend as just http://url.co.uk. Any Ideas as to why this is happening?

I think the links in the database/wp-config are still in http.
You can do 3 things:
Force https through .htaccess : https://help.dreamhost.com/hc/en-us/articles/215747758-Force-your-site-to-load-securely-with-an-htaccess-file
get a plugin to force https: https://wordpress.org/plugins/wp-force-ssl/
Replace the http links to https in the DB and force https (step 1): https://github.com/interconnectit/Search-Replace-DB Use this to get it done
If this isn't the case, try to clear your cache

Please use the bellow code at your wp-config.php to avoid http/https issue :
if (isset($_SERVER["HTTP_X_FORWARDED_PROTO"] ) && "https" == $_SERVER["HTTP_X_FORWARDED_PROTO"] ) {
$_SERVER["HTTPS"] = "on";
}

Foolproof Way To Check For SSL With PHP

We have a need to check for certain if the server has SSL installed. Every method that we tried does not seem to be fool proof.
Our ultimate goal is if someone types in http://somedomain.com, we can test is the server has SSL and then display https://somedomain.com
We need to be able to do this with PHP and not htaccess since this is a module we are creating. Using file_exists or curl all seems to be some sort of drawback where it might not be turned on.
Thanks In Advance!

You can use the php $_SERVER['HTTPS'].
eg.
if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != 'on') {
header("Location: myurl.com");
exit();
}
You should try both if the $_SERVER['HTTPS'] is empty and if the $_SERVER['HTTPS'] is set to on.
Be careful you should place this piece of code at the start of the page, because the redirection is happening with header() which only works if no html output is done.

Can you connect to $hostname:443?
Does $hostname:443 provide a valid certificate for $hostname
???
Profit!

Trouble redirecting to HTTPS with PHP

I just had an ssl installed for a site I am working on and I obviously need to get a few of the pages (checkout etc) redirected to https.
I am currently using this code:
if (!isset($_SERVER['HTTPS']) || !$_SERVER['HTTPS']) {
$url = 'https://www.mysite.php';
header("location: ". $url);
exit();
}
Firefox is telling me that "the page is trying to redirect in a way that will never complete."
A var_dump of $_SERVER shows no ['HTTPS'] or similar when I am on the secure page. This is on a Network Solutions small unix package. Is it possible I need to be checking for a different server variable or perhaps I need to change some server settings?
Clearly the script is never finding HTTPS so it is trying to redirect without end.

It becomes clearer if you use OR:
if (!isset($_SERVER['HTTPS']) OR !$_SERVER['HTTPS']) {
Chances are one of the conditions always evaluates to true, even when you already are in HTTPs mode.
You want AND:
if (!isset($_SERVER['HTTPS']) AND !$_SERVER['HTTPS']) {

I use this form of SSL Checking too. For me my code works. Here is what i do.
if(empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") {
header("Location: https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
}
This works great and also redirects you to the previous url.
hope this helps.

what is the usage of the following function?

Take a look to this function please
function CheckHost()
{
$url = parse_url($_SERVER['HTTP_REFERER']);
$host = $url['host'];
if($host == $_SERVER['SERVER_NAME'])
return true;
return false;
}
i saw it somewhere, but can't understand it's usage.
is it for security reasons, or what?(as i see, it just verify is the last request from the same server as the script)
Thanks for attention

I suppose it's a simple check against cross-site request forgeries (CSRFs), or as others say, hotlinking. The PHP script calling this function would have to be executed on every HTTP request to the server in order to check for hotlinking, though.

It looks like its checking to see that the referrer is the same host name as the request. This is probably used for something like preventing other sites from directly linking to images or other content.

This can be used for CSRF protection. The Referer will always be of a differnt domain and thus CheckHost() will return false.

It checks whether the referer is equal to the script location, basically its function is probably to prevent hotlinking.

php/html - http_referer

I am creating a website and on one particular page, am wanting to send the user back to the previous page. I am fairly new to PHP/HTML and have been using some existing code for ideas and help.
The existing code uses the following method:
if (! empty($HTTP_REFERER))
{
header("Location: $HTTP_REFERER");
} else
{
header("Location: $CFG->wwwroot");
}
However, when I use this code the HTTP_referer is always treated as empty and the user redirected to the root page. Any obvious flaws in this code?

Don't rely on the HTTP Referrer being a valid or even non-empty field. People can choose to not have this set leaving any checks for that variable going to the empty side of the IF-ELSE clause.
You can guard against this by sending along a parameter in either the URL or POST parameters that would hold a value that you can use to redirect the user back to.

You need to use:
$_SERVER['HTTP_REFERER']

isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';

If you wanted to send the person back to the previous page and have it work regardless of the referrer being set correctly, you can append a GET parameter to the URL (or POST).. you will need to encode the URL.. Something like
http://www.domain.com.au/script.php?return=http%3a%2f%2fwww.domain.com.au%2fthis-is-where-i-was%2f
You can use PHP's urlencode() function.

Also note that the referer header might be empty or missing anyway, so you shouldn't rely on it at all..

You should use
$_SERVER['HTTP_REFERER']
However look at the register_globals configuration in php.ini, it should be turned off due to security reasons. You can read more on PHP Manual site.