使用SSL后,我需要向PHP添加任何代码吗?

时间:2013-06-07 19:01:03

标签: php ssl https

我在我的网站上使用一个简单的联系表格使用PHP,我即将在我的网站上安装SSL,代码我是否需要对PHP代码进行任何更改,我完全不熟悉SSL和这是我的第一个SSL安装。

<?php
$errors = array();
$missing = array();
if (isset($_POST['send'])) {
$to = 'john@example.com';
$subject = 'Feedback from contact form';
$expected = array('name', 'email', 'comments');
$required = array('name', 'email', 'comments');
$headers = "From: webmaster@example.com\r\n";
$headers .= "Content-type: text/plain; charset=utf-8";
require './includes/mail_process.php';
    if ($mailSent) {
    header('Location: thanks.php');
    exit;
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Contact Us</title>
<link href="./styles.css" rel="stylesheet" type="text/css">
</head>

<body>
<h1>Contact Us</h1>
<?php if ($_POST && $suspect) { ?>
<p class="warning">Sorry your mail could not be be sent.</p>
<?php } elseif ($errors || $missing) { ?>
<p class="warning">Please fix the item(s) indicated.</p>
<?php }?>
<form name="contact" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
    <label for="name">Name:
    <?php if ($missing && in_array('name', $missing)) { ?>
    <span class="warning">Please enter your name</span>
    <?php } ?>
    </label>
    <input type="text" name="name" id="name"
    <?php
    if ($errors || $missing) {
        echo 'value="' . htmlentities($name, ENT_COMPAT, 'utf-8') . '"';
    }
    ?>
    >
</p>
<p>
    <label for="email">Email:
    <?php if ($missing && in_array('email', $missing)) { ?>
    <span class="warning">Please enter your email address</span>
    <?php } elseif (isset($errors['email'])) { ?>
    <span class="warning">Invalid email address</span>
    <?php } ?>
    </label>
    <input type="text" name="email" id="email"
    <?php
    if ($errors || $missing) {
        echo 'value="' . htmlentities($email, ENT_COMPAT, 'utf-8') . '"';
    }
    ?>
    >
</p>
<p>
    <label for="comments">Comments:
    <?php if ($missing && in_array('comments', $missing)) { ?>
    <span class="warning">You forgot to add your comments</span>
    <?php } ?>
    </label>
    <textarea name="comments" id="comments"><?php 
    if ($errors || $missing) {
        echo htmlentities($comments, ENT_COMPAT, 'utf-8');
    }
    ?></textarea>
</p>
<p>
    <input type="submit" name="send" id="send" value="Send Comments">
</p>
</form>
<pre>
</body>
</html>

mail_process.php就像这样

<?php
$suspect = false;
$pattern = '/Content-Type:|Bcc:|Cc:/i';

function isSuspect($val, $pattern, &$suspect) {
if (is_array($val)) {
    foreach ($val as $item) {
        isSuspect($item, $pattern, $suspect);
    }
} else {
    if (preg_match($pattern, $val)) {
        $suspect = true;
    }
}
}

isSuspect($_POST, $pattern, $suspect);

if (!$suspect) {
foreach ($_POST as $key => $value) {
    $temp = is_array($value) ? $value : trim($value);
    if (empty($temp) && in_array($key, $required)) {
        $missing[] = $key;
        $$key = '';
    } elseif(in_array($key, $expected)) {
        $$key = $temp;
    }
}
}

if (!$suspect && !empty($email)) {
$validemail = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL);
if ($validemail) {
    $headers .= "\r\nReply-to: $validemail";
} else {
    $errors['email'] = true;
}
}

if (!$suspect && !$missing && !$errors) {
$message = '';
foreach ($expected as $item) {
    if (isset($$item) && !empty($$item)) {
        $val = $$item;
    } else {
        $val = 'Not selected';
    }
    if (is_array($val)) {
        $val = implode(', ', $val);
    }
    $item = str_replace(array('_', '-'), ' ', $item);
    $message .= ucfirst($item) . ": $val\r\n\r\n";
}
$message = wordwrap($message, 70);

$mailSent = mail($to, $subject, $message, $headers, $authenticate); 
if (!$mailSent) {
    $errors['mailfail'] = true;
}
}

2 个答案:

答案 0 :(得分:0)

由于您没有任何绝对URL引用,因此您不会遇到任何问题。我建议你把它放在你的标题中(或者在所有PHP文件的顶部)以强制它们使用https,这样如果你确实需要在你的网站中使用绝对URL,你可以将它们全部用于HTTPS,因为每个人都会无论如何被逼到那里。

if($_SERVER['HTTPS'] != 'on' || !stristr($_SERVER['HTTP_HOST'], 'www.')) {
    $redirect= "https://www.".str_replace('www.','',$_SERVER['HTTP_HOST']).$_SERVER['REQUEST_URI'];
    header("Location:$redirect");
}

答案 1 :(得分:0)

您必须将绝对网址更改为“https:// ....”。如果您没有使用绝对URL,那么如果您的表单和处理脚本都在https上,则无需更改。