(04-20-2017, 03:01 AM)Martin7483 Wrote: We use this in the index.php
PHP Code:
$default_domain = 'www.yourwebsite.com';
$allowed_domains = array('yourwebsite.com','www.yourwebsite.com');
if ( ! function_exists('is_https_on'))
{
/**
* Is HTTPS?
*
* Determines if the application is accessed via an encrypted
* (HTTPS) connection.
*
* @return bool
*/
function is_https_on()
{
if ( ! empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off')
{
return TRUE;
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https')
{
return TRUE;
}
elseif ( ! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
{
return TRUE;
}
return FALSE;
}
}
$protocol = 'http://';
if ( is_https_on() && USE_HTTPS ) {
$protocol = 'https://';
}
// define protocol
define('PROTOCOL', $protocol);
The check if the HTTP_HOST is within the allowed domains
PHP Code:
if( ! in_array($_SERVER['HTTP_HOST'], $allowed_domains) ) {
$_SERVER['HTTP_HOST'] = $default_domain;
}
The set a constant
PHP Code:
define('BASE_URL', PROTOCOL.$_SERVER['HTTP_HOST']);
And in the config
PHP Code:
$config['base_url'] = BASE_URL;
Spoofing the HTTP_HOST header will have no effect this way
I'm sorry, the issue is solved, but the website is not diplayed, it keeps loading. But nothing happen, thanks anyway.
