HTTPS detection on IIS

2 files changed, 2 insertions, 2 deletions

diff --git a/auth.php b/auth.php
index c3ac8c5..7f126e9 100755
--- a/auth.php
+++ b/auth.php
@@ -40,7 +40,7 @@ if ($require_authentication) {
   $auth = (isset($_SESSION['auth']) ? $_SESSION['auth'] : "");
   $user = (isset($_REQUEST['user']) ? $_REQUEST['user'] : "");
   $pass = (isset($_REQUEST['pass']) ? md5($salt.$_REQUEST['pass']) : "");
-  @$ssl = ($_SERVER['HTTPS'] == "" ? "http" : "https");
+  $ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
   $auth_error = (isset($_REQUEST['auth_error']) ? $_REQUEST['auth_error'] : 0);
   
   // not authenticated and username not submited
diff --git a/logout.php b/logout.php
index 7a9f6c2..a786403 100755
--- a/logout.php
+++ b/logout.php
@@ -24,7 +24,7 @@ if (isset($_COOKIE[session_name('trackme')])) {
   setcookie(session_name('trackme'),'',time()-42000,'/');
 }
 session_destroy(); 
-@$ssl = ($_SERVER['HTTPS'] == "" ? "http" : "https");
+$ssl = ((!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "" || $_SERVER['HTTPS'] == "off") ? "http" : "https");
 $url = str_replace("//", "/", $_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php");
 header("Location: $ssl://$url");
 ?>