<?php
 class upgradeToHTTPS
 {
  private static function redirTo($redirURI, array $extraHeaders = array())
  {
   $respType = 'HTTP/1.0 302 Found';
   if (isset($_SERVER['SERVER_PROTOCOL']))
    $proto = $_SERVER['SERVER_PROTOCOL'];
   else
    $proto = 'HTTP/1.0';
   if (substr($proto, 0, 5) == 'HTTP/')
   {
    $protocolVer = floatval(substr($proto, 5));
    if ($protocolVer > 1.0)
     $respType = 'HTTP/'.$protocolVer.' 307 Temporary Redirect';
   }
   header($respType);
   if (count($extraHeaders) > 0)
    foreach($extraHeaders as $header)
     header($header);
   header("Location: $redirURI");
   $redirPage = <<<PAGE
<!doctype html>
<html>
 <head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Redirecting to https://%HOST%...</title>
  <meta http-equiv="refresh" content="3; url=%URI%" />
  <style>
   p{text-align:center; font-size: 28pt;}
  </style>
 </head>
 <body>
  <p>You are being redirected to a secure version of %HOST%. You may wish to update any links or bookmarks:</p>
  <p>&lt;%URI%&gt;</p>
  <p>There seems to have been a header error that prevented an immediate redirect. Our apologies for the delay.</p>
  <p>Please click on the link below if you haven't been redirected in the time it took to read this page.</p>
  <p><a href="%URI%" title="Redirect Yourself">Go Forward</a></p>
 </body>
</html>
PAGE;
   $redirHost = substr($redirURI, strpos($redirURI, '//') + 2);
   $redirHost = substr($redirHost, 0, strpos($redirHost, '/'));
   echo str_replace(array('%URI%', '%HOST%'), array($redirURI, $redirHost), $redirPage);
  }

  public static function check($scriptURI)
  {
   $https = false;
   if (strpos($scriptURI, 'http:') !== false)
   {
    $https = (
              (isset($_SERVER['HTTP_HTTPS']) && trim($_SERVER['HTTP_HTTPS']) == '1') ||
              (isset($_SERVER['HTTP_CONTENT_SECURITY_POLICY']) && strtolower(trim($_SERVER['HTTP_CONTENT_SECURITY_POLICY'])) == 'upgrade-insecure-requests') ||
              (isset($_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS']) && trim($_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS']) == '1')
             );
   }
   if (!$https)
    return false;
   $newURI = str_replace('http:', 'https:', $scriptURI);
   self::redirTo($newURI, array('Vary: Upgrade-Insecure-Requests'));
   return true;
  }
 }

 if (isset($_SERVER['SCRIPT_URI']))
  $scriptURI = $_SERVER['SCRIPT_URI'];
 else
  $scriptURI = $_SERVER['REQUEST_SCHEME'].'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
 if (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != '')
  $scriptURI.= '?'.$_SERVER['QUERY_STRING'];
 if (upgradeToHTTPS::check($scriptURI))
  exit;
?>