Securing a Drupal Login and Admin Section

If you would like to have your Login and Admin sections on a Drupal site use HTTPS there is a very simple and easy solution. Open your settings.php file that is located in drupalroot/sites/default/settings.php.  If you have set up the $base_url variable replace it with the following PHP code.  If you haven’t set this up, use this code and replace the base URL with your site’s URL.

if (!strcasecmp(substr($_SERVER['REQUEST_URI'],0,5),'/user') && !isset($_SERVER['HTTPS'])) {
header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (!strcasecmp(substr($_SERVER['REQUEST_URI'],0,5),'/user')) {
$protocol = "https";
else {
$protocol = "http";
$base_url = $protocol . "://";