diff --git a/securepages.module b/securepages.module
index d029091..6042403 100644
--- a/securepages.module
+++ b/securepages.module
@@ -90,7 +90,7 @@ function securepages_form_alter(&$form, &$form_state, $form_id) {
     if ($page_match && !$is_https) {
       $form['#https'] = TRUE;
     }
-    elseif ($page_match === 0 && $is_https && variable_get('securepages_switch', FALSE)) {
+    elseif (!$page_match && $is_https && variable_get('securepages_switch', FALSE)) {
       $url['https'] = FALSE;
       $url['absolute'] = TRUE;
       $form['#action'] = url($url['path'], $url);
@@ -142,7 +142,7 @@ function securepages_redirect() {
   elseif ($page_match && !$is_https) {
     securepages_goto(TRUE);
   }
-  elseif ($page_match === 0 && $is_https && variable_get('securepages_switch', FALSE) && !$role_match) {
+  elseif (!$page_match && $is_https && variable_get('securepages_switch', FALSE) && !$role_match) {
     securepages_goto(FALSE);
   }
 
@@ -202,7 +202,6 @@ function securepages_goto($secure) {
  * @return
  *   - 0: Page should be insecure.
  *   - 1: Page should be secure.
- *   - NULL: Do not change page.
  */
 function securepages_match($path) {
   global $is_https;
@@ -226,7 +225,7 @@ function securepages_match($path) {
     return !($secure xor $result) ? 1 : 0;
   }
   else {
-    return;
+    return $secure ? 0 : 1;
   }
 }
 
diff --git a/securepages.test b/securepages.test
index 62e47fc..4df2319 100644
--- a/securepages.test
+++ b/securepages.test
@@ -35,6 +35,7 @@ class SecurePagesTestCase extends DrupalWebTestCase {
     $this->_testOpenRedirect();
     $this->_testXHR();
     $this->_testRoles();
+    $this->_testSecureEveryPageExceptListed();
   }
 
   /**
@@ -345,6 +346,38 @@ class SecurePagesTestCase extends DrupalWebTestCase {
   }
 
   /**
+   * Test the setting for securing all pages except those listed.
+   */
+  function _testSecureEveryPageExceptListed() {
+    // Secure all pages on the site.
+    variable_set('securepages_secure', FALSE);
+    variable_set('securepages_pages', '');
+
+    // Visit the home page and confirm that the redirect to HTTPS happens.
+    $this->drupalGet('', array('https' => FALSE));
+    $this->assertResponse(200);
+    $this->assertUrl(url('', array('https' => TRUE, 'absolute' => TRUE)));
+
+    // Exclude one page from being secured.
+    variable_set('securepages_pages', 'user');
+
+    // Visit it and make sure that it is not redirected to HTTPS.
+    $this->drupalGet('user', array('https' => FALSE));
+    $this->assertResponse(200);
+    $this->assertUrl(url('user', array('https' => FALSE, 'absolute' => TRUE)));
+
+    // Confirm that the home page still does redirect to HTTPS even though the
+    // above page did not.
+    $this->drupalGet('', array('https' => FALSE));
+    $this->assertResponse(200);
+    $this->assertUrl(url('', array('https' => TRUE, 'absolute' => TRUE)));
+
+    // Clean up.
+    variable_del('securepages_secure');
+    variable_del('securepages_pages');
+  }
+
+  /**
    * Logs in a user using HTTPS.
    */
   function loginHTTPS($user) {