How I did SSL |
[eluser]aggrav8d[/eluser]
Hello, my fellow pyros. I tried to look for a good SSL solution on here. Maybe I didn't look hard enough. I found one that recommended rewriting every url on a page from "http" to "https". If only part of your site is SSL then that solution is a problem when IE users leave the "safe zone" and start seeing messages about insecure content. In any case, I'd like to fill the knowledge gap. I hope you find my method elegant. We have several possible cases to consider: - a regular page that links to a secure page - a secure page that links to a regular page - a secure page that loads secure content from a shared header file - a regular page that loads content from a shared header file In each case URLs could change in two ways: A different URL transport and (potentially) a different base URL. I added a Code: $config['base_url'] = 'http://www.myurl.com/'; to config.php. I then made big changes in urlhelper.php Code: ... Code: function site_url($uri = '',$ssl=FALSE) Let me know if that helps. Thanks! Keep up the great (frame)work! Edited to add in a couple missing lines.
[eluser]aggrav8d[/eluser]
Right. I thought about it today and realized this post was only half finished. I dumped a lot of code in your laps and didn't explain why I did what I did. As I said, we have several possible cases to consider: - a regular page that links to a secure page - a secure page that links to a regular page - a secure page that loads secure content from a shared header file - a regular page that loads content from a shared header file A typical example would be a header file that contains a menu. In my case - www.abbeycustomblinds.ca - the menu had links to the homepage, some important categories, and the cart. The cart page also included all the form information necessary to checkout. (One step checkout is about as easy as it gets.) Naturally, it had to be SSL because of the credit cards. In each controller I would have a variable Code: ... Code: <?php I hope that makes things a little more useful. g'night!
[eluser]aggrav8d[/eluser]
To whom it may concern, I had to rewrite the last line of code in the second article three times because there was some kind of auto-edit removing everything inside the (). It wouldn't stop until I switched to double quotes. I hope that didn't break any of the other code I posted.
[eluser]acormack[/eluser]
Hi aggrav8d, This is a great contribution you have made. Like you I didn't fancy hacking my apache config to do this! I think you may have a typo in the follow-up post though. I believe it should read Code: $secure=(isset($secure_page) && $secure_page==1); Many thanks for posting this. It should be proposed for inclusion in the next release of CI. Regards Alec
[eluser]ontguy[/eluser]
Thanks for the contribution. I'm wondering if you considered the approach suggested here: http://ellislab.com/forums/viewthread/135039/
[eluser]acormack[/eluser]
aggrav8d As you say above it appears that the bulletin board software does not display the text string that has been pasted in - even inside code tags. You need to change the return value of the anchor function to include the $attributes variable after the $site_url: Code: return '<a href="'.$site_url.'">'.$title.'</a>'; Note: Whatever I try I cannot get the $attributes variable to display if I paste it in above. Many Thanks for providing this code. Alec
[eluser]aggrav8d[/eluser]
[quote author="ontguy" date="1270684074"]Thanks for the contribution. I'm wondering if you considered the approach suggested here: http://ellislab.com/forums/viewthread/135039/[/quote] Yes, and threw it out. Imagine you go to a page that has force_ssl. it converts all http:// to https://, including the ones that are supposed to a href back to non-secure pages. When I surf back to those pages they are not calling force_ssl(). Net effect? the page is loaded https and all of it's linked data (images, javascript, css) are NOT loaded via https. Most browsers (especially IE) throw a nasty warning and frighten users.
[eluser]natanv[/eluser]
Thanks bro! You saved me some much appreciated time. I ended up going with a hybrid approach by using your config + url_helper in conjunction with Jamie's "force_ssl" helper which I modded by removing: $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']); since I was using your functions to secure the needed links.
[eluser]InsiteFX[/eluser]
I hope you extended the config library and did not hack it. Also url_helper should be MY_url_helper InsiteFX |
Welcome Guest, Not a member yet? Register Sign In |