https for only some views?

[eluser]peter222[/eluser]
C4iO [PyroDEV] - your solution works the best for me. My two cents is to replace header.php by MY_controller.php:

Code:

class MY_Controller extends Controller
{
    function __construct()
    {
        parent::__construct();
    
    $this->load->helper('force_ssl');
    if (in_array($this->uri->segment(1), $this->config->item('ssl_pages'))){
        force_ssl();
    } else {
        remove_ssl();
    }

    }
}

then every controller starts by

Code:

class any_controller extends MY_Controller

this way you check if page shoud be displayed as https in every controller

[eluser]a_bains[/eluser]
[quote author="manisha" date="1296765899"]I have tried all the suggestions in this thread for Htaccess to remove index.php from Code Igniter URL.
This rewrite rules removes index.php from URL but does not display under Secure URL.
for example:
http://www.mysite.com/CodeIg/MyController -- Works perfect

https://www.mysite.com/CodeIg/index.php/MyController -- Works perfect

But

https://www.mysite.com/CodeIg/MyController -- Does not Work at all. It gives page not found server error.

Then I tried adding the htaccess rules in Virtual host file...
Now the Screen get displayed but without any css, js and Images included in the page.

All these folder like css, images and JS are in application directory.

Does anyone know why this problem is coming?

REply to post would be appreciated a lot....


Thanks[/quote]

Look at the rewrite condition and rules in this thread http://ellislab.com/forums/viewthread/86113/ they solved my problem.

[eluser]tison[/eluser]
Here's how I did it in 5 steps:

1. MY_url_helper

Code:

/**
* force_ssl
*  secures (https), all assets called w/ base_url_asset()
*  call before view content
*
* @params - url_string - optional, see codeigniter base_url() docs
*/
function force_ssl()
{
    $CI =& get_instance();
    $CI->force_ssl = true;
}


/**
* base_url_asset
*  use for asset links that may/may not be secure (depending on the page)
*
* @params - url_string - optional, see codeigniter base_url() docs
*/
function base_url_asset($url_string=false){
$CI =& get_instance();

if(isset($CI->force_ssl)){
  return str_replace('http', 'https', base_url($url_string));
} else return base_url($url_string);
}


/**
* base_url_secure
*  converts a non-secure http base_url to https
*
* @params - url_string - optional, see codeigniter base_url() docs
*/
function base_url_secure($url_string=false)
{
return str_replace('http','https',base_url($url_string));
}

2. Top of my secure view:

Code:

<?php force_ssl(); ?>

3. Link to this secure page (from another view)

Code:

<a href="&lt;?php echo base_url_secure();?&gt;registration/create">Create Registration</a>

4. Secure all files used on the secure page:

Code:

<link rel="stylesheet/less" href="<?php echo base_url_asset();?>webroot/styles.less" type="text/css" />

5. Secure the form, in your secure page

Code:

<?php echo form_open(base_url_secure('registration'));?>

base_url_asset - will pull regular base_url() - unless - you declare force_ssl() at the top of your view, then it will switch them. That's it! I'm sure there's a better way, so please let me know, or edit as needed.

[eluser]mact1079[/eluser]
Parrots solution seems like the easiest vs all the solutions with helpers, hooks and new libraries. But yet I'm stuck. Driving me nuts. Can someone please look at my code and tell me what I'm doing wrong? I think I'm doing multiple things wrong but have gotten myself all confused and need some help from clear minds

All I want is

1. all my pages under domain.com/checkout/ to be secure
2. specific pages user/login and user/join to be secure
3. not to have redirects to domain.com/index.php/user/login since I took out index.php in the config file
4. when I leave these pages to go back into http vs https
5. when I post data to a https page that it actually posts it. With one of the helper solutions as pointed in this thread data doesn't post because of the redirect that takes place

Hating this SSL stuff right now. Should be easy but there doesn't seem to be a simple solution that works for me.

Code:

RewriteEngine on

RewriteCond $1 !^(index\.php|images|captcha|css|js|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]

RewriteCond %{HTTP_HOST} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

RewriteCond %{SERVER_PORT} 80
RewriteCond $1 ^(user/login|user/join|checkout)
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} 443
RewriteCond $1 !^(user/login|user/join|checkout)
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

[eluser]Pent[/eluser]
[quote author="mact1079" date="1346263687"]Parrots solution seems like the easiest vs all the solutions with helpers, hooks and new libraries. But yet I'm stuck. Driving me nuts. Can someone please look at my code and tell me what I'm doing wrong? I think I'm doing multiple things wrong but have gotten myself all confused and need some help from clear minds

All I want is

1. all my pages under domain.com/checkout/ to be secure
2. specific pages user/login and user/join to be secure
3. not to have redirects to domain.com/index.php/user/login since I took out index.php in the config file
4. when I leave these pages to go back into http vs https
5. when I post data to a https page that it actually posts it. With one of the helper solutions as pointed in this thread data doesn't post because of the redirect that takes place

Hating this SSL stuff right now. Should be easy but there doesn't seem to be a simple solution that works for me.

Code:

RewriteEngine on

RewriteCond $1 !^(index\.php|images|captcha|css|js|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]

RewriteCond %{HTTP_HOST} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R=301]

RewriteCond %{SERVER_PORT} 80
RewriteCond $1 ^(user/login|user/join|checkout)
RewriteRule ^(.*)$ https://www.domain.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} 443
RewriteCond $1 !^(user/login|user/join|checkout)
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]

[/quote]

Although I'm probably necroing this thread a bit, I had this same issue and solved it this way:

Code:

RewriteEngine on

# force HTTPS
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_URI} (admin)
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# force HTTP
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !(admin|css|img|js)
RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L]

On my website, only the admin controller needs to be secure, but you can add multiple words there of course. Other folders you're using shouldn't be rewritten to HTTP, because that leads to browsers saying the page is only partially encrypted (the css/js is still transmitted unencrypted then).
On a side note, I think you should take out the first rewrite rule, since it servers the same purpose as the last, so that might cause the index.php being put back in your URI.