Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming https for only some views?
https for only some views?
  • El Forum
    Guest
  •  
#1
06-23-2008, 06:48 PM

[eluser]nanda[/eluser]
I want to specify a secure connection for only the payment parts of my site, I don't want to use absolute links in my views, but the base_url is set to the normal http:// server and so makes all links unsecured. Is there any way to specify a secure connection for certain pages?
  • El Forum
    Guest
  •  
#2
06-23-2008, 11:33 PM

[eluser]Eric Cope[/eluser]
I am not sure, but you may need multiple CI installations. Is there a problem with having your whole site under https? Let the http root redirect to the https version... If you use cookies, you may also have problems because those are technically different domains (I think, not sure, can someone correct me?)
  • El Forum
    Guest
  •  
#3
06-24-2008, 01:03 AM

[eluser]Rick Jolly[/eluser]
I'd just change the base_url on those pages that require ssl. See the user guide about setting config items. Also, do a check that https is on for those secure pages and if not, then redirect back using https.
  • El Forum
    Guest
  •  
#4
06-24-2008, 01:27 AM

[eluser]xwero[/eluser]
You don't need multiple CI installations but 2 applications. The way i would do it is to create a codeigniter directory above the public and secure root. put the system and 2 application directories in the codeigniter directory. Name the application directories public and secure. and in the bootstrap files the system directory links to the codigniter/system directory and the application directories are added in relation to the directory the bootstrap file is in.

From that time on you can create your applications accordingly. If you are only going to use the secure application for a few pages you will have only one controller.
I guess you are going to share quite a few things between the public and secure site because the pages should have a consistent layout and use the same data. This will require some hacks as CI doesn't supports flexible paths.

For views that you put in the added system/views directory you can temporarily switch the path using following methods put in the MY_Loader.php file in both application directories (it should be in the system directory as well but again it due to the non flexible file paths)
Code:
class MY_Loader extends CI_Loader
{
var _prev_ci_view_path = '';

function set_view_path($path)
{
   if(is_dir($path))
   {
      $this->_prev_ci_view_path = $this->_ci_view_path;
      $this->_ci_view_path = $path;
   }
}

function reset_view_path()
{
    if($this->_prev_ci_view_path != '')
    {
        $this->_ci_view_path = $this->_prev_ci_view_path;
        $this->_prev_ci_view_path = '';
    }
}

}
// usage
$this->load->set_view_path(BASEPATH.'views/');
$this->load->view('someview');
$this->load->reset_view_path();
If you want this to work in php4 you have to add an hack in the system/codeigniter/CodeIgniter.php file. Look for the hack on the forum; extend loader php4, will get you to the post i think.

For the data you can create a shared model in the added system/models directory where you put the methods needed by the secure and public part of your site and include it in the child models in the application directories.

I hope this will set you on your way Smile
  • El Forum
    Guest
  •  
#5
06-24-2008, 02:41 AM

[eluser]nanda[/eluser]
Thanks for the help guys, I will try those solutions.
  • El Forum
    Guest
  •  
#6
06-24-2008, 07:15 AM

[eluser]parrots[/eluser]
I did it by having my .htaccess file force SSL for specific URLs (payment and login). It saved me from having to muck around with changing the base_url or anything like that:

Code:
RewriteEngine on

RewriteCond %{SERVER_PORT} 80
RewriteCond $1 ^(register/payment|login)
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} 443
RewriteCond $1 !^(register/payment|images|css|javascript|login)
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]

RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L]

As a bonus this ensures that even if someone tries to go to my payment or login page without SSL it will redirect them to the HTTPS version. It's worked for me pretty well so far.
  • El Forum
    Guest
  •  
#7
06-24-2008, 08:11 AM

[eluser]nanda[/eluser]
[quote author="parrots" date="1214331316"]I did it by having my .htaccess file force SSL for specific URLs (payment and login). It saved me from having to muck around with changing the base_url or anything like that:

Code:
RewriteEngine on

RewriteCond %{SERVER_PORT} 80
RewriteCond $1 ^(register/payment|login)
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]

RewriteCond %{SERVER_PORT} 443
RewriteCond $1 !^(register/payment|images|css|javascript|login)
RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L]

RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L]

As a bonus this ensures that even if someone tries to go to my payment or login page without SSL it will redirect them to the HTTPS version. It's worked for me pretty well so far.[/quote]

Thats a pretty sweet solution, thanks!
  • El Forum
    Guest
  •  
#8
06-24-2008, 08:23 PM

[eluser]Colin Williams[/eluser]
parrots' solution is what has always worked best for me. Also, I'm always setting base_url to '/'

Essentially what you're doing with mod_rewrite is creating SSL entry and exit points, which I think is most elegant. Good luck with it.
  • El Forum
    Guest
  •  
#9
09-04-2008, 11:07 PM

[eluser]nevercraft[/eluser]
Although this thread is a few months old, I thought I'd share the way I accomplished this with just a simple helper function.

Code:
if ( ! function_exists('force_ssl'))
{
    function force_ssl()
    {
        $CI =& get_instance();
        $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] != 443)
        {
            redirect($CI->uri->uri_string());
        }
    }
}

Simply call force_ssl() from within any controller method (or the constructor). The user will be redirected to https:// if needed. Also, https:// will show up correctly on any of the other URL helpers used AFTER force_ssl() is called.
  • El Forum
    Guest
  •  
#10
09-05-2008, 07:46 AM

[eluser]phpoet[/eluser]
I use a solution like parrot's as well. In case it's helpful to see another example, this is the .htaccess file I used on my last ecommerce project.

Code:
RewriteEngine on

RewriteBase /

# Redirect all domain name variations to main site
RewriteCond %{HTTP_HOST} ^site.com [NC]
RewriteRule ^(.*)$ http://www.site.com/$1 [L,R=301]

# Force checkout to be secure
RewriteCond %{SERVER_PORT} 80
RewriteCond $1 !^(index\.php|images|javascripts|site|admin|stylesheets|robots\.txt)
RewriteRule /checkout(.*)$ https://www.site/checkout$1 [L]

# Force admin to be secure
RewriteCond %{SERVER_PORT} 80
RewriteCond $1 !^(index\.php|images|javascripts|site|checkout|stylesheets|robots\.txt)
RewriteRule /admin(.*)$ https://www.site.com/admin$1 [L]

# Flip back to http unless in checkout or admin
RewriteCond %{SERVER_PORT} !80
RewriteCond $1 !^(index\.php|images|javascripts|checkout|admin|stylesheets|robots\.txt)
RewriteRule ^(.*)$ http://www.site.com/$1 [L]

# Get CodeIgniter going
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1




Theme © iAndrew 2016 - Forum software by © MyBB