I want to specify a secure connection for only the payment parts of my site, I don’t want to use absolute links in my views, but the base_url is set to the normal http:// server and so makes all links unsecured. Is there any way to specify a secure connection for certain pages?
I am not sure, but you may need multiple CI installations. Is there a problem with having your whole site under https? Let the http root redirect to the https version… If you use cookies, you may also have problems because those are technically different domains (I think, not sure, can someone correct me?)
I’d just change the base_url on those pages that require ssl. See the user guide about setting config items. Also, do a check that https is on for those secure pages and if not, then redirect back using https.
You don’t need multiple CI installations but 2 applications. The way i would do it is to create a codeigniter directory above the public and secure root. put the system and 2 application directories in the codeigniter directory. Name the application directories public and secure. and in the bootstrap files the system directory links to the codigniter/system directory and the application directories are added in relation to the directory the bootstrap file is in.
From that time on you can create your applications accordingly. If you are only going to use the secure application for a few pages you will have only one controller.
I guess you are going to share quite a few things between the public and secure site because the pages should have a consistent layout and use the same data. This will require some hacks as CI doesn’t supports flexible paths.
For views that you put in the added system/views directory you can temporarily switch the path using following methods put in the MY_Loader.php file in both application directories (it should be in the system directory as well but again it due to the non flexible file paths)
class MY_Loader extends CI_Loader { var _prev_ci_view_path = '';
If you want this to work in php4 you have to add an hack in the system/codeigniter/CodeIgniter.php file. Look for the hack on the forum; extend loader php4, will get you to the post i think.
For the data you can create a shared model in the added system/models directory where you put the methods needed by the secure and public part of your site and include it in the child models in the application directories.
I did it by having my .htaccess file force SSL for specific URLs (payment and login). It saved me from having to muck around with changing the base_url or anything like that:
As a bonus this ensures that even if someone tries to go to my payment or login page without SSL it will redirect them to the HTTPS version. It’s worked for me pretty well so far.
I did it by having my .htaccess file force SSL for specific URLs (payment and login). It saved me from having to muck around with changing the base_url or anything like that:
As a bonus this ensures that even if someone tries to go to my payment or login page without SSL it will redirect them to the HTTPS version. It’s worked for me pretty well so far.
Although this thread is a few months old, I thought I’d share the way I accomplished this with just a simple helper function.
if ( ! function_exists('force_ssl')) { function force_ssl() { $CI =& get_instance(); $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']); if ($_SERVER['SERVER_PORT'] != 443) { redirect($CI->uri->uri_string()); } } }
Simply call force_ssl() from within any controller method (or the constructor). The user will be redirected to https:// if needed. Also, https:// will show up correctly on any of the other URL helpers used AFTER force_ssl() is called.
I use a solution like parrot’s as well. In case it’s helpful to see another example, this is the .htaccess file I used on my last ecommerce project.
RewriteEngine on
RewriteBase /
# Redirect all domain name variations to main site RewriteCond %{HTTP_HOST} ^site.com [NC] RewriteRule ^(.*)$ http://www.site.com/$1 [L,R=301]
# Force checkout to be secure RewriteCond %{SERVER_PORT} 80 RewriteCond $1 !^(index\.php|images|javascripts|site|admin|stylesheets|robots\.txt) RewriteRule /checkout(.*)$ https://www.site/checkout$1 [L]
# Force admin to be secure RewriteCond %{SERVER_PORT} 80 RewriteCond $1 !^(index\.php|images|javascripts|site|checkout|stylesheets|robots\.txt) RewriteRule /admin(.*)$ https://www.site.com/admin$1 [L]
# Flip back to http unless in checkout or admin RewriteCond %{SERVER_PORT} !80 RewriteCond $1 !^(index\.php|images|javascripts|checkout|admin|stylesheets|robots\.txt) RewriteRule ^(.*)$ http://www.site.com/$1 [L]
Although this thread is a few months old, I thought I’d share the way I accomplished this with just a simple helper function.
if ( ! function_exists('force_ssl')) { function force_ssl() { $CI =& get_instance(); $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']); if ($_SERVER['SERVER_PORT'] != 443) { redirect($CI->uri->uri_string()); } } }
Simply call force_ssl() from within any controller method (or the constructor). The user will be redirected to https:// if needed. Also, https:// will show up correctly on any of the other URL helpers used AFTER force_ssl() is called.
Thanks, nevercraft - this worked perfectly. While the .htaccess solution is viable - it is not very dynamic
Although this thread is a few months old, I thought I’d share the way I accomplished this with just a simple helper function.
if ( ! function_exists('force_ssl')) { function force_ssl() { $CI =& get_instance(); $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']); if ($_SERVER['SERVER_PORT'] != 443) { redirect($CI->uri->uri_string()); } } }
Simply call force_ssl() from within any controller method (or the constructor). The user will be redirected to https:// if needed. Also, https:// will show up correctly on any of the other URL helpers used AFTER force_ssl() is called.
The function works perfectly although at the beginning I had some problems because I didn’t have ‘http://’ in my base_url. Also I was using .htaccess to get rid of index.php from url’s and this function was redirecting using index.php, all I had to do was to set $config[‘index_page’] from config.php so it was blank. Maybe it will help someone.
Although this thread is a few months old, I thought I’d share the way I accomplished this with just a simple helper function.
if ( ! function_exists('force_ssl')) { function force_ssl() { $CI =& get_instance(); $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']); if ($_SERVER['SERVER_PORT'] != 443) { redirect($CI->uri->uri_string()); } } }
Simply call force_ssl() from within any controller method (or the constructor). The user will be redirected to https:// if needed. Also, https:// will show up correctly on any of the other URL helpers used AFTER force_ssl() is called.
The function works perfectly although at the beginning I had some problems because I didn’t have ‘http://’ in my base_url. Also I was using .htaccess to get rid of index.php from url’s and this function was redirecting using index.php, all I had to do was to set $config[‘index_page’] from config.php so it was blank. Maybe it will help someone.
Thanks, that did help me as well.
Also, please note, you must be using the URL helper as well because force_ssl() calls the redirect() function. Either in your controller or in your autoload config file.
