Comments on: SSL (HTTPS) URLs and CodeIgniter http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/#utm_source=feed&utm_medium=feed&utm_campaign=feed Courage to do something... Mon, 08 Mar 2010 18:51:01 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: pk http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2653 pk Thu, 28 Jan 2010 11:20:11 +0000 http://sajjadhossain.com/?p=55#comment-2653 Here's a simple <a href="http://it.euphoriatwentythree.com/web-development/codeigniter/codeigniter-ssl-https-helper/" rel="nofollow">CodeIgniter SSL (HTTPS) Helper</a> which i wrote. Here’s a simple CodeIgniter SSL (HTTPS) Helper which i wrote.

]]> By: Max Fellows http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2265 Max Fellows Thu, 03 Dec 2009 04:35:23 +0000 http://sajjadhossain.com/?p=55#comment-2265 Thanks Mohammad and Mahbub -- I recently used this for a school project and it works great; I extended the base url_helper as Martin suggested. One other thing that came in handy was overriding CI's base_url() method in MY_url_helper; other libraries like Template call base_url() when you do things like add_js() or add_css(), which causes warnings to pop up in IE if you're on a secure page. This was the fix: <pre lang="php"> function base_url() { $framework =& get_instance(); if (isset($_SERVER['HTTPS'])) { return $framework->config->slash_item('secure_base_url'); } else { return $framework->config->slash_item('base_url'); } } </pre> Thanks Mohammad and Mahbub — I recently used this for a school project and it works great; I extended the base url_helper as Martin suggested.

One other thing that came in handy was overriding CI’s base_url() method in MY_url_helper; other libraries like Template call base_url() when you do things like add_js() or add_css(), which causes warnings to pop up in IE if you’re on a secure page. This was the fix:

function base_url() {
   $framework =& get_instance();
 
   if (isset($_SERVER['HTTPS'])) {
      return $framework->config->slash_item('secure_base_url');
   } else {
      return $framework->config->slash_item('base_url');
   }
}
]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2113 Mohammad Sajjad Hossain Tue, 29 Sep 2009 03:55:14 +0000 http://sajjadhossain.com/?p=55#comment-2113 Martin, thanks for your correction and suggestions. I was thinking to upgrade the code as you said because I myself faced this problem while upgrading to latest CI version. I am a little bit busy now but I will work on it and share with others. Martin, thanks for your correction and suggestions. I was thinking to upgrade the code as you said because I myself faced this problem while upgrading to latest CI version. I am a little bit busy now but I will work on it and share with others.

]]> By: Martin Evans http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2110 Martin Evans Tue, 29 Sep 2009 01:56:05 +0000 http://sajjadhossain.com/?p=55#comment-2110 Thanks for posting this! It helped me out on a project. I should point out there a couple of things that need to be fixed. In your code above, the last line of the function secure_anchor() in your url helper is missing a couple of single quotes. It should read: <pre lang="php"> return '<a href="'.$secure_site_url.'" rel="nofollow">'.$title.'</a>'; </pre> Also, it would be better not to edit the core CI files. One day someone else might upgrade CI and your ssl suddenly doesn't work!. Instead put the url_helper code in a file called MY_url_helper.php and store it in system/application/helpers/ Likewise, instead of adding code to the core Config.php library, put it in system/application/libraries/MY_Config.php - and follow the instructions for extending native libraries found at this url: http://codeigniter.com/user_guide/general/creating_libraries.html in MY_Config.php you would wrap the function with this code: <pre lang="php"> class MY_Config extends CI_Config { } </pre> Thanks for posting this! It helped me out on a project.

I should point out there a couple of things that need to be fixed. In your code above, the last line of the function secure_anchor() in your url helper is missing a couple of single quotes. It should read:

return '<a href="'.$secure_site_url.'" rel="nofollow">'.$title.'</a>';

Also, it would be better not to edit the core CI files. One day someone else might upgrade CI and your ssl suddenly doesn’t work!. Instead put the url_helper code in a file called MY_url_helper.php and store it in system/application/helpers/

Likewise, instead of adding code to the core Config.php library, put it in system/application/libraries/MY_Config.php – and follow the instructions for extending native libraries found at this url:

http://codeigniter.com/user_guide/general/creating_libraries.html

in MY_Config.php you would wrap the function with this code:

class MY_Config extends CI_Config {
 
}
]]> By: Mahbub http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-1797 Mahbub Wed, 27 May 2009 11:39:27 +0000 http://sajjadhossain.com/?p=55#comment-1797 Yes, true that links you can build both for http and https. But Normally in some pages we want to make sure that user can't but use the ssl url. So you put the helper function ssl_redirect() in the controller which will redirect 301 to the same url but with ssl. Like in payment pages we want to make sure that it's not http but https. Perhaps both we'd both your and my solution as needed. Yes, true that links you can build both for http and https. But Normally in some pages we want to make sure that user can’t but use the ssl url. So you put the helper function ssl_redirect() in the controller which will redirect 301 to the same url but with ssl. Like in payment pages we want to make sure that it’s not http but https. Perhaps both we’d both your and my solution as needed.

]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-1792 Mohammad Sajjad Hossain Fri, 22 May 2009 01:13:43 +0000 http://sajjadhossain.com/?p=55#comment-1792 Thanks Mahbub for sharing. But I don't agree with "So don’t need the secure anchor". Your solution will make all anchors secure which is good for 100% secure site. Think of a situation, you have a secure page and in that page you need some links with "http". Again in a "http" page you need some links with "https". In these situations my solution works fine. Thanks Mahbub for sharing.

But I don’t agree with “So don’t need the secure anchor”. Your solution will make all anchors secure which is good for 100% secure site.

Think of a situation, you have a secure page and in that page you need some links with “http”. Again in a “http” page you need some links with “https”. In these situations my solution works fine.

]]> By: Mahbub http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-1790 Mahbub Thu, 21 May 2009 10:14:22 +0000 http://sajjadhossain.com/?p=55#comment-1790 I have base url dynamically defined in my apps as <pre lang="php"> $config['host_url'] = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http"); $config['host_url'] .= "://".$_SERVER['HTTP_HOST']; $config['base_url'] = $config['host_url'] . str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']); </pre> AND for SSL redirect I use a utility helper <pre lang="php"> if (! function_exists('ssl_redirect')) { function ssl_redirect() { if ($_SERVER["SERVER_PORT"] != 443) { redirect(str_replace("http://", "https://" , current_url()), "refresh"); } } } </pre> That redirects the current url to ssl url. It's called in the controller you want to have only ssl request like payment pages. For generating anchor if you have the base_url dynamically generated like stated above, anchors are generated with https if the pages are in https. So don't need the secure anchor. Hope this helps! I have base url dynamically defined in my apps as

$config['host_url'] = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http");
$config['host_url'] .= "://".$_SERVER['HTTP_HOST'];
$config['base_url'] = $config['host_url'] . str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);

AND for SSL redirect I use a utility helper

if (! function_exists('ssl_redirect'))
{
    function ssl_redirect()
    {
        if ($_SERVER["SERVER_PORT"] != 443)
        {
            redirect(str_replace("http://", "https://" , current_url()), "refresh");
        }
    }
}

That redirects the current url to ssl url. It’s called in the controller you want to have only ssl request like payment pages. For generating anchor if you have the base_url dynamically generated like stated above, anchors are generated with https if the pages are in https. So don’t need the secure anchor. Hope this helps!

]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-699 Mohammad Sajjad Hossain Fri, 06 Feb 2009 16:51:26 +0000 http://sajjadhossain.com/?p=55#comment-699 Hi Sabrina, I have not faced such problem and many of my sites using these are working fine. Can you tell me the problems in details? If possible you may share the controller and model code. Hi Sabrina,
I have not faced such problem and many of my sites using these are working fine. Can you tell me the problems in details? If possible you may share the controller and model code.

]]> By: sabrina http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-695 sabrina Fri, 06 Feb 2009 06:08:20 +0000 http://sajjadhossain.com/?p=55#comment-695 hi sajjad vai, on my site there is need to user http and https. and my model files are not working. i put those files on those place. i really dont know how it will work? please do reply. i badly need help. Thanks Sabrina hi sajjad vai,
on my site there is need to user http and https. and my model files are not working. i put those files on those place. i really dont know how it will work? please do reply. i badly need help.
Thanks
Sabrina

]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-513 Mohammad Sajjad Hossain Fri, 28 Nov 2008 06:01:52 +0000 http://sajjadhossain.com/?p=55#comment-513 Milon Bhai, You don't need to download those files. Just put these codes in those files. If you face any problem let me know. Thank you for visiting my site. :) Milon Bhai,
You don’t need to download those files. Just put these codes in those files. If you face any problem let me know.

Thank you for visiting my site. :)

]]>