Comments on: SSL (HTTPS) URLs and CodeIgniter http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/#utm_source=feed&utm_medium=feed&utm_campaign=feed Courage to do something... Thu, 12 Apr 2012 10:00:52 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: prog3712 http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-4940 prog3712 Mon, 05 Dec 2011 17:24:32 +0000 http://sajjadhossain.com/?p=55#comment-4940 Great!!! It works perfectly!! The Max Fellows solution works great for me. Great!!! It works perfectly!!
The Max Fellows solution works great for me.

]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-3429 Mohammad Sajjad Hossain Wed, 18 Aug 2010 17:43:16 +0000 http://sajjadhossain.com/?p=55#comment-3429 I have posted <a href="http://sajjadhossain.com/2010/08/18/ssl-https-urls-and-codeigniter-extending-the-core/" rel="nofollow">SSL (HTTPS) URLs and CodeIgniter (Extending the core)</a>. I have posted SSL (HTTPS) URLs and CodeIgniter (Extending the core).

]]> By: Sean Gates http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-3362 Sean Gates Sat, 10 Jul 2010 03:56:48 +0000 http://sajjadhossain.com/?p=55#comment-3362 @Mohammed Yes, please change this post so show EXTENDING the helper (url_helper.php) and core (config.php) files, instead of editing them. I would hate new CI programmers to come here and do it the way it is shown in your post. Otherwise, thank you for your code! It was very helpful! @Mohammed Yes, please change this post so show EXTENDING the helper (url_helper.php) and core (config.php) files, instead of editing them. I would hate new CI programmers to come here and do it the way it is shown in your post.

Otherwise, thank you for your code! It was very helpful!

]]> By: pk http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2653 pk Thu, 28 Jan 2010 11:20:11 +0000 http://sajjadhossain.com/?p=55#comment-2653 Here's a simple <a href="http://it.euphoriatwentythree.com/web-development/codeigniter/codeigniter-ssl-https-helper/" rel="nofollow">CodeIgniter SSL (HTTPS) Helper</a> which i wrote. Here’s a simple CodeIgniter SSL (HTTPS) Helper which i wrote.

]]> By: Max Fellows http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2265 Max Fellows Thu, 03 Dec 2009 04:35:23 +0000 http://sajjadhossain.com/?p=55#comment-2265 Thanks Mohammad and Mahbub -- I recently used this for a school project and it works great; I extended the base url_helper as Martin suggested. One other thing that came in handy was overriding CI's base_url() method in MY_url_helper; other libraries like Template call base_url() when you do things like add_js() or add_css(), which causes warnings to pop up in IE if you're on a secure page. This was the fix: <pre lang="php"> function base_url() { $framework =& get_instance(); if (isset($_SERVER['HTTPS'])) { return $framework->config->slash_item('secure_base_url'); } else { return $framework->config->slash_item('base_url'); } } </pre> Thanks Mohammad and Mahbub — I recently used this for a school project and it works great; I extended the base url_helper as Martin suggested.

One other thing that came in handy was overriding CI’s base_url() method in MY_url_helper; other libraries like Template call base_url() when you do things like add_js() or add_css(), which causes warnings to pop up in IE if you’re on a secure page. This was the fix:

function base_url() {
   $framework =& get_instance();
 
   if (isset($_SERVER['HTTPS'])) {
      return $framework->config->slash_item('secure_base_url');
   } else {
      return $framework->config->slash_item('base_url');
   }
}
]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2113 Mohammad Sajjad Hossain Tue, 29 Sep 2009 03:55:14 +0000 http://sajjadhossain.com/?p=55#comment-2113 Martin, thanks for your correction and suggestions. I was thinking to upgrade the code as you said because I myself faced this problem while upgrading to latest CI version. I am a little bit busy now but I will work on it and share with others. Martin, thanks for your correction and suggestions. I was thinking to upgrade the code as you said because I myself faced this problem while upgrading to latest CI version. I am a little bit busy now but I will work on it and share with others.

]]> By: Martin Evans http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-2110 Martin Evans Tue, 29 Sep 2009 01:56:05 +0000 http://sajjadhossain.com/?p=55#comment-2110 Thanks for posting this! It helped me out on a project. I should point out there a couple of things that need to be fixed. In your code above, the last line of the function secure_anchor() in your url helper is missing a couple of single quotes. It should read: <pre lang="php"> return '<a href="'.$secure_site_url.'" rel="nofollow">'.$title.'</a>'; </pre> Also, it would be better not to edit the core CI files. One day someone else might upgrade CI and your ssl suddenly doesn't work!. Instead put the url_helper code in a file called MY_url_helper.php and store it in system/application/helpers/ Likewise, instead of adding code to the core Config.php library, put it in system/application/libraries/MY_Config.php - and follow the instructions for extending native libraries found at this url: http://codeigniter.com/user_guide/general/creating_libraries.html in MY_Config.php you would wrap the function with this code: <pre lang="php"> class MY_Config extends CI_Config { } </pre> Thanks for posting this! It helped me out on a project.

I should point out there a couple of things that need to be fixed. In your code above, the last line of the function secure_anchor() in your url helper is missing a couple of single quotes. It should read:

return '<a href="'.$secure_site_url.'" rel="nofollow">'.$title.'</a>';

Also, it would be better not to edit the core CI files. One day someone else might upgrade CI and your ssl suddenly doesn’t work!. Instead put the url_helper code in a file called MY_url_helper.php and store it in system/application/helpers/

Likewise, instead of adding code to the core Config.php library, put it in system/application/libraries/MY_Config.php – and follow the instructions for extending native libraries found at this url:

http://codeigniter.com/user_guide/general/creating_libraries.html

in MY_Config.php you would wrap the function with this code:

class MY_Config extends CI_Config {
 
}
]]> By: Mahbub http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-1797 Mahbub Wed, 27 May 2009 11:39:27 +0000 http://sajjadhossain.com/?p=55#comment-1797 Yes, true that links you can build both for http and https. But Normally in some pages we want to make sure that user can't but use the ssl url. So you put the helper function ssl_redirect() in the controller which will redirect 301 to the same url but with ssl. Like in payment pages we want to make sure that it's not http but https. Perhaps both we'd both your and my solution as needed. Yes, true that links you can build both for http and https. But Normally in some pages we want to make sure that user can’t but use the ssl url. So you put the helper function ssl_redirect() in the controller which will redirect 301 to the same url but with ssl. Like in payment pages we want to make sure that it’s not http but https. Perhaps both we’d both your and my solution as needed.

]]> By: Mohammad Sajjad Hossain http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-1792 Mohammad Sajjad Hossain Fri, 22 May 2009 01:13:43 +0000 http://sajjadhossain.com/?p=55#comment-1792 Thanks Mahbub for sharing. But I don't agree with "So don’t need the secure anchor". Your solution will make all anchors secure which is good for 100% secure site. Think of a situation, you have a secure page and in that page you need some links with "http". Again in a "http" page you need some links with "https". In these situations my solution works fine. Thanks Mahbub for sharing.

But I don’t agree with “So don’t need the secure anchor”. Your solution will make all anchors secure which is good for 100% secure site.

Think of a situation, you have a secure page and in that page you need some links with “http”. Again in a “http” page you need some links with “https”. In these situations my solution works fine.

]]> By: Mahbub http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/comment-page-1/#comment-1790 Mahbub Thu, 21 May 2009 10:14:22 +0000 http://sajjadhossain.com/?p=55#comment-1790 I have base url dynamically defined in my apps as <pre lang="php"> $config['host_url'] = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http"); $config['host_url'] .= "://".$_SERVER['HTTP_HOST']; $config['base_url'] = $config['host_url'] . str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']); </pre> AND for SSL redirect I use a utility helper <pre lang="php"> if (! function_exists('ssl_redirect')) { function ssl_redirect() { if ($_SERVER["SERVER_PORT"] != 443) { redirect(str_replace("http://", "https://" , current_url()), "refresh"); } } } </pre> That redirects the current url to ssl url. It's called in the controller you want to have only ssl request like payment pages. For generating anchor if you have the base_url dynamically generated like stated above, anchors are generated with https if the pages are in https. So don't need the secure anchor. Hope this helps! I have base url dynamically defined in my apps as

$config['host_url'] = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") ? "https" : "http");
$config['host_url'] .= "://".$_SERVER['HTTP_HOST'];
$config['base_url'] = $config['host_url'] . str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);

AND for SSL redirect I use a utility helper

if (! function_exists('ssl_redirect'))
{
    function ssl_redirect()
    {
        if ($_SERVER["SERVER_PORT"] != 443)
        {
            redirect(str_replace("http://", "https://" , current_url()), "refresh");
        }
    }
}

That redirects the current url to ssl url. It’s called in the controller you want to have only ssl request like payment pages. For generating anchor if you have the base_url dynamically generated like stated above, anchors are generated with https if the pages are in https. So don’t need the secure anchor. Hope this helps!

]]>