SSL (HTTPS) URLs and CodeIgniter (Extending the core)

ci logo flame SSL (HTTPS) URLs and CodeIgniter (Extending the core)In one of my previous post I have shown how we can use both secure and non-secure URLs. Now I am going to show how we can do this, extending native libraries.
What we are going to do…
We will create secure version of some functions. For this we will create a helper file ‘my_url_helper.php’ and save it in ‘system/application/helpers’. We will be creating secure version of following functions:
  • site_url()
  • base_url()
  • anchor()
  • redirect()
Lets’ start…
First we will add the following config element in the config file:
$config['secure_base_url'] = 'https://example.com';
Then, open the my_url_helper.php file (system/application/helpers/my_url_helper.php) and add the following codes.
if( ! function_exists('secure_site_url') )
{
    function secure_site_url($uri = '')
    {
        $CI =& get_instance();
        return $CI->config->secure_site_url($uri);
    }
}
 
if( ! function_exists('secure_base_url') )
{
    function secure_base_url()
    {
        $CI =& get_instance();
        return $CI->config->slash_item('secure_base_url');
    }
}
 
if ( ! function_exists('secure_anchor'))
{
    function secure_anchor($uri = '', $title = '', $attributes = '')
    {
        $title = (string) $title;
 
        if ( ! is_array($uri))
        {
            $secure_site_url = ( ! preg_match('!^\w+://! i', $uri)) ? secure_site_url($uri) : $uri;
        }
        else
        {
            $secure_site_url = secure_site_url($uri);
        }
 
        if ($title == '')
        {
            $title = $secure_site_url;
        }
 
        if ($attributes != '')
        {
            $attributes = _parse_attributes($attributes);
        }
 
        return '<a href="'.$secure_site_url.'" ' . $attributes . '>'.$title.'</a>';
    }
}
 
if ( ! function_exists('secure_redirect'))
{
    function secure_redirect($uri = '', $method = 'location', $http_response_code = 302)
    {
        switch($method)
        {
            case 'refresh'    : header("Refresh:0;url=".secure_site_url($uri));
                                break;
            default           : header("Location: ".secure_site_url($uri), TRUE, $http_response_code);
                                break;
        }
        exit;
    }
}
Now, I will extend the Config library (system/libraries/Config.php). I assume that the sub class prefix is set as ‘MY_’ in config file (system/application/config/config.php). Create a file ‘MY_Config.php’ in ‘system/application/libraries’ folder and save the file with following code.
class MY_Config extends CI_Config
{
    function MY_Config()
    {
        parent::CI_Config();
    }
 
    function secure_site_url($uri = '')
    {
        if (is_array($uri))
        {
            $uri = implode('/', $uri);
        }
 
        if ($uri == '')
        {
            return $this-&gt;slash_item('secure_base_url').$this-&gt;item('index_page');
        }
        else
        {
            $suffix = ($this-&gt;item('url_suffix') == FALSE) ? '' : $this-&gt;item('url_suffix');
            return $this-&gt;slash_item('secure_base_url').$this-&gt;slash_item('index_page').preg_replace("|^/*(.+?)/*$|", "\\1", $uri).$suffix;
        }
    }
}
Now what we have…
Now we have secured versions of those function. You may now use them as their insecured version. Enjoy coding ;).
share save 120 16 SSL (HTTPS) URLs and CodeIgniter (Extending the core)

12 thoughts on “SSL (HTTPS) URLs and CodeIgniter (Extending the core)”

  1. Himel bhai, I have extended the Config library to make it consistent with CI implementation. It is not must. You can modify the secure_site_url helper function with the code of secure_site_url function in MY_Config library.

  2. thanks, this is great! fyi for others, in order to load the new helper:
    $this->load->helper(‘my_url_helper’);

    Do you have any suggestions for making the post url of the form helper secure?
    form_open()

    thanks again.

  3. Hi,
    My page get displayed with https(i.e. Secure URL)… but without any css or JS file included in it? Not even the images are displayed.

    I have set the base_url as secure URL…then also the images and js are not properly included…
    I want to display all the URLs under secure URL…

    Thanks….

  4. To make it work for HMVC, you have to add the following function to:

    “application/third_party/MX/Config.php”

    //
    function secure_site_url($uri = ”)
    {
    if (is_array($uri))
    {
    $uri = implode(‘/’, $uri);
    }

    if ($uri == ”)
    {
    return $this->slash_item(‘secure_base_url’).$this->item(‘index_page’);
    }
    else
    {
    $suffix = ($this->item(‘url_suffix’) == FALSE) ? ” : $this->item(‘url_suffix’);
    return $this->slash_item(‘secure_base_url’).$this->slash_item(‘index_page’).preg_replace(“|^/*(.+?)/*$|”, “\\1″, $uri).$suffix;
    }
    }

    Instead of creating an extension to the core. ie. no need to add a file MY_Config in “application/libraries”, for use with HMVC.

  5. Got it working with 2.1.2:
    MY_Config.php needs to be in applications/core now.
    for some reason calling parent::CI_Config() fails so comment out or remove:

    // function MY_Config()
    // {
    // parent::CI_Config();
    // }

    The return value for secure_anchor is incorrect. Change:
    return ”.$title.”;
    to
    return ‘‘.$title.’‘;

    Now to get csrf_protection to work across http and https… :/

  6. Thank you Andres and TDuncklee for pointing to secure_anchor() function return.

    Instead of

    return '' . $title . ''

    it will be

    return '<a href="' . $secure_site_url . '" ' . $attributes . ' rel="nofollow">' . $title . '</a>';
  7. Could you please give some examples of how to use it in php (using CI)? Like if I like to secure the login view page how to use the secure functions in the link under the menu? Shall I use the secure_base_url as the value of action value in the form tag? What other things, if required, I need to address?

    Thanks in advance.

  8. Hi!
    I’m new in Codeigniter and I have been recently building web site with http front page and try to secure my login-form functionality.

    When I try to use: echo form_open(secure_base_url() . ‘mainpage/login’);
    I will get HTTP 1.1 found 302.
    -> the request changes to http get-request which leads to situation where I lose my form parameters.

    Same situation with secure_redirect()

    Why this kind of behaviour?

    Thanks in advance.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>