SSL (HTTPS) URLs and CodeIgniter (Extending the core)

What we are going to do…
We will create secure version of some functions. For this we will create a helper file ‘my_url_helper.php’ and save it in ‘system/application/helpers’. We will be creating secure version of following functions:
- site_url()
- base_url()
- anchor()
- redirect()
Lets’ start…
First we will add the following config element in the config file:
$config['secure_base_url'] = 'https://example.com'; |
Then, open the my_url_helper.php file (system/application/helpers/my_url_helper.php) and add the following codes.
if( ! function_exists('secure_site_url') ) { function secure_site_url($uri = '') { $CI =& get_instance(); return $CI->config->secure_site_url($uri); } } if( ! function_exists('secure_base_url') ) { function secure_base_url() { $CI =& get_instance(); return $CI->config->slash_item('secure_base_url'); } } if ( ! function_exists('secure_anchor')) { function secure_anchor($uri = '', $title = '', $attributes = '') { $title = (string) $title; if ( ! is_array($uri)) { $secure_site_url = ( ! preg_match('!^\w+://! i', $uri)) ? secure_site_url($uri) : $uri; } else { $secure_site_url = secure_site_url($uri); } if ($title == '') { $title = $secure_site_url; } if ($attributes != '') { $attributes = _parse_attributes($attributes); } return '<a href="'.$secure_site_url.'" ' . $attributes . '>'.$title.'</a>'; } } if ( ! function_exists('secure_redirect')) { function secure_redirect($uri = '', $method = 'location', $http_response_code = 302) { switch($method) { case 'refresh' : header("Refresh:0;url=".secure_site_url($uri)); break; default : header("Location: ".secure_site_url($uri), TRUE, $http_response_code); break; } exit; } } |
Now, I will extend the Config library (system/libraries/Config.php). I assume that the sub class prefix is set as ‘MY_’ in config file (system/application/config/config.php). Create a file ‘MY_Config.php’ in ‘system/application/libraries’ folder and save the file with following code.
class MY_Config extends CI_Config { function MY_Config() { parent::CI_Config(); } function secure_site_url($uri = '') { if (is_array($uri)) { $uri = implode('/', $uri); } if ($uri == '') { return $this->slash_item('secure_base_url').$this->item('index_page'); } else { $suffix = ($this->item('url_suffix') == FALSE) ? '' : $this->item('url_suffix'); return $this->slash_item('secure_base_url').$this->slash_item('index_page').preg_replace("|^/*(.+?)/*$|", "\\1", $uri).$suffix; } } } |
Now what we have…
Now we have secured versions of those function. You may now use them as their insecured version. Enjoy coding ;).
14 Comments
Other Links to this Post
RSS feed for comments on this post. TrackBack URI
By Himel Nag Rana, August 19, 2010 @ 10:32 am
Sir, is the config library file must for the implementation? I am a bit confused about the use of this. Can you please tell something more about this?
Thanks.
By Mohammad Sajjad Hossain, August 30, 2010 @ 8:51 pm
Himel bhai, I have extended the Config library to make it consistent with CI implementation. It is not must. You can modify the secure_site_url helper function with the code of secure_site_url function in MY_Config library.
By cartalot, November 27, 2010 @ 11:25 am
thanks, this is great! fyi for others, in order to load the new helper:
$this->load->helper(‘my_url_helper’);
Do you have any suggestions for making the post url of the form helper secure?
form_open()
thanks again.
By Nishi, February 3, 2011 @ 7:46 pm
Hi,
My page get displayed with https(i.e. Secure URL)… but without any css or JS file included in it? Not even the images are displayed.
I have set the base_url as secure URL…then also the images and js are not properly included…
I want to display all the URLs under secure URL…
Thanks….
By Oudin, July 13, 2011 @ 6:32 am
Hi
Thanks for sharing your work but unfortunately I can’t get it to work I’m getting a
“Fatal error: Call to undefined method MX_Config::secure_site_url() in C:\xampp\htdocs\sitename\helpers\my_url_helper.php on line 20”
I’m utilizing the Modular Extensions – HMVC https://bitbucket.org/wiredesignz/codeigniter-modular-extensions-hmvc/wiki/Home
On my site,is their any way i can make it compatible with HMVC
By Nader, April 5, 2012 @ 1:06 am
To make it work for HMVC, you have to add the following function to:
“application/third_party/MX/Config.php”
//
function secure_site_url($uri = ”)
{
if (is_array($uri))
{
$uri = implode(‘/’, $uri);
}
if ($uri == ”)
{
return $this->slash_item(‘secure_base_url’).$this->item(‘index_page’);
}
else
{
$suffix = ($this->item(‘url_suffix’) == FALSE) ? ” : $this->item(‘url_suffix’);
return $this->slash_item(‘secure_base_url’).$this->slash_item(‘index_page’).preg_replace(“|^/*(.+?)/*$|”, “\\1”, $uri).$suffix;
}
}
Instead of creating an extension to the core. ie. no need to add a file MY_Config in “application/libraries”, for use with HMVC.
By andres, July 27, 2012 @ 10:25 pm
great! but the secure_anchor() function only returns the title, watch out for that
By TDuncklee, July 29, 2012 @ 7:56 am
Any chance you could update this for CI 2.x?
By TDuncklee, July 29, 2012 @ 8:25 am
Got it working with 2.1.2:
MY_Config.php needs to be in applications/core now.
for some reason calling parent::CI_Config() fails so comment out or remove:
// function MY_Config()
// {
// parent::CI_Config();
// }
The return value for secure_anchor is incorrect. Change:
return ”.$title.”;
to
return ‘‘.$title.’‘;
Now to get csrf_protection to work across http and https… :/
By Mohammad Sajjad Hossain, July 29, 2012 @ 9:39 am
Thank you Andres and TDuncklee for pointing to secure_anchor() function return.
Instead of
it will be
By Zia, May 14, 2013 @ 12:46 pm
Could you please give some examples of how to use it in php (using CI)? Like if I like to secure the login view page how to use the secure functions in the link under the menu? Shall I use the secure_base_url as the value of action value in the form tag? What other things, if required, I need to address?
Thanks in advance.
By Jani, January 15, 2014 @ 5:10 pm
Hi!
I’m new in Codeigniter and I have been recently building web site with http front page and try to secure my login-form functionality.
When I try to use: echo form_open(secure_base_url() . ‘mainpage/login’);
I will get HTTP 1.1 found 302.
-> the request changes to http get-request which leads to situation where I lose my form parameters.
Same situation with secure_redirect()
Why this kind of behaviour?
Thanks in advance.
By Ashish Anil Aware, July 22, 2016 @ 4:15 pm
Thank you for your solution. Your code is working for me..
But I GET ERROR , AT THE TIME OF REDIRECTING
IT SHOWS MY URL LIKE
https://[::1]/ashish/ssl/welcome/login
how to resolve this?????
By Ashish Anil Aware, July 22, 2016 @ 4:15 pm
Soory..
At the time of linking