SSL (HTTPS) URLs and CodeIgniter (Extending the core)

CodeIgniterIn one of my previous post I have shown how we can use both secure and non-secure URLs. Now I am going to show how we can do this, extending native libraries.
What we are going to do…
We will create secure version of some functions. For this we will create a helper file ‘my_url_helper.php’ and save it in ‘system/application/helpers’. We will be creating secure version of following functions:
  • site_url()
  • base_url()
  • anchor()
  • redirect()
Lets’ start…
First we will add the following config element in the config file:
$config['secure_base_url'] = 'https://example.com';
Then, open the my_url_helper.php file (system/application/helpers/my_url_helper.php) and add the following codes.
if( ! function_exists('secure_site_url') )
{
    function secure_site_url($uri = '')
    {
        $CI =& get_instance();
        return $CI->config->secure_site_url($uri);
    }
}
 
if( ! function_exists('secure_base_url') )
{
    function secure_base_url()
    {
        $CI =& get_instance();
        return $CI->config->slash_item('secure_base_url');
    }
}
 
if ( ! function_exists('secure_anchor'))
{
    function secure_anchor($uri = '', $title = '', $attributes = '')
    {
        $title = (string) $title;
 
        if ( ! is_array($uri))
        {
            $secure_site_url = ( ! preg_match('!^\w+://! i', $uri)) ? secure_site_url($uri) : $uri;
        }
        else
        {
            $secure_site_url = secure_site_url($uri);
        }
 
        if ($title == '')
        {
            $title = $secure_site_url;
        }
 
        if ($attributes != '')
        {
            $attributes = _parse_attributes($attributes);
        }
 
        return '<a href="'.$secure_site_url.'" ' . $attributes . '>'.$title.'</a>';
    }
}
 
if ( ! function_exists('secure_redirect'))
{
    function secure_redirect($uri = '', $method = 'location', $http_response_code = 302)
    {
        switch($method)
        {
            case 'refresh'    : header("Refresh:0;url=".secure_site_url($uri));
                                break;
            default           : header("Location: ".secure_site_url($uri), TRUE, $http_response_code);
                                break;
        }
        exit;
    }
}
Now, I will extend the Config library (system/libraries/Config.php). I assume that the sub class prefix is set as ‘MY_’ in config file (system/application/config/config.php). Create a file ‘MY_Config.php’ in ‘system/application/libraries’ folder and save the file with following code.
class MY_Config extends CI_Config
{
    function MY_Config()
    {
        parent::CI_Config();
    }
 
    function secure_site_url($uri = '')
    {
        if (is_array($uri))
        {
            $uri = implode('/', $uri);
        }
 
        if ($uri == '')
        {
            return $this-&gt;slash_item('secure_base_url').$this-&gt;item('index_page');
        }
        else
        {
            $suffix = ($this-&gt;item('url_suffix') == FALSE) ? '' : $this-&gt;item('url_suffix');
            return $this-&gt;slash_item('secure_base_url').$this-&gt;slash_item('index_page').preg_replace("|^/*(.+?)/*$|", "\\1", $uri).$suffix;
        }
    }
}
Now what we have…
Now we have secured versions of those function. You may now use them as their insecured version. Enjoy coding ;).
Share

14 Comments

  • By Himel Nag Rana, August 19, 2010 @ 10:32 am

    Sir, is the config library file must for the implementation? I am a bit confused about the use of this. Can you please tell something more about this?

    Thanks.

  • By Mohammad Sajjad Hossain, August 30, 2010 @ 8:51 pm

    Himel bhai, I have extended the Config library to make it consistent with CI implementation. It is not must. You can modify the secure_site_url helper function with the code of secure_site_url function in MY_Config library.

  • By cartalot, November 27, 2010 @ 11:25 am

    thanks, this is great! fyi for others, in order to load the new helper:
    $this->load->helper(‘my_url_helper’);

    Do you have any suggestions for making the post url of the form helper secure?
    form_open()

    thanks again.

  • By Nishi, February 3, 2011 @ 7:46 pm

    Hi,
    My page get displayed with https(i.e. Secure URL)… but without any css or JS file included in it? Not even the images are displayed.

    I have set the base_url as secure URL…then also the images and js are not properly included…
    I want to display all the URLs under secure URL…

    Thanks….

  • By Oudin, July 13, 2011 @ 6:32 am

    Hi

    Thanks for sharing your work but unfortunately I can’t get it to work I’m getting a

    “Fatal error: Call to undefined method MX_Config::secure_site_url() in C:\xampp\htdocs\sitename\helpers\my_url_helper.php on line 20”

    I’m utilizing the Modular Extensions – HMVC https://bitbucket.org/wiredesignz/codeigniter-modular-extensions-hmvc/wiki/Home

    On my site,is their any way i can make it compatible with HMVC

  • By Nader, April 5, 2012 @ 1:06 am

    To make it work for HMVC, you have to add the following function to:

    “application/third_party/MX/Config.php”

    //
    function secure_site_url($uri = ”)
    {
    if (is_array($uri))
    {
    $uri = implode(‘/’, $uri);
    }

    if ($uri == ”)
    {
    return $this->slash_item(‘secure_base_url’).$this->item(‘index_page’);
    }
    else
    {
    $suffix = ($this->item(‘url_suffix’) == FALSE) ? ” : $this->item(‘url_suffix’);
    return $this->slash_item(‘secure_base_url’).$this->slash_item(‘index_page’).preg_replace(“|^/*(.+?)/*$|”, “\\1”, $uri).$suffix;
    }
    }

    Instead of creating an extension to the core. ie. no need to add a file MY_Config in “application/libraries”, for use with HMVC.

  • By andres, July 27, 2012 @ 10:25 pm

    great! but the secure_anchor() function only returns the title, watch out for that

  • By TDuncklee, July 29, 2012 @ 7:56 am

    Any chance you could update this for CI 2.x?

  • By TDuncklee, July 29, 2012 @ 8:25 am

    Got it working with 2.1.2:
    MY_Config.php needs to be in applications/core now.
    for some reason calling parent::CI_Config() fails so comment out or remove:

    // function MY_Config()
    // {
    // parent::CI_Config();
    // }

    The return value for secure_anchor is incorrect. Change:
    return ”.$title.”;
    to
    return ‘‘.$title.’‘;

    Now to get csrf_protection to work across http and https… :/

  • By Mohammad Sajjad Hossain, July 29, 2012 @ 9:39 am

    Thank you Andres and TDuncklee for pointing to secure_anchor() function return.

    Instead of

    return '' . $title . ''

    it will be

    return '<a href="' . $secure_site_url . '" ' . $attributes . ' rel="nofollow">' . $title . '</a>';
  • By Zia, May 14, 2013 @ 12:46 pm

    Could you please give some examples of how to use it in php (using CI)? Like if I like to secure the login view page how to use the secure functions in the link under the menu? Shall I use the secure_base_url as the value of action value in the form tag? What other things, if required, I need to address?

    Thanks in advance.

  • By Jani, January 15, 2014 @ 5:10 pm

    Hi!
    I’m new in Codeigniter and I have been recently building web site with http front page and try to secure my login-form functionality.

    When I try to use: echo form_open(secure_base_url() . ‘mainpage/login’);
    I will get HTTP 1.1 found 302.
    -> the request changes to http get-request which leads to situation where I lose my form parameters.

    Same situation with secure_redirect()

    Why this kind of behaviour?

    Thanks in advance.

  • By Ashish Anil Aware, July 22, 2016 @ 4:15 pm

    Thank you for your solution. Your code is working for me..
    But I GET ERROR , AT THE TIME OF REDIRECTING
    IT SHOWS MY URL LIKE
    https://[::1]/ashish/ssl/welcome/login
    how to resolve this?????

  • By Ashish Anil Aware, July 22, 2016 @ 4:15 pm

    Soory..
    At the time of linking

Other Links to this Post

RSS feed for comments on this post. TrackBack URI

Leave a comment

blog