How can I have CodeIgniter load specific pages using SSL?

Question

How can I have CodeIgniter load specific pages using SSL? I have an apache2/ mode_ssl server. mod_ssl uses a different document root than non-secure pages. For example, https (port 443) would serve pages out of /var/www/ssl_html/ And http (port 80) serves pages out of /var/www/html/ . How would I get CodeIgniter to play nice with this setup?

Answer 1

There are few ways to tackle this.

Option 1:

I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to:

$config['base_url'] = "http://www.yoursite.com/"; 

or

$config['base_url'] = "https://www.yoursite.com/";

Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site:

RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder

Option 2:

Send everything to SSL and keep all your code in one folder

/system/application/config/config.php, set your page to:

$config['base_url'] = "https://www.yoursite.com/";

Other Options

There are some more hacky ways to do this with header() redirects, etc. but I don't think you want to maintain different code bases for this option. I don't recommend this but you could do something like:

$config['base_url'] = “http://” . $_SERVER['http_host'] . “/”;

Answer 2

In application/config/config.php, set base_url to:

$config['base_url'] = ($_SERVER['SERVER_PORT'] == 443 ? 'https' : 'http') . "://{$_SERVER['HTTP_HOST']}/";

This will allow it to work on any domain, which is convenient if you test locally.

Answer 3

I put following lines in ./application/config/config.php file and it works perfectly:

$protocol = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) ? 'https' : 'http';
$config['base_url'] = $protocol.'://www.yoursite.com';

Answer 4

I would maintain two sets of the code and handle a forced redirect to HTTPS pages with a post_controller_constructor hook. The hook will be called before each page is rendered to check if the visitor should be redirected to HTTPS based on their current location on your site.

STEP 1

Create file: system/application/hooks/SecureAccount.php

<?php

class SecureAccount
{
    var $obj;

    //--------------------------------------------------
    //SecureAccount constructor
    function SecureAccount()
    {
        $this->obj =& get_instance();
    }

    //--------------------------------------------------
    //Redirect to https if in the account area without it
    function index()
    {
        if(empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] !== 'on')
        {
            $this->obj =& get_instance();
            $this->obj->load->helper(array('url', 'http'));

            $current = current_url();
            $current = parse_url($current);

            if((stripos($current['path'], "/account/") !== false))
            {
                $current['scheme'] = 'https';

                redirect(http_build_url('', $current), 'refresh');
            }
        }
    }
}
?>

STEP 2

Customize the path in the function for which areas of your site should be forced to use HTTPS.

STEP 3

Add the following to system/application/config/hooks.php

/* Force HTTPS for account area */
$hook['post_controller_constructor'] = array(
                                'class'    => 'SecureAccount',
                                'function' => 'index',
                                'filename' => 'SecureAccount.php',
                                'filepath' => 'hooks',
                                'params'   => array()
                                );

Answer 5

I can easily, I only define:

$config['base_url'] = '';

CI get base_url automaticaly =D

Answer 6

I solved the problem with in config.php

$config['ssl_active'] = false;
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
    $config['ssl_active'] = true;
}

$config['base_url'] = ($config['ssl_active'] === true )?"https":"http" . $_SERVER['HTTP_HOST'];

The directory trouble, you can use a simple simbolic link ln -s

Answer 7

This is what worked for me. Our server both have $_SERVER['SERVER_PORT'] and $_SERVER['HTTP_X_FORWARDED_PORT']

We should check first if $_SERVER['HTTP_X_FORWARDED_PORT'] is available and use this instead of $_SERVER['SERVER_PORT']

$config['base_url'] =
( ( ( empty($_SERVER['HTTP_X_FORWARDED_PORT']) ? $_SERVER['SERVER_PORT'] : $_SERVER['HTTP_X_FORWARDED_PORT'] ) == 443 ? 'https' : 'http') . "://" . $_SERVER['HTTP_HOST'] )
. str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']) ;

tested this on our linux server...

---

btw, it's based on skyler's answer before which was.

$config['base_url'] = ($_SERVER['SERVER_PORT'] == 443 ? 'https' : 'http') . "://{$_SERVER['HTTP_HOST']}/";

Answer 8

the solution that came to my mind is to use str_replace() like so

$base_url_str = base_url(); 
$secure_base_url = str_replace("http","https",$base_url_str );

whenever I need a secure location , i use $secure_base_url instead of base_url(), so let's say your base_url() is http://www.example.com then $secure_base_url will be https://www.example.com

Answer 9

another question is similar to this

you can use a protocol-relative url which will keep persistence in the linking in CI.

in your config.php instead of:

$config['base_url'] = 'http://example.com/';

put;

$config['base_url'] = '//example.com/';

information about protocol-relative links here .

Answer 10

Here's a good solution. http://sajjadhossain.com/2008/10/27/ssl-https-urls-and-codeigniter/