I achieved this using a component called SSL - I can't remember where I got it
from, but I am sure a search will turn it up. I had to alter it a bit as the
server I used it on had all sorts of edge servers and so on, but here's my
final implementation. The cool thing is that you have a single array in
app_controller that determines which controllers and actions are SSLed. Hope it
helps...
app_controller.php:
var $components = array(
'Security',
...
'Secured.Ssl' => array(
'secured' => array(
'orders' => '*',
'order_notes' => '*',
'order_items' => '*',
'users' => '*',
'questionnaires' => '*',
'customers' => '*'
)
)
...
}
ssl.php (in components)
<?php
class SslComponent extends Object {
public $secured = array();
public $https = false;
public $autoRedirect = true;
public function initialize(&$controller, $settings = array()) {
$this->controller = $controller;
$this->_set($settings);
if ( $_SERVER['SERVER_ADDR'] == '192.0.192.1' || env('HTTPS')
== 1 )
{
$this->https = true;
}
if ($this->autoRedirect === true) {
$secured = $this->ssled($this->controller->params);
if ($secured && !$this->https) {
$this->forceSSL();
}
elseif (!$secured && $this->https) {
$this->forceNoSSL();
}
}
}
public function ssled($params) {
if (!array_key_exists($params['controller'], $this->secured)) {
return false;
}
$actions = (array) $this->secured[$params['controller']];
if ($actions === array('*')) {
return true;
}
return (in_array($params['action'], $actions));
}
public function forceSSL() {
$server = env('SERVER_NAME');
$this->controller->redirect("https://$server{$this->controller->here}");
}
public function forceNoSSL() {
$server = env('SERVER_NAME');
$this->controller->redirect("http://$server{$this->controller->here}");
}
}
?>
Jeremy Burns
Class Outfit
[email protected]
http://www.classoutfit.com
On 12 Mar 2011, at 05:33, Krissy Masters wrote:
> I am only starting in on SSL and getting nowhere.
>
> Attempting to secure 2 actions to start (will secure entire backend IF I can
> get these running first)
>
> Users Controller:
>
> public function beforeFilter() {
> parent::beforeFilter();
> $this->Auth->allowedActions = array( 'login', 'logout', 'register');
> $this->Auth->fields = array( 'username' => 'email', 'password' =>
> 'security' );
> $this->Security->blackHoleCallback = 'forceSSL';
> $this->Security->requireSecure( 'login', 'register');
> //$this->Security->requireSecure( array('login', 'register'));
> $this->Auth->autoRedirect = false;
> }
>
> App Controller:
>
> Has Security in $component array
>
> function forceSSL() {
> $this->redirect('https://' . $_SERVER['SERVER_NAME'] .
> $this->here);
> }
>
> All I get is infinite never ending loop browser message.
>
> Can anyone help as this is just the basics as the cookbook points out and
> still im getting nowhere.
>
> Thanks,
>
> K
>
> --
> Our newest site for the community: CakePHP Video Tutorials
> http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help
> others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> [email protected] For more options, visit this group at
> http://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others
with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
