Actually this has nothing to do with hacking, using PHP to redirect to SSL
URLs is a very good way to do it.
If you want to force SSL for a few pages only PHP is the best way to do it
as the code can be modified easily, if your whole website requires SSL the
Apache configuration would be the recommended way to do this.
On Sat, Mar 22, 2008 at 5:36 PM, photo312 <[EMAIL PROTECTED]> wrote:
>
>
> Thank you all for your replies. May I ask why someone said that hacking
> this
> in PHP is not a good idea?
> I have a "signup", "login" and "manage" pages/controllers that need to
> work
> under SSL, but other controllers over HTTP. I see no other way to
> implement
> this but to Hack this in PHP. Why is this not good?
>
>
>
>
> Simon Mundy wrote:
> >
> > If it helps, here's a plugin I made to keep your controllers more tidy
> > (assuming you're using the Zend Framework MVC) and also retains the
> > current URI
> >
> > Just add this in your bootstrap:-
> >
> > $front = Zend_Controller_Front::getInstance();
> > ...stuff...
> > $front->registerPlugin(new MyApp_Controller_Plugin_Ssl(true));
> >
> >
> > ...and create this in your library structure for your app (assuming a
> > namespace of MyApp)
> >
> > class MyApp_Controller_Plugin_Ssl extends
> > Zend_Controller_Plugin_Abstract
> > {
> > protected $_ssl;
> >
> > public function __construct($enabled = true)
> > {
> > $this->_ssl = (BOOL) $enabled;
> > }
> >
> > public function preDispatch($action)
> > {
> > if ($this->_ssl)
> > if (!isset($_SERVER['HTTPS']) ||
> > strtolower($_SERVER['HTTPS']) != 'on') {
> > header('Location: https://' . $_SERVER['SERVER_NAME']
> > . $_SERVER['REQUEST_URI']);
> > exit;
> > }
> > }
> > return $action;
> > }
> > }
> >
> > HTH!
> >
> >> The SSL forcing can easily be created with the following code:
> >>
> >> <?php
> >> if ( !isset($_SERVER['HTTPS']) ) header('Location:
> >> https://www.yourdomain.com' <https://www.yourdomain.com%27>)
> >> ;
> >> ?>
> >>
> >> If you include this code at the beginning of your page this will
> >> force a SSL connection for that page.
> >>
> >> On Sat, Mar 22, 2008 at 6:44 AM, photo312 <[EMAIL PROTECTED]> wrote:
> >>
> >> You are correct. What I meant is - is there any functionality to force
> >> "https" over "http" or make only certain models or actions work
> >> only over
> >> SSL connections?
> >>
> >>
> >>
> >> Karl Katzke wrote:
> >> >
> >> > SSL is a function of your web *server*, such as apache or IIS, not
> >> of Zend
> >> > Framework.
> >> >
> >> > On Sat, Mar 22, 2008 at 12:29 AM, photo312 <[EMAIL PROTECTED]>
> >> wrote:
> >> >
> >> >>
> >> >> I would like to implement SSL with Zend Framework. Is there some
> >> built in
> >> >> code to handle this properly?
> >> >> --
> >> >> View this message in context:
> >> >>
> >>
> http://www.nabble.com/Implementing-SSL-with-Zend-Framework-tp16216607s16154p16216607.html
> >> >> Sent from the Zend Framework mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Implementing-SSL-with-Zend-Framework-tp16216607s16154p16216688.html
> >> Sent from the Zend Framework mailing list archive at Nabble.com.
> >>
> >>
> >>
> >>
> >> --
> >> Isaak Malik
> >> Web Developer
> >> [EMAIL PROTECTED]
> >
> > --
> >
> > Simon Mundy | Director | PEPTOLAB
> >
> > """ " "" """""" "" "" """"""" " "" """"" " """"" " """""" "" "
> >
> > 202/258 Flinders Lane | Melbourne | Victoria | Australia | 3000
> > Voice +61 (0) 3 9654 4324 | Mobile 0438 046 061 | Fax +61 (0) 3 9654
> > 4124
> > http://www.peptolab.com
> >
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Implementing-SSL-with-Zend-Framework-tp16216607s16154p16224266.html
> Sent from the Zend Framework mailing list archive at Nabble.com.
>
>
--
Isaak Malik
Web Developer
[EMAIL PROTECTED]
