moon phase

Nigel McBryde

Warmed by the Drift

~ Working with SSL in Codeigniter ~

Wednesday, March 11th, 2009

For the best part of 3 months I’ve been trying to find an elegant way to switch between http:// and https:// for certain pages. I crawled the forums and found a number of solutions. The first was to use the .htaccess file and mod_rewrite to rewrite the url. This solution was fine on one server but I had to switch recently and suddenly it was failing miserably for no reason that I could determine, so I was forced to find another way. As always, finding another way is a _good_ thing, and the way I found is nicer, easier and much more dynamic.

Create a file in application/helper called ssl_helper.php

if (!function_exists('force_ssl'))
{
    function force_ssl()
    {
        $CI =& get_instance();
        $CI->config->config['base_url'] =
                 str_replace('http://', 'https://',
                 $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] != 443)
        {
            redirect($CI->uri->uri_string());
        }
    }
}

function remove_ssl()
{
    $CI =& get_instance();
    $CI->config->config['base_url'] =
                  str_replace('https://', 'http://',
                  $CI->config->config['base_url']);
    if ($_SERVER['SERVER_PORT'] != 80)
    {
        redirect($CI->uri->uri_string());
    }
}

Load the helper, then in the constructor for any controller that requires ssl, simply insert:

force_ssl();

In every controller that you don’t want to have ssl put:

if (function_exists('force_ssl')) remove_ssl();

And there you go. I found the force_ssl function on the Codeigniter forum, so all credit goes to the original poster. All I did was provide a function to switch back.

    13 Responses

  1. Shealan Forshaw says:

    This is a great solution. It works perfectly. I hope they build something similar into future releases of Codeigniter as standard.

  2. Sailendra says:

    Finally my search towards the pure dynamic Working with SSL in Codeigniter got the right path .you are the one that have the great solutions. Hope to get on future……………

  3. Garrett St. John says:

    Great solution and way easier than the .htaccess mess. Thanks!

  4. Heath says:

    WooHoo. Nice solution. I have been doing the Mod Rewrite up until now, but have just switched over to this. Awesome!!

  5. Dan says:

    Awesome solution. Been looking for an elegant one for a couple hours now. Sexy sexy.

  6. Joseph R. B. Taylor says:

    Nigel, nice job on this. A very elegant solution and it saved my butt today!

  7. Ian Stevenson says:

    Thank you Nigel. This is a problem I’ve been toying with for a while and finally sat down to solve it. This solution is the quickest, easiest and most elegant I have seen yet – I can’t see a downside to it.

  8. Wegra says:

    Nice job!!

    Two things you should mention are
    1. remove .htaccess files from your document directory hierarchy. Or use carefully. They’ll make conflicts in certain conditions.
    2. set ‘AllowOverride’ to ‘All’ in both the normal(http) and ssl configurations.

    They’re worth mentioning at least for newbies like me. :)

  9. Wegra says:

    And.. if you wanna remove the ‘index.php’ part automatically from requested URI, the ‘.htaccess’ file is still required.

    I put the following contents in the xx/www/.htaccess file.
    ————–
    RewriteEngine on
    RewriteCond $1 !^(index\.php|resources|robots\.txt)
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1 [L,QSA]
    ————–

  10. Thaninrat says:

    Thank you. This is great solution i search for.

  11. bob says:

    Thank you so much. This is very elegant and is going to save me a ton of time.

  12. Rudy says:

    Nigel , thanks for your solution.
    i write this solution in my book.

Leave a Reply