~ Working with SSL in Codeigniter ~
Wednesday, March 11th, 2009
For the best part of 3 months I’ve been trying to find an elegant way to switch between http:// and https:// for certain pages. I crawled the forums and found a number of solutions. The first was to use the .htaccess file and mod_rewrite to rewrite the url. This solution was fine on one server but I had to switch recently and suddenly it was failing miserably for no reason that I could determine, so I was forced to find another way. As always, finding another way is a _good_ thing, and the way I found is nicer, easier and much more dynamic.
Create a file in application/helper called ssl_helper.php
if (!function_exists('force_ssl'))
{
function force_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('http://', 'https://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443)
{
redirect($CI->uri->uri_string());
}
}
}
function remove_ssl()
{
$CI =& get_instance();
$CI->config->config['base_url'] =
str_replace('https://', 'http://',
$CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 80)
{
redirect($CI->uri->uri_string());
}
}Load the helper, then in the constructor for any controller that requires ssl, simply insert:
force_ssl();In every controller that you don’t want to have ssl put:
if (function_exists('force_ssl')) remove_ssl();And there you go. I found the force_ssl function on the Codeigniter forum, so all credit goes to the original poster. All I did was provide a function to switch back.
13 Responses
June 9th, 2009 at 12:35 pm
This is a great solution. It works perfectly. I hope they build something similar into future releases of Codeigniter as standard.
June 18th, 2009 at 12:01 pm
Finally my search towards the pure dynamic Working with SSL in Codeigniter got the right path .you are the one that have the great solutions. Hope to get on future……………
May 14th, 2010 at 10:08 pm
Great solution and way easier than the .htaccess mess. Thanks!
March 16th, 2011 at 11:51 pm
WooHoo. Nice solution. I have been doing the Mod Rewrite up until now, but have just switched over to this. Awesome!!
May 24th, 2011 at 12:37 am
Awesome solution. Been looking for an elegant one for a couple hours now. Sexy sexy.
June 6th, 2011 at 8:41 pm
Nigel, nice job on this. A very elegant solution and it saved my butt today!
June 15th, 2011 at 6:26 pm
Thank you Nigel. This is a problem I’ve been toying with for a while and finally sat down to solve it. This solution is the quickest, easiest and most elegant I have seen yet – I can’t see a downside to it.
September 30th, 2011 at 9:27 am
Nice job!!
Two things you should mention are
1. remove .htaccess files from your document directory hierarchy. Or use carefully. They’ll make conflicts in certain conditions.
2. set ‘AllowOverride’ to ‘All’ in both the normal(http) and ssl configurations.
They’re worth mentioning at least for newbies like me.
September 30th, 2011 at 9:51 am
And.. if you wanna remove the ‘index.php’ part automatically from requested URI, the ‘.htaccess’ file is still required.
I put the following contents in the xx/www/.htaccess file.
————–
RewriteEngine on
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
————–
November 2nd, 2011 at 5:17 pm
TEN POINTS
November 28th, 2011 at 6:01 pm
Thank you. This is great solution i search for.
December 2nd, 2011 at 2:44 pm
Thank you so much. This is very elegant and is going to save me a ton of time.
January 25th, 2012 at 4:03 am
Nigel , thanks for your solution.
i write this solution in my book.