How can I have CodeIgniter load specific pages using SSL?

php apache ssl codeigniter https

42,869

Solution 1

There are few ways to tackle this.

Option 1:

I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to:

$config['base_url'] = "http://www.yoursite.com/";

$config['base_url'] = "https://www.yoursite.com/";

Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site:

RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder

Option 2:

Send everything to SSL and keep all your code in one folder

/system/application/config/config.php, set your page to:

$config['base_url'] = "https://www.yoursite.com/";

Other Options

There are some more hacky ways to do this with header() redirects, etc. but I don't think you want to maintain different code bases for this option. I don't recommend this but you could do something like:

$config['base_url'] = “http://” . $_SERVER['http_host'] . “/”;

Solution 2

In application/config/config.php, set base_url to:

$config['base_url'] = ($_SERVER['SERVER_PORT'] == 443 ? 'https' : 'http') . "://{$_SERVER['HTTP_HOST']}/";

This will allow it to work on any domain, which is convenient if you test locally.

Solution 3

I put following lines in ./application/config/config.php file and it works perfectly:

$protocol = ( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) ? 'https' : 'http';
$config['base_url'] = $protocol.'://www.yoursite.com';

Solution 4

I would maintain two sets of the code and handle a forced redirect to HTTPS pages with a post_controller_constructor hook. The hook will be called before each page is rendered to check if the visitor should be redirected to HTTPS based on their current location on your site.

STEP 1

Create file: system/application/hooks/SecureAccount.php

<?php

class SecureAccount
{
    var $obj;

    //--------------------------------------------------
    //SecureAccount constructor
    function SecureAccount()
    {
        $this->obj =& get_instance();
    }

    //--------------------------------------------------
    //Redirect to https if in the account area without it
    function index()
    {
        if(empty($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] !== 'on')
        {
            $this->obj =& get_instance();
            $this->obj->load->helper(array('url', 'http'));

            $current = current_url();
            $current = parse_url($current);

            if((stripos($current['path'], "/account/") !== false))
            {
                $current['scheme'] = 'https';

                redirect(http_build_url('', $current), 'refresh');
            }
        }
    }
}
?>

STEP 2

Customize the path in the function for which areas of your site should be forced to use HTTPS.

STEP 3

Add the following to system/application/config/hooks.php

/* Force HTTPS for account area */
$hook['post_controller_constructor'] = array(
                                'class'    => 'SecureAccount',
                                'function' => 'index',
                                'filename' => 'SecureAccount.php',
                                'filepath' => 'hooks',
                                'params'   => array()
                                );

Solution 5

I can easily, I only define:

$config['base_url'] = '';

CI get base_url automaticaly =D

View more solutions

42,869

Author by

ammonkc

I'm very important. I have many leather-bound books and my apartment smells of rich mahogany.

Updated on July 09, 2022

Comments

ammonkc almost 2 years

How can I have CodeIgniter load specific pages using SSL? I have an apache2/mode_ssl server. mod_ssl uses a different document root than non-secure pages. For example, https (port 443) would serve pages out of /var/www/ssl_html/ And http (port 80) serves pages out of /var/www/html/. How would I get CodeIgniter to play nice with this setup?
ammonkc over 14 years

Thanks. I think I'm gonna go with the first option and then rewrite the url_help to handle https.
Curtis over 12 years

When providing answers you should include methods/examples in your actual answer. If your link is ever removed, your answer will become entirely useless.
prograhammer almost 11 years

I used this successfully in combination with: RewriteCond %{HTTPS} =off RewriteRule ^my-secure-url-segment https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] in my .htaccess file.
fedmich over 10 years

Didn't worked for me, $_SERVER['SERVER_PORT'] for me is 80 ; HTTP_X_FORWARDED_PORT is 443
fedmich over 10 years

The previous answers doesn't maintain script_name if CI is deployed on a subdirectory, we need to preserve this. str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['S‌CRIPT_NAME'])
f055 about 10 years

The simple answer is to set $config['base_url'] to empty string, as in =''; - CodeIgniter will autodetect everything basing on the URL. As a result, you can arbitrary open any page with or without SSL, just by typing the URL. No need to split content between ssl and non_ssl directories on your server.
Ben Dubuisson about 10 years

just FYI, this $config['base_url'] = “http://” . $_SERVER['http_host'] . “/”; is wrong, it should be $config['base_url'] = 'https://' . $_SERVER["HTTP_HOST"] . '/'; Syntax is wrong and $_SERVER["http_host"] (lower case) doesn't exist...
twistedpixel about 8 years

No longer recommended, just FYI.
2114L3 over 7 years

yeah, CI3 in the config.php it says "MUST NOT be used in production!"
Jonas WebDev over 5 years

This "tip" worked well on CI2 about 2014, I don't know for another CI versions, but I never had problems and warning :)