How to force ssl in codeigniter?

php codeigniter ssl

44,456

Solution 1

Open config file from location application/config/config.php and enable or set hooks to true like this:

$config['enable_hooks'] = TRUE;

Then create a new file named hooks.php inside the config folder (i.e. application/config/hooks.php) and add the following code in it:

$hook['post_controller_constructor'][] = array(
    'function' => 'redirect_ssl',
    'filename' => 'ssl.php',
    'filepath' => 'hooks'
);

Now create a new directory named hooks inside the application folder (i.e. application/hooks) and then create a new file named ssl.php inside the hooks folder (i.e. application/hooks/ssl.php).

Add the following code in the ssl.php file:

function redirect_ssl() {
    $CI =& get_instance();
    $class = $CI->router->fetch_class();
    $exclude =  array('client');  // add more controller name to exclude ssl.
    if(!in_array($class,$exclude)) {
        // redirecting to ssl.
        $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] != 443) redirect($CI->uri->uri_string());
    } else {
        // redirecting with no ssl.
        $CI->config->config['base_url'] = str_replace('https://', 'http://', $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] == 443) redirect($CI->uri->uri_string());
    }
}

Solution 2

Change base_url in your config:

$config['base_url'] = 'https://www.my-site.com/';

Provide a certificate for your secure connection

Redirect incoming traffic from http to https:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

44,456

Author by

Admin

Updated on March 10, 2020

Comments

Admin about 4 years

I am using codeigniter 3. How do I force SSL connection to my web pages so that all the pages are loaded with the green padlock icon beside it?

Note: How can I do this without having to edit htaccess file ?
Tri Murvianto over 6 years

i have already trying this. but the ssl still shows not secure. why is that?
Adrian P. over 6 years

@TriMurvianto check for insecure elements on page source such as images loaded with http, scripts with full path hard coded http instead of https
DanimalReks about 5 years

This is by far the simplest and best solution IMHO. I had a site that was not behaving when I used my usual htaccess file. Turns out the original author did not explicitly set the base url.
NomanJaved over 4 years

where to add the cert file and key file in codeigniter? And how it will be accessed by c?
NomanJaved about 4 years

@fustaki Can you please elaborate step 2. Where to provide certificate in CI.
shellakkshellu about 4 years

When I run with HTTP the request body is missing
Vrushal Raut almost 4 years

This solution work in my case but make sure that in config.php set base url $config['base_url']='https://example.com' .
ggsuha over 3 years

Work! But, instead using post_controller_constructor, I use pre_controller.
Herbert Van-Vliet over 3 years

@NomanJaved: A certificate is usually setup through your web panel and the webserver (often Apache) will take care of all details; CodeIgniter usually does not have anything to do with that.