How to Have Codeigniter Load Specific Pages Using Ssl

How can I have CodeIgniter load specific pages using SSL?

There are few ways to tackle this.

Option 1:

I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to:

$config['base_url'] = "http://www.yoursite.com/"; 

or

$config['base_url'] = "https://www.yoursite.com/";

Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site:

RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder

Option 2:

Send everything to SSL and keep all your code in one folder

/system/application/config/config.php, set your page to:

$config['base_url'] = "https://www.yoursite.com/";

Other Options

There are some more hacky ways to do this with header() redirects, etc. but I don't think you want to maintain different code bases for this option. I don't recommend this but you could do something like:

$config['base_url'] = “http://” . $_SERVER['http_host'] . “/”;

How can I have CodeIgniter load specific pages using SSL?

There are few ways to tackle this.

Option 1:

I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to:

$config['base_url'] = "http://www.yoursite.com/"; 

or

$config['base_url'] = "https://www.yoursite.com/";

Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site:

RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder

Option 2:

Send everything to SSL and keep all your code in one folder

/system/application/config/config.php, set your page to:

$config['base_url'] = "https://www.yoursite.com/";

Other Options

There are some more hacky ways to do this with header() redirects, etc. but I don't think you want to maintain different code bases for this option. I don't recommend this but you could do something like:

$config['base_url'] = “http://” . $_SERVER['http_host'] . “/”;

CodeIgniter SSL

SSL is related to your server. Not to your server side scripting software, i.e. php.

So, you should be looking for ssl for your server software.

Now, you have two options:

1. If you run in a local intranet, you could use software like xampp which by default provides https functionality for apache through self signed ssl certificate.

2. If you are using a hosting account, you should get a signed ssl certificate.

And ofcourse the setting in codeigniter, which you specified must be set to actually make use of the https.

Forcing SSL in codeigniter with a helper

I answered a similar question here: https://stackoverflow.com/questions/1500527/how-to-use-ssl-with-codeigniter/1500558#1500558

But, in a nutshell:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder
</IfModule>

codeigniter folder structure with SSL

OK the best way to split things up the way you want, would be to:

1. Set up your CodeIgniter app under a folder, say /var/www and ensure everything is working as you want.
2. Set the base url for the site under the config.php of CodeIgniter to just "/".
3. Create an Apache virtual host for the secure portion of the site, listening to requests on port 443 or whatever. Install your certificate and so on. http://www.namecheap.com are good for certs. Set up the web root as the CodeIgniter folder, e.g. /var/www.
4. Create a further Apache virtual host, pointing to the same directory e.g. /var/www for the unsecure version of the website.

You will now, all being well, at this stage be able to access the entire site using either https or standard http. I think you mentioned being able to take things a step further by only allowing access to certain controllers via HTTPS and certain unsecure. What I would do for this is the following.

1. Create a CodeIgniter library, call it say Ssl.php, under your application/libraries folder. Put in the following code:

class Ssl {

    public function require()
    {
        // Is the current request method secure, via SSL?
        if ( ! isset($_SERVER['https']) )
        {
            // No. Do something here, display an error, redirect... up to you
            show_error("This resource must be accessed through an SSL encrypted connection.");
        }
    }

}

Now, in your application controllers, simply load the library the usual way $this->load->library('ssl') and for any controller method that you wish to require an SSL connection for, simply call the $this->ssl->require() method before any execution starts.

You could even go a step further and drop that method call to require() in a class controller __construct() function, or even an entire new controller that you may wish to extend from.

I hope this helps in some way.

HTTPS .htaccess on Codeigniter How to Force SSL?

This can all be done solely through the .htaccess file. You need to check the %{HTTPS} variable. Altering the .htaccess you provided, here is how you would redirect to https :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>

If you need to redirect to www. as well, do that redirect first like so :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>

Note : Only use RewriteBase / if codeigniter is installed at the root directory of the domain.

Also, one thing that is interesting about your existing .htaccess file is RewriteRule (.+) index.php?p=$1 [QSA,L]. I've usually seen it setup as RewriteRule ^(.*)$ index.php?/$1 [L,QSA]. I haven't seen the p=$1 portion before. However, if it's working that way don't mess with it.

How do I make the login and registration to be in ssl mode?

I had the same problem. In my case, I had to use SSL in the control panel only.

I solved this problem by rewriting the URL helper:

function base_url($flag = true)
{
    $CI = CI_Controller::get_instance();
    if (strpos(current_url(), '/cp/') and $flag) {
        return str_ireplace('http://', 'https://', $CI->config->slash_item('base_url')).'index.php/';
    }
    return $CI->config->slash_item('base_url');
}

In this case '/cp/' means "control panel". I was forced to do it this way because other ways (like adding secure_base_url to config.php or different SSL helpers) didn't work for me.

The additional $flag parameter is for images, CSS and JS files which should be loaded in the control panel. Use base_url(false) in these cases as https://www.example.com/**index.php**/image.png is a wrong address for the image.png file).

You can do the same thing for your website.

Hope this helps.

---

Related Topics