CakePHP: Creating a route usage https (SSL connection)
July 9, 2008 54 Comments
While playing in my workspace i need to make a route which should be use a secure path. That means https (SSL connection). So after googled for while i got the idea. Basically what i need is.. when an user in my sing in page will go through via the ssl connection. After entering user name and password will validated and redirect in to another location. So usually user will go through in https protocol then again redirected into http.
Here what i did;
Well, obviously i use cake’s component
1. Create a file ssl.php into app/controllers/components/
paste this code
class SslComponent extends Object { var $components = array('RequestHandler'); var $Controller = null; function initialize(&$Controller) { $this->Controller = $Controller; } function force() { if(!$this->RequestHandler->isSSL()) { $this->Controller->redirect('https://'.$this->__url(443)); } } function unforce() { if($this->RequestHandler->isSSL()) { $this->Controller->redirect('http://'.$this->__url()); } } /**This method updated from John Isaacks**/ function __url($default_port = 80) { $port = env('SERVER_PORT') == $default_port ? '' : ':'.env('SERVER_PORT'); return env('SERVER_NAME').$port.env('REQUEST_URI'); } }
you can find it also here but i added unforce() 😉
3. Now, in my case only when user click in to sign in or lend now, I need the https connection. Thats why, in my home controller i added this beforeRender() method, but make sure you assign this Ssl component.
var $components = array( 'Ssl' ); public function beforeRender(){ $action = array( 'signin', 'lendnow' ); if( in_array( $this->params['action'] , $action ) ){ $this->Ssl->force(); }else{ $this->Ssl->unforce(); } }
So, i will create a secure connection with my apache server.
4. User now enter their user name and password and submit
5. If anyone click beside this they will have only http connection
That’s it
enjoy 😉
Nice Article 🙂
hiii rajib ..
Thanks for visiting my weblog man 😉
m appreciate ur comment
Thanks!!!!
u welcome chris 😉
nice little component!
Once thing that might also be work looking at is the “requireSecure” method of the built-in security component, which on the surface seems like it might do the same thing.
Pingback: Conexiones HTTP seguras (https) en CakePHP 1.2 | Blog cakephp en español por Hospedaxes
thanks for your share!
You welcome Nam
Hi, thanks for sharing your thoughts. While looking for info on implementing SSL in a CakePHP app, I also ran into the following article. It looks like a good solution, because it utilizes Cake’s default way of doing stuff like this. In your example, I figure you wouldn’t need to use a custom component… hope it helps.
http://techno-geeks.org/2009/03/using-the-security-component-in-cakephp-for-ssl/
Hi Jeroen,
Thanks for your comment.
If it really helps then it would be great.
enjoy 😉
I am getting this error. in the before render function.
syntax error, unexpected ‘&’
please help.
plz try now.. and let me know it works
Hi,
I used ur script url shows with https but it says unable to connect. It shows browser can not connect to server. So there is any setting I have to do for running this? In phpinfo I seen server supports for https.
Thanks,
Prashant….
Well, as far I know there is no other settings to do this. You can try form here
Hi,
This works for me but there is one problem.I created one form in cakephp, after submit of this form some hidden fields are taken this are set to some variables also some mysql queries are present after that $this->ssl->force is used. Now it looses the data from $this->data also result of mysql query not take on https. So, what can I have to do for data?
Thanks & Regards,
Prashant
hello prashant,
Well, I am not clear what you are trying to do. But I guess you should follow these simple rule. Force https before the main workflow. After done all your work then back to http. Something like when click singup->force https->do whatever you want->load data->go back to http. Another thing be careful about beforeRender(). You have to set the action link correctly. Hope this will work.
Hi ..
Good article but there is problem with session.
when any one login from HTTP connection and then visit HTTPS enabled page and again it they visit HTTP enabled connection then session will be destroy.
yes, it will. So be careful when you are switching http to https.
Thanks for you comment 😀
Hi,
At my provider place there is a map for http and https. So when I want to use https for login do I need to copy all the cakephp stuff to the https map or am I totally wrong now.
Thanks & regards,
Pieter
Hello Pieter,
Thanks for visiting my site. Well, I do not think so!
All you need to switch your server port from 80 (http) to 443 (https).
Best,
Tanveer
Hi Tanveer,
Thanks, I think I have to ask my provider to use a single directory for housing SSL and non-SSL content. Now it is separated into httpdocs and httpsdocs, which means I have to copy all the cakephp stuff into httpdocs as well httpsdocs. Do you have any other suggestion.
Regards, Pieter
Hi Pieter,
You welcome 🙂
Well, I don’t think you need to separate like that (httpdocs and httpsdocs). Please correct my assumption, you do not want to hold your visitors for a certain state like (HTTP or HTTPS) as long as they are visiting your site.
Here is an example,
1. A visitor just visit like http://www.example.com
2. In home page there is link button like ‘Log in’ -> https://www.example.com/login.php
3. So when your visitor click on ‘Log in’ it will switch to https form http.
4. User will provide credentials and after successful login it will redirect like http://www.example.com/welcome.php
Hope you got my point. 😉
Please don’t hesitate to make any comment regarding this issue.
Looking forward to hear from you.
Best,
Tanveer
Again thanks, your point is clear to me. I think my problem is that the https call is redirected to httpsdoc directory which is a physical directory at my provider place. So If I am clear then I need the CakePhp stuff in the httpsdoc directory as well. I tried to copy only the login.php into the httpsdoc but that fails. I works fine when I have all the cakephp stuff in the httpsdoc. I also called my provider and he can change the settings so that I can use a single directory for housing SSL and non-SSL content (he will charge money for this).
Regards, Pieter
Hello Piet,
I understood your setuation.
Anyway, thanks for your reply and you can knock me anytime you need 🙂 .
Best, Tan
Pingback: 2010 in review « Tanveer's Weblog
Wouldn’t it be better to make the function like:
Then in the force function it would be the same but in the unforce function you could call it like this:
$this->__url(443)
Saves duplicating a function.
Thanks for your comment 🙂
Yeah you can do that
updated from your code 🙂
thanks.
Thanks for the code, works perfectly!
Thanks for your comment 🙂
thanks, it’s work fine 🙂
ok thnaks.
Thanks for the code, I need exactly this and work fine 🙂
you welcome 🙂
Has this been tested in CakePHP 2.0?
Well, it was written when CakePHP 1.2 is in the market. So I am not sure whether it will work in 2 or not. But you can give a try. Best of luck.
Thanks for visiting.
thank you man, you saved my day 🙂
U R welcome dude 🙂
Thanks for the article, I have tried to use it on cake 1.3, but I have got this error
SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don’t have.
I guess I am doing smth wrong.
Could you, please, help me to figure out this problem ?
THanks
Hi there, You’ve done an incredible job. I’ll certainly
digg it and personally suggest to my friends. I’m sure they’ll be benefited from this site.
Thanks a lot for your comment. It inspired me more to write.
Excellent way of telling, and fastidious piece of writing to take data about my
presentation focus, which i am going to deliver in academy.
thanks!
I leave a comment whenever I like a post on a blog or I have something to contribute to the conversation. It is a result of the fire communicated in the post I looked at.
And on this post CakePHP: Creating a route usage
https (SSL connection) | Tanveer’s Weblog. I was excited enough to post a comment
😉 I actually do have 2 questions for you if
you usually do not mind. Could it be simply me or does
it appear like some of the responses appear
like coming from brain dead visitors? 😛 And, if you are
posting on additional online social sites, I’d like
to follow everything new you have to post. Could you list the complete urls of your public pages like your linkedin profile, Facebook
page or twitter feed?
I have my linkedin profile link on the right hand side. Please visit. Thanks for your comment.
What a stuff of un-ambiguity and preserveness of valuable knowledge
concerning unpredicted feelings.
Thanks!
There’s definately a great deal to know about this topic.
I really like all of the points you’ve made.
Thanks for your comment.
It’s an amazing paragraph in favor of all the web viewers; they will obtain benefit
from it I am sure.
What i do not understood is if truth be told how you’re not really a lot more smartly-preferred than you might be right now.
You are very intelligent. You understand therefore significantly
in the case of this matter, produced me in my opinion imagine it from a lot of various angles.
Its like women and men aren’t interested until it’s something to accomplish with Woman gaga!
Your personal stuffs nice. At all times handle
it up!
Hey! I could have sworn I’ve been to this site before but after checking through some of the post
I realized it’s new to me. Anyhow, I’m definitely delighted
I found it and I’ll be bookmarking and checking
back frequently!
Hey There. I found your blog using msn. This is a really well written article.
I’ll make sure to bookmark it and return to read more of your useful info.
Thanks for the post. I will definitely return.
Thanks!