I have implemented secure pages before by using a specific secure folder (eg https folder vs http folder on the server). I have started using Zend Framework and would like part
The cleanest way is to have an .ini file for the SSL config where you can enable SSL support for model/controller/action levels, like so:
Let's say you have a module/controller/action like this:
SSLModule->IndexController->testAction
## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true //-> entire module requires SSL
ssl.modules.SSLModule.Index.require_ssl = true //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true //-> single action requires SSL
You parse this either through config, or separately, and in your Bootstrap file you can include a controllerplugin, like mine here.
There are many other ways to do this, but I think you get the idea!
class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract
{
public function preDispatch ( Zend_Controller_Request_Abstract $request )
{
$shouldSecureUrl = false;
//get the config settings for SSL
$options = Application_ServiceManager::getConfig()->ssl;
//if config is empty, exit
if (!is_object($options))
return;
//simpler to use
$options = $options->toArray();
//only use it production environment
if ( APPLICATION_ENV == 'production' )
{
if (
( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] ) ||
( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )
)
{
$shouldSecureUrl = true;
}
if ( $shouldSecureUrl )
{
$this->_secureUrl($request);
}
}
}
protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
{
$server = $request->getServer();
$hostname = $server['HTTP_HOST'];
if ( ! $request->isSecure() )
{
$url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
$request->getPathInfo();
$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
$redirector->setGoToUrl($url);
$redirector->redirectAndExit();
}
}
}
I forgot to mention: to add it in your bootstrap:
$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );