CakePHP HTTPS Secure payment form

前端 未结 2 1227
生来不讨喜
生来不讨喜 2021-02-11 08:47

Using CakePHP 1.3 we have a booking system for hotel rooms. A check-availability form should bring the user to a secure payment page (https://secure.domain.com/bookings/payment)

2条回答
  •  孤街浪徒
    2021-02-11 09:37

    I used the example from http://techno-geeks.org/2009/03/using-the-security-component-in-cakephp-for-ssl/ but found it problematic. I ended up adding the following to my app_controller.php.

    The code below redirects HTTPS to www.example.com and HTTP to example.com. If a user is logged in (see $loggedUser), it forces HTTPS for every connection.

    // Pages requiring a secure connection.
    $secureItems = array();
    
    // beforeFilter
    function beforeFilter() {
        // Your logic...    
        $this->__checkSSL();
    }
    
    /**
     * Check SSL connection.
     */
    function __checkSSL() {
        /** Make sure we are secure when we need to be! **/
        if (empty($this->loggedUser)) {
            if (in_array($this->action, $this->secureItems) && !env('HTTPS')) {
                $this->__forceSSL();
            } 
    
            if (!in_array($this->action, $this->secureItems) && env('HTTPS')) {
                $this->__unforceSSL();
            }
        } else {
            // Always force HTTPS if user is logged in.
            if (!env('HTTPS')) {
                $this->__forceSSL();
            }
        }
    }
    
    /**
     * Redirect to a secure connection
     * @return unknown_type
     */
    function __forceSSL() { 
        if (strstr(env('SERVER_NAME'), 'www.')) {
            $this->redirect('https://' . env('SERVER_NAME') . $this->here);
        } else {
            $this->redirect('https://www.' . env('SERVER_NAME') . $this->here); 
        }
    }
    
    /**
     * Redirect to an unsecure connection
     * @return unknown_type
     */
    function __unforceSSL() {
        if (strstr(env('SERVER_NAME'), 'www.')) {
            $server = substr(env('SERVER_NAME'), 4);
            $this->redirect('http://' . $server . $this->here);
        } else {
            $this->redirect('http://' . env('SERVER_NAME') . $this->here);  
        }
    }
    

提交回复
热议问题