Raza Mehdi's Blog

Archive for June, 2011

How to implement SSL in Zend Framework?

by on Jun.21, 2011, under Zend Framework

Hi guys!

At work, i was working on an e-commerce application in Zend Framework. I had to implement SSL on login, cart and checkout pages. While searching on the task, i found the following post on stackoverflow.com. This implements SSL on specific urls of your application. I am gonna assume that you have a working zend framework application configured.So, if you want to have SSL enabled for the login page of your application:

First, enter the following code in your ssl.ini file. We will parse it later through the Bootstrap.php file.


ssl.modules.default.require_ssl = true  //-> entire module requires SSL
ssl.modules.default.Index.require_ssl = true  //-> entire controller requires SSL
ssl.modules.default.Index.login.require_ssl = true  //-> single action requires SSL

Next create a file Ssl.php in library/Application/Controller/Plugin folder. In the file, write the following code:

class Application_Controller_Plugin_Ssl extends Zend_Controller_Plugin_Abstract
{

 public function preDispatch ( Zend_Controller_Request_Abstract $request )
 {

 $shouldSecureUrl = false;

 //get the config settings for SSL
 $options = new Zend_Config_Ini(APPLICATION_PATH.'/configs/ssl.ini');
 $options = $options->ssl;

 //if config is empty, exit
 if (!is_object($options))
 return;

 //simpler to use
 $options = $options->toArray();

 //only use it production environment
 if ( APPLICATION_ENV == 'production' )
 {

 if (

 ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] )  ||
 ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] )  ||
 ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )

 )
 {

 $shouldSecureUrl = true;

 }

 if ( $shouldSecureUrl )
 {

 $this->_secureUrl($request);

 }
 }
 }

 protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
 {

 $server = $request->getServer();
 $hostname = $server['HTTP_HOST'];

 if ( ! $request->isSecure() )
 {
 $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
 $request->getPathInfo();

 $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
 $redirector->setGoToUrl($url);
 $redirector->redirectAndExit();
 }
 }
}

Now, in the Bootstrap.php file, add a function called _initPlugins() and add the following code:

$frontController = Zend_Controller_Front::getInstance();
$frontController->registerPlugin( new Application_Controller_Plugin_Ssl());
6 Comments more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...

Archives

All entries, chronologically...