Raza Mehdi's Blog

How to implement SSL in Zend Framework?

by on Jun.21, 2011, under Zend Framework

Hi guys!

At work, i was working on an e-commerce application in Zend Framework. I had to implement SSL on login, cart and checkout pages. While searching on the task, i found the following post on stackoverflow.com. This implements SSL on specific urls of your application. I am gonna assume that you have a working zend framework application configured.So, if you want to have SSL enabled for the login page of your application:

First, enter the following code in your ssl.ini file. We will parse it later through the Bootstrap.php file.


ssl.modules.default.require_ssl = true  //-> entire module requires SSL
ssl.modules.default.Index.require_ssl = true  //-> entire controller requires SSL
ssl.modules.default.Index.login.require_ssl = true  //-> single action requires SSL

Next create a file Ssl.php in library/Application/Controller/Plugin folder. In the file, write the following code:

class Application_Controller_Plugin_Ssl extends Zend_Controller_Plugin_Abstract
{

 public function preDispatch ( Zend_Controller_Request_Abstract $request )
 {

 $shouldSecureUrl = false;

 //get the config settings for SSL
 $options = new Zend_Config_Ini(APPLICATION_PATH.'/configs/ssl.ini');
 $options = $options->ssl;

 //if config is empty, exit
 if (!is_object($options))
 return;

 //simpler to use
 $options = $options->toArray();

 //only use it production environment
 if ( APPLICATION_ENV == 'production' )
 {

 if (

 ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] )  ||
 ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] )  ||
 ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )

 )
 {

 $shouldSecureUrl = true;

 }

 if ( $shouldSecureUrl )
 {

 $this->_secureUrl($request);

 }
 }
 }

 protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
 {

 $server = $request->getServer();
 $hostname = $server['HTTP_HOST'];

 if ( ! $request->isSecure() )
 {
 $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
 $request->getPathInfo();

 $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
 $redirector->setGoToUrl($url);
 $redirector->redirectAndExit();
 }
 }
}

Now, in the Bootstrap.php file, add a function called _initPlugins() and add the following code:

$frontController = Zend_Controller_Front::getInstance();
$frontController->registerPlugin( new Application_Controller_Plugin_Ssl());
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks

  • http://www.facebook.com/mickael.poulachon Mickaël Poulachon

    Hi , that work pretty good , but how i can come back to http url ?
    exemple => i want connexion page in https , but if i click on homepage i want back in http mode , i trying to make function _Unsecure() with the same paramter but i replace :

    $url = Zend_Controller_Request_Http::SCHEME_HTTPS . “://” . $hostname .
    $request->getPathInfo();

    by

    $url = Zend_Controller_Request_Http::SCHEME_HTTP . “://” . $hostname .
    $request->getPathInfo();

    but i have infinity loop

    best regard

  • http://twitter.com/srmklive Raza Mehdi

    Hi Michael. simply refer to the above ssl.ini file. Suppose, you want the login action of index controller to work in HTTPS mode, and the rest in HTTP mode. Write the following line in your SSL.ini file:

    ssl.modules.default.Index.login.require_ssl = true

    Now edit the above mentioned Ssl.php file, and edit the code from line 24 to 35 as:

    if (
    ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )
    )
    {

    $shouldSecureUrl = true;

    }

    The above changes in the code, will let you run the index/login page in HTTPS and the rest in HTTP mode. Hope that helps.

    Best Regards,
    Raza Mehdi

  • http://www.facebook.com/mickael.poulachon Mickaël Poulachon

    Yes i undestand that ^^
    but i want the plugin , redirect on http when in ssl.ini the parameter is :
    ssl.modules.default.Index.faq.require_ssl = false ( for example )

    but i don’t understand why if i trying to duplicate the function _secureUrl and modify only Zend_Controller_Request_Http::SCHEME_HTTPS to Zend_Controller_Request_Http::SCHEME_HTTP he make infinite loops ^^

    thank’s for your fast reply on my first post :)

  • http://twitter.com/srmklive Raza Mehdi

    Hi Michael,

    Suppose i have the following configuration in my ssl.ini file:

    ssl.modules.default.index.require_ssl = true
    ssl.modules.default.index.faq.require_ssl = false

    Now in the Ssl.php file write:

    if(
    isset($options['modules'][$request->module][$request->controller]['require_ssl']) && ($options['modules'][$request->module][$request->controller]['require_ssl'])
    ) {
    $shouldSecureUrl = true;
    }

    if(
    isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && !($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
    ) {
    $shouldSecureUrl = false;
    }

    $this->_setupUrls($request,$shouldSecureUrl);

    In the _setupUrls function write:

    protected function _setupUrls ( Zend_Controller_Request_Abstract $request,$secure_url )
    {

    $server = $request->getServer();
    $hostname = $server['HTTP_HOST'];

    if ($secure_url) {
    $url = Zend_Controller_Request_Http::SCHEME_HTTPS;
    } else {
    $url = Zend_Controller_Request_Http::SCHEME_HTTP;
    }

    $url .= “://” . $hostname . $request->getPathInfo();

    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(‘redirector’);
    $redirector->setGoToUrl($url);
    $redirector->redirectAndExit();
    }

    Check and see whether it works.

  • Anonymous

    Hi Michael,

    Suppose i have the following configuration in my ssl.ini file:

    ssl.modules.default.index.require_ssl = true
    ssl.modules.default.index.faq.require_ssl = false

    Now in the Ssl.php file write:

    if(
    isset($options['modules'][$request->module][$request->controller]['require_ssl']) && ($options['modules'][$request->module][$request->controller]['require_ssl'])
    ) {
    $shouldSecureUrl = true;
    }

    if(
    isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && !($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
    ) {
    $shouldSecureUrl = false;
    }

    if(empty($shouldSecureUrl))
    $shouldSecureUrl = false;

    $this->_setupUrls($request,$shouldSecureUrl);

    I have renamed the _secureUrl function to _setupUrls:

    protected function _setupUrls ( Zend_Controller_Request_Abstract $request,$secure_url) {
    $server = $request->getServer();
    $hostname = $server['HTTP_HOST'];

    if($request->isSecure()) {
    if(!$secure_url) {
    $url = Zend_Controller_Request_Http::SCHEME_HTTP;
    $url .= “://” . $hostname . $request->getPathInfo();

    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(‘redirector’);
    $redirector->setGoToUrl($url);
    $redirector->redirectAndExit();
    }
    } else {
    if($secure_url) {
    $url = Zend_Controller_Request_Http::SCHEME_HTTPS;
    $url .= “://” . $hostname . $request->getPathInfo();

    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(‘redirector’);
    $redirector->setGoToUrl($url);
    $redirector->redirectAndExit();
    }
    }
    }

    Check and see whether it works.

  • http://twitter.com/srmklive Raza Mehdi

    Hi Michael,

    Suppose i have the following configuration in my ssl.ini file:

    ssl.modules.default.index.require_ssl = true
    ssl.modules.default.index.faq.require_ssl = false

    Now in the Ssl.php file write:

    if(
    isset($options['modules'][$request->module][$request->controller]['require_ssl']) && ($options['modules'][$request->module][$request->controller]['require_ssl'])
    ) {
    $shouldSecureUrl = true;
    }

    if(
    isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && !($options['modules'][$request->module][$request->controller][$request->action]['require_ssl'])
    ) {
    $shouldSecureUrl = false;
    }

    if(empty($shouldSecureUrl))
    $shouldSecureUrl = false;

    $this->_setupUrls($request,$shouldSecureUrl);

    I have renamed the _secureUrl function to _setupUrls:

    protected function _setupUrls ( Zend_Controller_Request_Abstract $request,$secure_url) {
    $server = $request->getServer();
    $hostname = $server['HTTP_HOST'];

    if($request->isSecure()) {
    if(!$secure_url) {
    $url = Zend_Controller_Request_Http::SCHEME_HTTP;
    $url .= “://” . $hostname . $request->getPathInfo();

    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(‘redirector’);
    $redirector->setGoToUrl($url);
    $redirector->redirectAndExit();
    }
    } else {
    if($secure_url) {
    $url = Zend_Controller_Request_Http::SCHEME_HTTPS;
    $url .= “://” . $hostname . $request->getPathInfo();

    $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(‘redirector’);
    $redirector->setGoToUrl($url);
    $redirector->redirectAndExit();
    }
    }
    }

    Check and see whether it works.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...

Archives

All entries, chronologically...