Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

We've moved the forum!

Please use forum.silverstripe.org for any new questions (announcement).
The forum archive will stick around, but will be read only.

You can also use our Slack channel or StackOverflow to ask for help.
Check out our community overview for more options to contribute.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Silverstripe Documentation


Go to End


7 Posts   6441 Views

Avatar
Henry24

Community Member, 9 Posts

13 May 2011 at 2:32pm

I've been searching through the forums to find information on SSL and how to force it for certain pages (including the admin pages) but every time i come across a link none of them work. For example: http://doc.silverstripe.org/ssl

Is there something wrong with the documentation? If i do a search on the documentation for SSL, all I get is changelogs

Avatar
Willr

Forum Moderator, 5523 Posts

13 May 2011 at 5:08pm

We're recently updated the wiki so links have been broken though even on the old wiki that page didn't exist - http://doc.silverstripe.org/old/ssl so not sure where those links are.

What specifically did you have questions about for SSL? basically the only couple functions related to ssl directly are Director::forceSSL() and Director::forceWWW()

Avatar
Henry24

Community Member, 9 Posts

16 May 2011 at 1:11pm

Hi,

I'm looking to force ssl for specific pages rather than the whole site (i.e. my login page)

It seems like there use to be a guide on how to create a page with SSL enabled, but every time I click a link it goes to a broken page

for example

http://www.silverstripe.org/general-questions/show/13143

that SSL page seems to have a tutorial but it's not there anymore

cheers

Avatar
Willr

Forum Moderator, 5523 Posts

16 May 2011 at 2:28pm

It seems like there use to be a guide on how to create a page with SSL enabled, but every time I click a link it goes to a broken page

There was a guide once upon a time but it was removed as it was short, imprecise and out of date. You may be able to find it by trawling through online caches of that page but I couldn't find a backup of it myself.

Avatar
Willr

Forum Moderator, 5523 Posts

16 May 2011 at 4:24pm

Edited: 16/05/2011 4:24pm

An example which may help you is online - http://snipplr.com/view/27191/silverstripe-ssl-switching-by-statics/ but also play around with Director::forceSSL() which will do something similar to that method.

Avatar
Henry24

Community Member, 9 Posts

19 May 2011 at 2:48pm

Hi,

Thanks for the replies. ive been fiddling with the director::forceSSL() and Ive come up with this

$force_ssl = array("/secure-page/");
$current_url = $_SERVER['REQUEST_URI'];

if (in_array($current_url,$force_ssl)) {
    Director::forceSSL();
} else {
    Director::forceWWW();//force it back to non-SSL
}

Unfortunately it only half works. All pages are non-SSL until i go to the secure-page, but if i navigate away from it, the SSL is not switched off. the forceWWW doesn't seem to turn it off (it probably wasn't meant to be used for this anyway??)

The only thing left now is to have the else part fixed so that once I navigate away from the SSL page, it will return to non-SSL

Any ideas?

cheers

Avatar
Henry24

Community Member, 9 Posts

19 May 2011 at 3:12pm

Edited: 19/05/2011 3:12pm

Ok Found the solution and has been tested, this should do the trick:

//force SSL
$force_ssl = array("/secure-page-1/","/secure-page-2/");
$current_url = $_SERVER['REQUEST_URI'];
if (in_array($current_url,$force_ssl)) {
    Director::forceSSL();
} elseif ($_SERVER['HTTPS']=="on"){
    $destURL = str_replace('https','http', Director::absoluteURL($_SERVER['REQUEST_URI']));
    header("Location: $destURL", true, 301);
	die('<h1>Your browser is not accepting header redirects</h1><p>Please <a href="'.$destURL.'">click here</a>');
}

I just put this directly in to my _config.php page (probably not a good idea), but adding pages in to the force_ssl array will put those pages in to SSL, once you navigate away from the pages in the array it will redirect back to a non-SSL protected page.