Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

How to implement a secure form on an SS site?


Reply


3 Posts   414 Views

Avatar
vwd

Community Member, 160 Posts

29 March 2012 at 8:25pm

Hi,

How would you go about implementing a 'secure' form (SSL) on a SilverStripe site? The form deals with sensitive data and requires SSL for this form.

Is forceSSL() the only way, and are there any examples on how to use forceSSL()?

Thank you.

VWD.

Avatar
swaiba

Forum Moderator, 1805 Posts

4 April 2012 at 5:31am

I use a couple of functions that based on "logic" are called from within the Page_Controller init method ...

   public static function ForceSSL(){
      if((Director::protocol() != "https://")) { // echo 'REDIRECTING'; die();
$destURL = str_replace('http:', 'https:', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1><p>Please <a href=\"$destURL\">click here</a>");
}
   }

   public static function ForceNoneSSL(){
      if(Director::protocol() != "http://") {
   $destURL = str_replace('https:', 'http:', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1><p>Please <a href=\"$destURL\">click here</a>");
}
   }

Avatar
swaiba

Forum Moderator, 1805 Posts

4 April 2012 at 5:33am

Also to contridict Devlin you can use a single installation (of silverstipe) and swtich between the two retaining you session (based on using plesk and checking a couple of boxes). I was initially down hearted to hear that the session would be destroied on switching between the too and I'd need two installations.