Jump to:

23013 Posts in 11540 Topics by 2825 members

General Questions

SilverStripe Forums » General Questions » Silverstripe Documentation

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 2017 Views
  • Henry24
    Avatar
    Community Member
    9 Posts

    Silverstripe Documentation Link to this post

    I've been searching through the forums to find information on SSL and how to force it for certain pages (including the admin pages) but every time i come across a link none of them work. For example: http://doc.silverstripe.org/ssl

    Is there something wrong with the documentation? If i do a search on the documentation for SSL, all I get is changelogs

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Silverstripe Documentation Link to this post

    We're recently updated the wiki so links have been broken though even on the old wiki that page didn't exist - http://doc.silverstripe.org/old/ssl so not sure where those links are.

    What specifically did you have questions about for SSL? basically the only couple functions related to ssl directly are Director::forceSSL() and Director::forceWWW()

  • Henry24
    Avatar
    Community Member
    9 Posts

    Re: Silverstripe Documentation Link to this post

    Hi,

    I'm looking to force ssl for specific pages rather than the whole site (i.e. my login page)

    It seems like there use to be a guide on how to create a page with SSL enabled, but every time I click a link it goes to a broken page

    for example

    http://www.silverstripe.org/general-questions/show/13143

    that SSL page seems to have a tutorial but it's not there anymore

    cheers

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Silverstripe Documentation Link to this post

    It seems like there use to be a guide on how to create a page with SSL enabled, but every time I click a link it goes to a broken page

    There was a guide once upon a time but it was removed as it was short, imprecise and out of date. You may be able to find it by trawling through online caches of that page but I couldn't find a backup of it myself.

  • Willr
    Avatar
    Forum Moderator
    5462 Posts

    Re: Silverstripe Documentation Link to this post

    An example which may help you is online - http://snipplr.com/view/27191/silverstripe-ssl-switching-by-statics/ but also play around with Director::forceSSL() which will do something similar to that method.

  • Henry24
    Avatar
    Community Member
    9 Posts

    Re: Silverstripe Documentation Link to this post

    Hi,

    Thanks for the replies. ive been fiddling with the director::forceSSL() and Ive come up with this

    $force_ssl = array("/secure-page/");
    $current_url = $_SERVER['REQUEST_URI'];

    if (in_array($current_url,$force_ssl)) {
    Director::forceSSL();
    } else {
    Director::forceWWW();//force it back to non-SSL
    }

    Unfortunately it only half works. All pages are non-SSL until i go to the secure-page, but if i navigate away from it, the SSL is not switched off. the forceWWW doesn't seem to turn it off (it probably wasn't meant to be used for this anyway??)

    The only thing left now is to have the else part fixed so that once I navigate away from the SSL page, it will return to non-SSL

    Any ideas?

    cheers

  • Henry24
    Avatar
    Community Member
    9 Posts

    Re: Silverstripe Documentation Link to this post

    Ok Found the solution and has been tested, this should do the trick:

    //force SSL
    $force_ssl = array("/secure-page-1/","/secure-page-2/");
    $current_url = $_SERVER['REQUEST_URI'];
    if (in_array($current_url,$force_ssl)) {
    Director::forceSSL();
    } elseif ($_SERVER['HTTPS']=="on"){
    $destURL = str_replace('https','http', Director::absoluteURL($_SERVER['REQUEST_URI']));
    header("Location: $destURL", true, 301);
       die('<h1>Your browser is not accepting header redirects</h1><p>Please <a href="'.$destURL.'">click here</a>');
    }

    I just put this directly in to my _config.php page (probably not a good idea), but adding pages in to the force_ssl array will put those pages in to SSL, once you navigate away from the pages in the array it will redirect back to a non-SSL protected page.

    2017 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.