malachany/Ssl.php

## Ssl.php
<?
/**
 * SSL Redirect Custom Controller Plugin
 *
 * This plugin will allow you to redirect your users between https:// and
 * http:// and vice versa. All you have to do is add the plugin to your
 * stack and add what modules, controllers, and actions you want to have
 * SSL and thats it.
 *
 *
 * The MIT License
 * Permission is hereby granted, free of charge, to any person obtaining a
 * copy of this software and associated documentation files (the "Software"),
 * to deal in the Software without restriction, including without limitation
 * the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the Software
 * is furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @category   Zend Custom Controller Plugin
 * @author     Jerry Warren <jerry@malachany.com>
 * @link       http://tutorials.malachany.com
 */

/**
 * This plugin is based off Travis Boudreaux's plugin that I found at:
 *       http://www.kfx2.com/blog/2009/08/securing-a-url-with-zend-framework/
 *
 * After adding this plugin to your stack, all you need to do to use it is add
 * the following to your config file.
 *
 * sslplugin.settings.active = true
 * this sets the plugin as active and will continue thru the plugin
 *
 * Set SSL for modules, controllers, and actions.
 * sslplugin.module_name.controller_name.action_name.require_ssl = true
 *
 * sslplugin.admin.require_ssl = true
 * this sets the module 'admin' to require https
 *
 * sslplugin.default.checkout.require_ssl = true
 * this sets the controller 'checkout' in the module 'default' to require https
 *
 * sslplugin.default.contact.index.require_ssl = true
 * the sets the action 'index' in controller 'contact' in module 'default' to require https
 *
 * You can also set an entire group to require https and then specify a certain action or
 * controller to not require ssl
 *
 * sslplugin.default.require_ssl = true
 * sslplugin.default.aboutus.require_ssl = false
 * this sets the module 'default' to require https. Then sets the controller 'aboutus' in the
 * module 'default' to not require https
 *
 * For more information visit http://tutorials.malachany.com for the tutorial
 *
 */
class Application_Plugin_Ssl extends Zend_Controller_Plugin_Abstract
{
	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
		$options = Zend_Registry::getInstance()->get('config');

		//Check config file to see if 'sslplugin.settings.active' exists
		if (isset($options->sslplugin->settings->active)) {
			$allowPlugin = $options->sslplugin->settings->active;

			//Check config to see if 'sslplugin.settings.active' is set to true
			if($allowPlugin) {
				$module 	  = $request->module;
				$controller	  = $request->controller;
				$action 	  = $request->action;
				$server 	  = $request->getServer();
				$hostname 	  = $server['HTTP_HOST'];
				$secureUrl	  = false;
				$routeRequest = false;

				/* We check to see if the requested uri requires SSL. We will go down the line
				 * starting with Module, then Controller, and the Action. this allows us to set
				 * an entire module to require SSL, but deny one controller and action.
				 */
				 //Check module
				if(isset($options->sslplugin->$module->require_ssl))
					$secureUrl = ($options->sslplugin->$module->require_ssl) ? true : false;

				//Check Controller
				if(isset($options->sslplugin->$module->$controller->require_ssl))
					$secureUrl = ($options->sslplugin->$module->$controller->require_ssl) ? true : false;

				//Check Action
				if(isset($options->sslplugin->$module->$controller->$action->require_ssl))
					$secureUrl = ($options->sslplugin->$module->$controller->$action->require_ssl) ? true : false;

				//If the uri requires SSL, make sure its set to SSL
				//If its not supposed to be SSL, make sure its not
				if (($secureUrl & !$request->isSecure()) || (!$secureUrl & $request->isSecure())) {
					//Set to http or https and create new url
					$httpScheme = ($request->isSecure()) ?  Zend_Controller_Request_Http::SCHEME_HTTP:
															Zend_Controller_Request_Http::SCHEME_HTTPS;
					$url 		= $httpScheme . "://" . $hostname . $request->getPathInfo();

					//redirect to new url
					$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
                	$redirector->setGoToUrl($url);
                	$redirector->redirectAndExit();

				}
			}
		}
	}
}
	<?
	/**
	* SSL Redirect Custom Controller Plugin
	*
	* This plugin will allow you to redirect your users between https:// and
	* http:// and vice versa. All you have to do is add the plugin to your
	* stack and add what modules, controllers, and actions you want to have
	* SSL and thats it.
	*
	*
	* The MIT License
	* Permission is hereby granted, free of charge, to any person obtaining a
	* copy of this software and associated documentation files (the "Software"),
	* to deal in the Software without restriction, including without limitation
	* the rights to use, copy, modify, merge, publish, distribute, sublicense,
	* and/or sell copies of the Software, and to permit persons to whom the Software
	* is furnished to do so, subject to the following conditions:
	*
	* The above copyright notice and this permission notice shall be included in
	* all copies or substantial portions of the Software.
	*
	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	* THE SOFTWARE.
	*
	* @category Zend Custom Controller Plugin
	* @author Jerry Warren <jerry@malachany.com>
	* @link http://tutorials.malachany.com
	*/

	/**
	* This plugin is based off Travis Boudreaux's plugin that I found at:
	* http://www.kfx2.com/blog/2009/08/securing-a-url-with-zend-framework/
	*
	* After adding this plugin to your stack, all you need to do to use it is add
	* the following to your config file.
	*
	* sslplugin.settings.active = true
	* this sets the plugin as active and will continue thru the plugin
	*
	* Set SSL for modules, controllers, and actions.
	* sslplugin.module_name.controller_name.action_name.require_ssl = true
	*
	* sslplugin.admin.require_ssl = true
	* this sets the module 'admin' to require https
	*
	* sslplugin.default.checkout.require_ssl = true
	* this sets the controller 'checkout' in the module 'default' to require https
	*
	* sslplugin.default.contact.index.require_ssl = true
	* the sets the action 'index' in controller 'contact' in module 'default' to require https
	*
	* You can also set an entire group to require https and then specify a certain action or
	* controller to not require ssl
	*
	* sslplugin.default.require_ssl = true
	* sslplugin.default.aboutus.require_ssl = false
	* this sets the module 'default' to require https. Then sets the controller 'aboutus' in the
	* module 'default' to not require https
	*
	* For more information visit http://tutorials.malachany.com for the tutorial
	*
	*/
	class Application_Plugin_Ssl extends Zend_Controller_Plugin_Abstract
	{
	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
	$options = Zend_Registry::getInstance()->get('config');

	//Check config file to see if 'sslplugin.settings.active' exists
	if (isset($options->sslplugin->settings->active)) {
	$allowPlugin = $options->sslplugin->settings->active;

	//Check config to see if 'sslplugin.settings.active' is set to true
	if($allowPlugin) {
	$module = $request->module;
	$controller = $request->controller;
	$action = $request->action;
	$server = $request->getServer();
	$hostname = $server['HTTP_HOST'];
	$secureUrl = false;
	$routeRequest = false;

	/* We check to see if the requested uri requires SSL. We will go down the line
	* starting with Module, then Controller, and the Action. this allows us to set
	* an entire module to require SSL, but deny one controller and action.
	*/
	//Check module
	if(isset($options->sslplugin->$module->require_ssl))
	$secureUrl = ($options->sslplugin->$module->require_ssl) ? true : false;

	//Check Controller
	if(isset($options->sslplugin->$module->$controller->require_ssl))
	$secureUrl = ($options->sslplugin->$module->$controller->require_ssl) ? true : false;

	//Check Action
	if(isset($options->sslplugin->$module->$controller->$action->require_ssl))
	$secureUrl = ($options->sslplugin->$module->$controller->$action->require_ssl) ? true : false;

	//If the uri requires SSL, make sure its set to SSL
	//If its not supposed to be SSL, make sure its not
	if (($secureUrl & !$request->isSecure()) \|\| (!$secureUrl & $request->isSecure())) {
	//Set to http or https and create new url
	$httpScheme = ($request->isSecure()) ? Zend_Controller_Request_Http::SCHEME_HTTP:
	Zend_Controller_Request_Http::SCHEME_HTTPS;
	$url = $httpScheme . "://" . $hostname . $request->getPathInfo();

	//redirect to new url
	$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');
	$redirector->setGoToUrl($url);
	$redirector->redirectAndExit();

	}
	}
	}
	}
	}