Re: SSL Help

I achieved this using a component called SSL - I can't remember where I got it from, but I am sure a search will turn it up. I had to alter it a bit as the server I used it on had all sorts of edge servers and so on, but here's my final implementation. The cool thing is that you have a single array in app_controller that determines which controllers and actions are SSLed. Hope it helps...

app_controller.php:

var $components = array(
'Security',
...
'Secured.Ssl' => array(
'secured' => array(
'orders' => '*',
'order_notes' => '*',
'order_items' => '*',
'users' => '*',
'questionnaires' => '*',
'customers' => '*'
)
)
...
}

ssl.php (in components)

<?php

class SslComponent extends Object {

public $secured = array();

public $https = false;

public $autoRedirect = true;

public function initialize(&$controller, $settings = array()) {

$this->controller = $controller;
$this->_set($settings);

if ( $_SERVER['SERVER_ADDR'] == '192.0.192.1' || env('HTTPS') == 1 )
{
$this->https = true;
}

if ($this->autoRedirect === true) {
$secured = $this->ssled($this->controller->params);

if ($secured && !$this->https) {
$this->forceSSL();
}
elseif (!$secured && $this->https) {
$this->forceNoSSL();
}

}
}

public function ssled($params) {
if (!array_key_exists($params['controller'], $this->secured)) {
return false;
}
$actions = (array) $this->secured[$params['controller']];

if ($actions === array('*')) {
return true;
}
return (in_array($params['action'], $actions));
}

public function forceSSL() {
$server = env('SERVER_NAME');
$this->controller->redirect("https://$server{$this->controller->here}");
}

public function forceNoSSL() {
$server = env('SERVER_NAME');
$this->controller->redirect("http://$server{$this->controller->here}");
}

}
?>

Jeremy Burns
Class Outfit

jeremyburns@classoutfit.com
http://www.classoutfit.com

On 12 Mar 2011, at 05:33, Krissy Masters wrote:

> I am only starting in on SSL and getting nowhere.
>
> Attempting to secure 2 actions to start (will secure entire backend IF I can
> get these running first)
>
> Users Controller:
>
> public function beforeFilter() {
> parent::beforeFilter();
> $this->Auth->allowedActions = array( 'login', 'logout', 'register');
> $this->Auth->fields = array( 'username' => 'email', 'password' =>
> 'security' );
> $this->Security->blackHoleCallback = 'forceSSL';
> $this->Security->requireSecure( 'login', 'register');
> //$this->Security->requireSecure( array('login', 'register'));
> $this->Auth->autoRedirect = false;
> }
>
> App Controller:
>
> Has Security in $component array
>
> function forceSSL() {
> $this->redirect('https://' . $_SERVER['SERVER_NAME'] .
> $this->here);
> }
>
> All I get is infinite never ending loop browser message.
>
> Can anyone help as this is just the basics as the cookbook points out and
> still im getting nowhere.
>
> Thanks,
>
> K
>
> --
> Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
> Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
>
>
> To unsubscribe from this group, send email to
> cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.

To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php