... Elxis version 2009.3 codename Aphrodite is out, download it from Elxis Download Center (EDC) ...

Secure URLs

From Elxis Official Documentation

Jump to: navigation, search
Note: Secure URLs is a new feature available in elxis 2009.2 and newer versions!


Contents

Detect SSL

Method detectSSL of the $mainframe object will check if the current page has been accessed securely using a secure SSL/TLS connection. The function will return true for secure connections (HTTPS) and false for insecure (HTTP). 

@access: public
boolean $mainframe->detectSSL();

Secure URL

Method secureURL of the $mainframe object will return the secure (https) version of a URL. 

@access: public
string $mainframe->secureURL(string $url, boolean $force=false);

If argument $force is false (default) secureURL will return the secure version of the URL only if the current page has been accessed via an SSL/TLS secure connection.

If argument $force is true secureURL will return always the secure version of the URL regardless the current SSL/TLS status of the site.

Examples 

$mainframe->secureURL('http://www.elxis.org', true);
//will always return https://www.elxis.org

$mainframe->secureURL('http://www.elxis.org');
//will return https://www.elxis.org if the page was accessed via HTTPS 
//will return http://www.elxis.org if the page was accessed via HTTP


SSL Live Site URL

You can access the secure version of the live_site URL (if the current page has been accessed via HTTPS) by using:

$mainframe->getCfg('ssl_live_site');

If the page has not been accessed securely ssl_live_site will be identical to the live_site URL.
To get the SSL live site URL regardless the current page secure connection status use: 

$mainframe->secureURL($mainframe->getCfg('live_site'), true);


Securing headers and images

On securely accessed pages (HTTPS) the web browsers will trigger an alert for images, css or javascript files that are not accessed securely. If Elxis detect that a page has been accessed via HTTPS then it will automatically use the HTTPS version of the live_site URL (ssl_live_site) to access all local files. This will make the page valid to the security regulations of the web browsers. But in order for the web page to be accessed 100% securely you have to also use the ssl_live_site URL in your template instead of the live_site one.

So whenever in your template's index.php file you call an image, a css or a javascript file use the ssl_live_site in order to be sure that the file will be accessed via a secure connection when HTTPS is enabled.

Example for a css link 

<link href="<?php echo $mainframe->getCfg('ssl_live_site'); ?>
/templates/okto/css/template_css<?php echo (_GEM_RTL) ? '-rtl' : ''; ?>.css" 
rel="stylesheet" type="text/css" media="all" />

<!-- written in 3 lines -->


Example for an image 

<img src="<?php echo $mainframe->getCfg('ssl_live_site'); ?>/images/logo.png" alt="logo" />

If you get confused just remember this rule:
replace $mainframe->getCfg('live_site')
with $mainframe->getCfg('ssl_live_site')
for images, css, javascript, or other local files.

Retrieved from "http://wiki.elxis.org/wiki/Secure_URLs"
Personal tools