1

I am using CodeIgniter on Windows 7 along with wamp. I generated a self-signed certificate and all the other things that are needed to run a website under https. My website is working perfectly in SSL mode. The problem is I only want my login and registration page to be in SSL mode. In CI, we can only configure one url i.e. :

$config['base_url'] = "https://localhost/abc";

I do not want to run my whole website in SSL mode. How can I achieve this? I read the following link:

http://stackoverflow.com/questions/1500527/how-to-use-ssl-with-codeigniter

But it did not solve any of my problems. I do not want to duplicate my whole website folder that the person is talking about. I want to maintain the same session data and cookies for http as well as https. Can I hardcode the pages that need SSL in my controller's constructor? And if a request is received for that secured page on http I should redirect to https. Is this approach valid or do I need to work on it? If any proper and elegant solution is available please let me know.

plamut
  • 3,085
  • 10
  • 29
  • 40
TCM
  • 16,780
  • 43
  • 156
  • 254

2 Answers2

3

I had the same problem. In my case, I had to use SSL in the control panel only.

I solved this problem by rewriting the URL helper:

function base_url($flag = true)
{
    $CI = CI_Controller::get_instance();
    if (strpos(current_url(), '/cp/') and $flag) {
        return str_ireplace('http://', 'https://', $CI->config->slash_item('base_url')).'index.php/';
    }
    return $CI->config->slash_item('base_url');
}

In this case '/cp/' means "control panel". I was forced to do it this way because other ways (like adding secure_base_url to config.php or different SSL helpers) didn't work for me.

The additional $flag parameter is for images, CSS and JS files which should be loaded in the control panel. Use base_url(false) in these cases as https://www.example.com/**index.php**/image.png is a wrong address for the image.png file).

You can do the same thing for your website.

Hope this helps.

Armen Markossyan
  • 1,214
  • 1
  • 12
  • 25
2

using the .htaccess file would be my best guess

RewriteRule ^my-account\/?(.+)?$ https://mydomain.com/my-account/$1 [NC,R,L]

would that work for you?

castis
  • 8,154
  • 4
  • 41
  • 63