SSL in Zend Framework


I had to implement SSL on login, cart and checkout pages.

if you want to have SSL enabled for the login page of your application:

First, enter the following code in your ssl.ini file. We will parse it later through the Bootstrap.php file.

[php]

ssl.modules.default.require_ssl = true //-> entire module requires SSL
ssl.modules.default.Index.require_ssl = true //-> entire controller requires SSL
ssl.modules.default.Index.login.require_ssl = true //-> single action requires SSL

[/php]

Next create a file Ssl.php in library/Application/Controller/Plugin folder. In the file, write the following code:

[php]
<?php
class Application_Controller_Plugin_Ssl extends Zend_Controller_Plugin_Abstract
{

public function preDispatch ( Zend_Controller_Request_Abstract $request )
{

$shouldSecureUrl = false;

//get the config settings for SSL
$options = new Zend_Config_Ini(APPLICATION_PATH.’/configs/ssl.ini’);
$options = $options-&gt;ssl;

//if config is empty, exit
if (!is_object($options))
return;

//simpler to use
$options = $options-&gt;toArray();

//only use it production environment
if ( APPLICATION_ENV == ‘production’ )
{

if (

( isset($options[‘modules’][$request-&gt;module][‘require_ssl’]) &amp;&amp; $options[‘modules’][$request-&gt;module][‘require_ssl’] )&amp;nbsp; ||
( isset($options[‘modules’][$request-&gt;module][$request-&gt;controller][‘require_ssl’]) &amp;&amp; $options[‘modules’][$request-&gt;module][$request-&gt;controller][‘require_ssl’] )&amp;nbsp; ||
( isset($options[‘modules’][$request-&gt;module][$request-&gt;controller][$request-&gt;action][‘require_ssl’]) &amp;&amp; $options[‘modules’][$request-&gt;module][$request-&gt;controller][$request-&gt;action][‘require_ssl’] )

)
{

$shouldSecureUrl = true;

}

if ( $shouldSecureUrl )
{

$this-&gt;_secureUrl($request);

}
}
}

protected function _secureUrl ( Zend_Controller_Request_Abstract $request )
{

$server = $request-&gt;getServer();
$hostname = $server[‘HTTP_HOST’];

if ( ! $request-&gt;isSecure() )
{
$url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .
$request-&gt;getPathInfo();

$redirector = Zend_Controller_Action_HelperBroker::getStaticHelper(‘redirector’);
$redirector-&gt;setGoToUrl($url);
$redirector-&gt;redirectAndExit();
}
}
}
?>
[/php]

[php]
$frontController = Zend_Controller_Front::getInstance();
$frontController-&gt;registerPlugin( new Application_Controller_Plugin_Ssl());
[/php]