Yii-URL management for secure and non-secure sites

URL management for secure and non-secure sites

In this article, I will describe how to manage URLs of secure and non-secure sites.

The content of a security site is sent using httpsSSL (Secure Socket Layer) protocol, whereas the content of a security site uses http protocol. For simple description, we call the former https content/page, and the latter 'http' content/page. A website with strict requirements usually requires https for some pages and http for some pages. For example, to prevent password sniffing, we use https for login pages, and to reduce the pressure on servers, we use http for non-sensitive pages (such as the homepage.

When we create an https page, we need to generate an http page URL, and vice versa. For example, a website has a main menu that all pages use. the main menu contains links to https (for example, logon page) and http (for example, about page. If we are on an http page, we can directly link to other http pages (for example,/about), but we have to use an absolute URL address to link to other https pages using https protocol. The same is true for https pages.

Another scenario is that we use http protocol requests to secure pages. we should redirect the browser to use https protocol, and vice versa. The redefinition is usually 301 permanent redirection. This may be implemented using web server rewrite rules. But if we want to refine the security and non-security pages, rewrite rules may become very complex.

To meet the above two requirements, we can inherit CUrlManager, as shown below:

Class UrlManager extends CUrlManager {/*** @ var string host information in non-SSL mode */public $ hostInfo =' http://localhost ';/*** @ Var string host information in SSL mode */public $ secureHostInfo =' https://localhost ';/*** @ Var array is only available in SSL mode. * each entry of the array can be either a URL route (for example, 'site/create') * or a controller ID (for example, 'Settings '). the latter indicates that all actions of the controller are on the security page */public $ secureRoutes = array (); public function createUrl ($ route, $ params = array (), $ ampersand = '&') {$ url = parent: createUrl ($ route, $ params, $ ampersand ); // if an absolute URL is already returned, if (strpos ($ url, 'http ') ==0) {return $ url ;} // check whether the current protocol is the expected protocol // If not, use the correct host when generating the URL Information $ secureRoute = $ this-> isSecureRoute ($ route); if (Yii: app ()-> request-> isSecureConnection) {return $ secureRoute? $ Url: $ this-> hostInfo. $ url;} else {return $ secureRoute? $ This-> secureHostInfo. $ url: $ url;} public function parseUrl ($ request) {$ route = parent: parseUrl ($ request); // if the current protocol does not meet the expected protocol, execute 301 redirection $ secureRoute = $ this-> isSecureRoute ($ route); $ sslRequest = $ request-> isSecureConnection; if ($ secureRoute! ==$ SslRequest) {$ hostInfo = $ secureRoute? $ This-> secureHostInfo: $ this-> hostInfo; if (strpos ($ hostInfo, 'https') === 0) xor $ sslRequest) {$ request-> redirect ($ hostInfo. $ request-> url, true, 301) ;}return $ route;} private $ _ secureMap; /*** @ param string indicates the URL route to be checked * @ return boolean indicates whether the URL route provided by boolean should be in SSL mode */protected function isSecureRoute ($ route) {if ($ this-> _ secureMap = null) {foreach ($ this-> secureRoutes as $ r) {$ this-> _ SecureMap [strtolower ($ r)] = true; }}$ route = strtolower ($ route); if (isset ($ this-> _ secureMap [$ route]) {return true;} else {return ($ pos = strpos ($ route ,'/'))! ==False & isset ($ this-> _ secureMap [substr ($ route, 0, $ pos)]) ;}}

Now, in the application configuration, we should use our URL manager to replace the default.

return array( // .... 'components' => array( 'urlManager' => array( 'class' => 'UrlManager', 'urlFormat' => 'path', 'hostInfo' => 'http://example.com', 'secureHostInfo' => 'https://example.com', 'secureRoutes' => array( 'site/login', // site/login action 'site/signup', // site/signup action 'settings', // all actions of SettingsController ), ), ), );

In the above code, we configured urlManager logon, registration, and all settings pages as security pages. If you want to add other pages, you only need to add the corresponding content to the secureRoutes array.

Now we can use the Yii: app ()-> createUrl () method as usual to create a URL address. Our urlManager will automatically determine whether to add a proper prefix. if necessary, the url manager will also execute 301 redirection.

This article translated from foreign language website, view the original, please click: http://www.yiiframework.com/wiki/407/url-management-for-websites-with-secure-and-nonsecure-pages/