'admin/settings/securepages', 'title' => t('Secure Pages'), 'description' => t('Configure which pages are and are not to be viewed in SSL'), 'callback' => 'drupal_get_form', 'callback arguments' => 'securepages_settings', 'access' => user_access('administer site configuration'), 'type' => MENU_NORMAL_ITEM, ); } return $items; } /** * Implementation of hook_settings() */ function securepages_settings() { $form['securepages_switch'] = array( '#type' => 'checkbox', '#title' => t('Switch back to http pages when there are no matches'), '#return_value' => TRUE, '#default_value' => variable_get('securepages_switch', FALSE), ); $form['securepages_secure'] = array( '#type' => 'radios', '#title' => t('Pages which will be be secure'), '#default_value' => variable_get('securepages_secure', 1), '#options' => array(t('Make secure every page except the listed pages.'), t('Make secure only the listed pages.')), ); $form['securepages_pages'] = array( '#type' => 'textarea', '#title' => t('Pages'), '#default_value' => variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"), '#cols' => 40, '#rows' => 5, '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog. '<front>' is the front page."), ); $form['securepages_ignore'] = array( '#type' => 'textarea', '#title' => t('Ignore pages'), '#default_value' => variable_get('securepages_ignore', "*/autocomplete/*"), '#cols' => 40, '#rows' => 5, '#description' => t("The pages listed here will be ignored and be either returned in http or https. Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog. '<front>' is the front page."), ); return system_settings_form($form); } /** * Implementation of hook_form_alter() */ function securepages_form_alter($form_id, &$form) { if ($form['#action']) { extract(parse_url($form['#action'])); parse_str($query, $query); if (isset($query['q'])) { $path = $query['q']; } else { $base_path = base_path(); $path = (!strncmp($path, $base_path, strlen($base_path)) ? substr($path, strlen($base_path)) : $path); } $path = drupal_get_normal_path($path); $query = drupal_query_string_encode($query); $page_match = securepages_match($path); if ($page_match && !$_SERVER['HTTPS']) { $form['#action'] = securepages_get_destination($path, $query, TRUE); } elseif ($page_match === FALSE && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) { $form['#action'] = securepages_get_destination($path, $query, FALSE); } } } /** * Implementation of hook_link_alter() */ function securepages_link_alter(&$node, &$links) { foreach ($links as $module => $link) { if ($link['href']) { $page_match = securepages_match($link['href']); if ($page_match && !$_SERVER['HTTPS']) { $links[$module]['href'] = securepages_get_destination($link['href'], NULL, TRUE); } elseif ($page_match === FALSE && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) { $links[$module]['href'] = securepages_get_destination($link['href'], NULL, FALSE); } } } } /** * securepage_goto() * * Redirects the current page to the secure or insecure version. * * @param $secure * Determine which version of the set to move to. */ function securepages_goto($secure) { if (function_exists('drupal_get_path_alias')) { $path = drupal_get_path_alias($_GET['q']); $query = drupal_query_string_encode($_GET, array('q')); } else { $path = $_REQUEST['q']; $query = ''; } $url = securepages_get_destination($path, $query, $secure); if (function_exists('module_invoke_all')) { foreach (module_implements('exit') as $module) { if ($module != 'devel') { module_invoke($module, 'exit'); } } } else { bootstrap_invoke_all('exit'); } header('Location: '. $url); exit(); } /** * securepages_get_destination() * * Build the full secure/insecure destination for the past url * * @param $path * path of the page that we need to get to. * * @param $query * The querystring of the url that the web site is going to be past to. * * @param $secure * determines what type of page to return. * * @return * valid url which is secure or insecure depending on the $secure flag. */ function securepages_get_destination($path, $query, $secure) { if (function_exists('url')) { // if url() exists then use that as it will more robust. $url = url($path, $query == '' ? NULL : $query, NULL, TRUE); } else { // This should convert to the current page ok. $url = 'http://'. $_SERVER['HTTP_HOST']. $_SERVER['REQUEST_URI']; } if ($secure) { $url = preg_replace('/^http:\/\//i', 'https://', $url); } else { $url = preg_replace('/^https:\/\//i', 'http://', $url); } return $url; } /** * securepages_match() * * check the page past and see if it should be secure or insecure. * * @param $path * the page of the page to check. * * @return * 0 - page should be insecure. * 1 - page should be secure. * NULL - do not change page. */ function securepages_match($path) { $secure = variable_get('securepages_secure', 1); $pages = variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"); $ignore = variable_get('securepages_ignore', "*/autocomplete/*"); if ($ignore) { $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($ignore, '/')) .')$/'; if (preg_match($regexp, $path)) { if ($_SERVER['HTTPS'] == 'on') { return TRUE; } else { return FALSE; } } } if ($pages) { $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/'; return !($secure xor preg_match($regexp, $path)); } else { return; } }