'admin/settings/securepages',
'title' => t('Secure Pages'),
'description' => t('Configure which pages are and are not to be viewed in SSL'),
'callback' => 'drupal_get_form',
'callback arguments' => 'securepages_settings',
'access' => user_access('administer site configuration'),
'type' => MENU_NORMAL_ITEM,
);
}
return $items;
}
/**
* Implementation of hook_settings()
*/
function securepages_settings() {
$form = array();
$form['securepages_enable'] = array(
'#type' => 'radios',
'#title' => t('Enable Secure Pages'),
'#default_value' => variable_get('securepages_enable', 0),
'#options' => array(t('Disabled'), t('Enabled')),
'#disabled' => !securepages_test(),
'#description' => t('To start using secure pages this setting must be enabled. This setting will only be able to changed when the web server has been configured for SSL'),
);
$form['securepages_switch'] = array(
'#type' => 'checkbox',
'#title' => t('Switch back to http pages when there are no matches'),
'#return_value' => TRUE,
'#default_value' => variable_get('securepages_switch', FALSE),
);
$form['securepages_secure'] = array(
'#type' => 'radios',
'#title' => t('Pages which will be be secure'),
'#default_value' => variable_get('securepages_secure', 1),
'#options' => array(t('Make secure every page except the listed pages.'), t('Make secure only the listed pages.')),
);
$form['securepages_pages'] = array(
'#type' => 'textarea',
'#title' => t('Pages'),
'#default_value' => variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"),
'#cols' => 40,
'#rows' => 5,
'#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog. '<front>' is the front page."),
);
$form['securepages_ignore'] = array(
'#type' => 'textarea',
'#title' => t('Ignore pages'),
'#default_value' => variable_get('securepages_ignore', "*/autocomplete/*"),
'#cols' => 40,
'#rows' => 5,
'#description' => t("The pages listed here will be ignored and be either returned in http or https. Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog. '<front>' is the front page."),
);
return system_settings_form($form);
}
/**
* Implementation of hook_form_alter()
*/
function securepages_form_alter($form_id, &$form) {
if (!variable_get('securepages_enable', 0)) {
return;
}
if ($form['#action']) {
extract(parse_url($form['#action']));
parse_str($query, $query);
if (isset($query['q'])) {
$path = $query['q'];
}
else {
$base_path = base_path();
$path = (!strncmp($path, $base_path, strlen($base_path)) ? substr($path, strlen($base_path)) : $path);
}
$path = drupal_get_normal_path($path);
$query = drupal_query_string_encode($query);
$page_match = securepages_match($path);
if ($page_match && !$_SERVER['HTTPS']) {
$form['#action'] = securepages_get_destination($path, $query, TRUE);
}
elseif ($page_match === 0 && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
$form['#action'] = securepages_get_destination($path, $query, FALSE);
}
}
}
/**
* Implementation of hook_link_alter()
*/
function securepages_link_alter(&$node, &$links) {
if (!variable_get('securepages_enable', 0)) {
return;
}
foreach ($links as $module => $link) {
if ($link['href']) {
$page_match = securepages_match($link['href']);
if ($page_match && !$_SERVER['HTTPS']) {
$links[$module]['href'] = securepages_get_destination($link['href'], NULL, TRUE);
}
elseif ($page_match === 0 && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
$links[$module]['href'] = securepages_get_destination($link['href'], NULL, FALSE);
}
}
}
}
/**
* securepage_goto()
*
* Redirects the current page to the secure or insecure version.
*
* @param $secure
* Determine which version of the set to move to.
*/
function securepages_goto($secure) {
if (function_exists('drupal_get_path_alias')) {
$path = drupal_get_path_alias($_GET['q']);
$query = drupal_query_string_encode($_GET, array('q'));
}
else {
$path = $_REQUEST['q'];
$query = '';
}
$url = securepages_get_destination($path, $query, $secure);
if (function_exists('module_invoke_all')) {
foreach (module_implements('exit') as $module) {
if ($module != 'devel') {
module_invoke($module, 'exit');
}
}
}
else {
bootstrap_invoke_all('exit');
}
header('Location: '. $url);
exit();
}
/**
* securepages_get_destination()
*
* Build the full secure/insecure destination for the past url
*
* @param $path
* path of the page that we need to get to.
*
* @param $query
* The querystring of the url that the web site is going to be past to.
*
* @param $secure
* determines what type of page to return.
*
* @return
* valid url which is secure or insecure depending on the $secure flag.
*/
function securepages_get_destination($path, $query, $secure) {
if (function_exists('url')) {
// if url() exists then use that as it will more robust.
$url = url($path, $query == '' ? NULL : $query, NULL, TRUE);
}
else {
// This should convert to the current page ok.
$url = 'http://'. $_SERVER['HTTP_HOST'] . request_uri();
}
if ($secure) {
$url = preg_replace('/^http:\/\//i', 'https://', $url);
}
else {
$url = preg_replace('/^https:\/\//i', 'http://', $url);
}
return $url;
}
/**
* securepages_match()
*
* check the page past and see if it should be secure or insecure.
*
* @param $path
* the page of the page to check.
*
* @return
* 0 - page should be insecure.
* 1 - page should be secure.
* NULL - do not change page.
*/
function securepages_match($path) {
/**
* Check to see if the current menu item has a preference and ignore the
* secure pages settings
*/
if (function_exists('menu_get_item')) {
$item = menu_get_item(menu_get_active_item());
if (isset($item['secure'])) {
return $item['secure'];
}
}
/**
* Check to see if the page matches the current settings
*/
$secure = variable_get('securepages_secure', 1);
$pages = variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*");
$ignore = variable_get('securepages_ignore', "*/autocomplete/*\n*/ajax/*");
if ($ignore) {
$regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($ignore, '/')) .')$/';
if (preg_match($regexp, $path)) {
if ($_SERVER['HTTPS'] == 'on') {
return 1;
}
else {
return 0;
}
}
}
if ($pages) {
$regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/';
return !($secure xor preg_match($regexp, $path)) ? 1 : 0;
}
else {
return;
}
}
/**
* Secure Pages SSL Test
*/
function securepages_test() {
$url = 'https://'. preg_replace(';^http[s]?://;s', '', url('admin/settings/securepages/test', NULL, NULL, TRUE));
$response = drupal_http_request($url);
return $response->code == 200 ? TRUE : FALSE;
}