'admin/settings/securepages', 'title' => t('Secure Pages'), 'description' => t('Configure which pages are and are not to be viewed in SSL'), 'callback' => 'drupal_get_form', 'callback arguments' => 'securepages_settings', 'access' => user_access('administer site configuration'), 'type' => MENU_NORMAL_ITEM, ); } return $items; } /** * Implementation of hook_settings() */ function securepages_settings() { $form = array(); $form['securepages_enable'] = array( '#type' => 'radios', '#title' => t('Enable Secure Pages'), '#default_value' => variable_get('securepages_enable', 0), '#options' => array(t('Disabled'), t('Enabled')), '#disabled' => !securepages_test(), '#description' => t('To start using secure pages this setting must be enabled. This setting will only be able to changed when the web server has been configured for SSL.
If this test has failed then go here', array('!url' => preg_replace(';^http://;i', 'https://', url($_GET['q'], NULL, NULL, TRUE)))), ); $form['securepages_switch'] = array( '#type' => 'checkbox', '#title' => t('Switch back to http pages when there are no matches'), '#return_value' => TRUE, '#default_value' => variable_get('securepages_switch', FALSE), ); $form['securepages_secure'] = array( '#type' => 'radios', '#title' => t('Pages which will be be secure'), '#default_value' => variable_get('securepages_secure', 1), '#options' => array(t('Make secure every page except the listed pages.'), t('Make secure only the listed pages.')), ); $form['securepages_pages'] = array( '#type' => 'textarea', '#title' => t('Pages'), '#default_value' => variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"), '#cols' => 40, '#rows' => 5, '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog. '<front>' is the front page."), ); $form['securepages_ignore'] = array( '#type' => 'textarea', '#title' => t('Ignore pages'), '#default_value' => variable_get('securepages_ignore', "*/autocomplete/*"), '#cols' => 40, '#rows' => 5, '#description' => t("The pages listed here will be ignored and be either returned in http or https. Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are 'blog' for the blog page and 'blog/*' for every personal blog. '<front>' is the front page."), ); return system_settings_form($form); } /** * Implementation of hook_form_alter() */ function securepages_form_alter($form_id, &$form) { if (!variable_get('securepages_enable', 0)) { return; } if ($form['#action']) { extract(parse_url($form['#action'])); parse_str($query, $query); if (isset($query['q'])) { $path = $query['q']; } else { $base_path = base_path(); $path = (!strncmp($path, $base_path, strlen($base_path)) ? substr($path, strlen($base_path)) : $path); } $path = drupal_get_normal_path($path); $query = drupal_query_string_encode($query); $page_match = securepages_match($path); if ($page_match && !$_SERVER['HTTPS']) { $form['#action'] = securepages_get_destination($path, $query, TRUE); } elseif ($page_match === 0 && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) { $form['#action'] = securepages_get_destination($path, $query, FALSE); } } } /** * Implementation of hook_link_alter() */ function securepages_link_alter(&$node, &$links) { if (!variable_get('securepages_enable', 0)) { return; } foreach ($links as $module => $link) { if ($link['href']) { $page_match = securepages_match($link['href']); if ($page_match && !$_SERVER['HTTPS']) { $links[$module]['href'] = securepages_get_destination($link['href'], NULL, TRUE); } elseif ($page_match === 0 && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) { $links[$module]['href'] = securepages_get_destination($link['href'], NULL, FALSE); } } } } /** * securepage_goto() * * Redirects the current page to the secure or insecure version. * * @param $secure * Determine which version of the set to move to. */ function securepages_goto($secure) { if (function_exists('drupal_get_path_alias')) { $path = drupal_get_path_alias($_GET['q']); $query = drupal_query_string_encode($_GET, array('q')); } else { $path = $_REQUEST['q']; $query = ''; } $url = securepages_get_destination($path, $query, $secure); if (function_exists('module_invoke_all')) { foreach (module_implements('exit') as $module) { if ($module != 'devel') { module_invoke($module, 'exit'); } } } else { bootstrap_invoke_all('exit'); } header('Location: '. $url); exit(); } /** * securepages_get_destination() * * Build the full secure/insecure destination for the past url * * @param $path * path of the page that we need to get to. * * @param $query * The querystring of the url that the web site is going to be past to. * * @param $secure * determines what type of page to return. * * @return * valid url which is secure or insecure depending on the $secure flag. */ function securepages_get_destination($path, $query, $secure) { if (function_exists('url')) { // if url() exists then use that as it will more robust. $url = url($path, $query == '' ? NULL : $query, NULL, TRUE); } else { // This should convert to the current page ok. $url = 'http://'. $_SERVER['HTTP_HOST'] . request_uri(); } if ($secure) { $url = preg_replace('/^http:\/\//i', 'https://', $url); } else { $url = preg_replace('/^https:\/\//i', 'http://', $url); } return $url; } /** * securepages_match() * * check the page past and see if it should be secure or insecure. * * @param $path * the page of the page to check. * * @return * 0 - page should be insecure. * 1 - page should be secure. * NULL - do not change page. */ function securepages_match($path) { /** * Check to see if the current menu item has a preference and ignore the * secure pages settings */ if (function_exists('menu_get_item')) { $item = menu_get_item(menu_get_active_item()); if (isset($item['secure'])) { return $item['secure']; } } /** * Check to see if the page matches the current settings */ $secure = variable_get('securepages_secure', 1); $pages = variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"); $ignore = variable_get('securepages_ignore', "*/autocomplete/*\n*/ajax/*"); if ($ignore) { $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($ignore, '/')) .')$/'; if (preg_match($regexp, $path)) { if ($_SERVER['HTTPS'] == 'on') { return 1; } else { return 0; } } } if ($pages) { $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/'; return !($secure xor preg_match($regexp, $path)) ? 1 : 0; } else { return; } } /** * Secure Pages SSL Test */ function securepages_test() { // If we are in an SSL page then assume that SSL is configured correctly. if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') { return TRUE; } $url = 'https://'. preg_replace(';^http[s]?://;s', '', url('admin/settings/securepages/test', NULL, NULL, TRUE)); $response = drupal_http_request($url); return $response->code == 200 ? TRUE : FALSE; }