Custom Web Applications to Grow Your Business

(256) 429-8145

Simple Cakephp function to force https SSL without using security component

If you want to force certain of your cakePHP webpages to be https and others http, or to use https for logged in users and http for non users, here is a simple script to do just that

// add this function to your appController. When the user is not logged in only the "login" and "register" pages are https

public function moveTohttp(){		
		if  (!$this->Auth->user()) {
		   // user login and user register should be https by default	
             if ($this->here == '/users/login' || $this->here == '/users/add') {
			  // do nothing	
			} else if ($this->request->is('ssl')) {
				return $this->redirect('http://' . env('SERVER_NAME') . $this->here);	
			}  				
		} else { // then the user is logged in
			if (!$this->request->is('ssl')) {			
				return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
			}	
		}				
	}

// call the function in your beforeFilter function

 
public function beforeFilter() {		
	$this->moveTohttp();
}