modules/securepages/securepages.module

<?php
// $Id: securepages.module,v 1.14 2007/12/22 07:03:46 gordon Exp $

/**
 * Implementation of hook_init()
 */
function securepages_init() {
  global $base_url;

  $path = $_GET['q'];
  if ($path == 'admin/settings/securepages/test') {
    if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
      header('HTTP/1.1 200 OK');
    }
    else {
      header('HTTP/1.1 404 Not Found');
    }
    exit();
  }
  if (!variable_get('securepages_enable', 0) || basename($_SERVER['PHP_SELF']) != 'index.php') {
    return;
  }

  $page_match = securepages_match($path);

  if ($_POST) {
    // If something has been posted to here then ignore the rules.
  }
  elseif ($page_match && !$_SERVER['HTTPS']) {
    securepages_goto(TRUE);
  }
  elseif ($page_match === 0 && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
    securepages_goto(FALSE);
  }

  // Correct the base_url so that everything comes from https.
  if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    $base_url = str_replace('http://', 'https://', $base_url);
  }
}

/**
 * Implementation of hook_menu()
 */
function securepages_menu($may_cache) {
  $items = array();
  if ($may_cache) {
    $items[] = array(
      'path' => 'admin/settings/securepages',
      'title' => t('Secure Pages'),
      'description' => t('Configure which pages are and are not to be viewed in SSL'),
      'callback' => 'drupal_get_form',
      'callback arguments' => 'securepages_settings',
      'access' => user_access('administer site configuration'),
      'type' => MENU_NORMAL_ITEM,
    );
  }
  return $items;
}

/**
 * Implementation of hook_settings()
 */
function securepages_settings() {
  $form = array();

  $form['securepages_enable'] = array(
    '#type' => 'radios',
    '#title' => t('Enable Secure Pages'),
    '#default_value' => variable_get('securepages_enable', 0),
    '#options' => array(t('Disabled'), t('Enabled')),
    '#disabled' => !securepages_test(),
    '#description' => t('To start using secure pages this setting must be enabled. This setting will only be able to changed when the web server has been configured for SSL.<br />If this test has failed then go <a href="!url">here</a>', array('!url' => preg_replace(';^http://;i', 'https://', url($_GET['q'], NULL, NULL, TRUE)))),
  );
  $form['securepages_switch'] = array(
    '#type' => 'checkbox',
    '#title' => t('Switch back to http pages when there are no matches'),
    '#return_value' => TRUE,
    '#default_value' => variable_get('securepages_switch', FALSE),
  );
  $form['securepages_secure'] = array(
    '#type' => 'radios',
    '#title' => t('Pages which will be be secure'),
    '#default_value' => variable_get('securepages_secure', 1),
    '#options' => array(t('Make secure every page except the listed pages.'), t('Make secure only the listed pages.')),
  );
  $form['securepages_pages'] = array(
    '#type' => 'textarea',
    '#title' => t('Pages'),
    '#default_value' => variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"),
    '#cols' => 40,
    '#rows' => 5,
    '#description' => t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."),
  );
  $form['securepages_ignore'] = array(
    '#type' => 'textarea',
    '#title' => t('Ignore pages'),
    '#default_value' => variable_get('securepages_ignore', "*/autocomplete/*"),
    '#cols' => 40,
    '#rows' => 5,
    '#description' => t("The pages listed here will be ignored and be either returned in http or https. Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em>&lt;front&gt;</em>' is the front page."),
  );
  return system_settings_form($form);
}

/**
 * Implementation of hook_form_alter()
 */
function securepages_form_alter($form_id, &$form) {
  if ($form['#action']) {
    extract(parse_url($form['#action']));
    parse_str($query, $query);
    if (isset($query['q'])) {
      $path = $query['q'];
    }
    else {
      $base_path = base_path();
      $path = (!strncmp($path, $base_path, strlen($base_path)) ? substr($path, strlen($base_path)) : $path);
    }
    $path = drupal_get_normal_path($path);
    $query = drupal_query_string_encode($query);
    $page_match = securepages_match($path);
    if ($page_match && !$_SERVER['HTTPS']) {
      $form['#action'] = securepages_get_destination($path, $query, TRUE);
    }
    elseif ($page_match === FALSE && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
      $form['#action'] = securepages_get_destination($path, $query, FALSE);
    }
  }
}

/**
 * Implementation of hook_link_alter()
 */
function securepages_link_alter(&$node, &$links) {
  foreach ($links as $module => $link) {
    if ($link['href']) {
      $page_match = securepages_match($link['href']);
      if ($page_match && !$_SERVER['HTTPS']) {
        $links[$module]['href'] = securepages_get_destination($link['href'], NULL, TRUE);
      }
      elseif ($page_match === FALSE && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
        $links[$module]['href'] = securepages_get_destination($link['href'], NULL, FALSE);
      }
    }
  }
}

/**
 * securepage_goto()
 *
 * Redirects the current page to the secure or insecure version.
 *
 * @param $secure
 *  Determine which version of the set to move to.
 */
function securepages_goto($secure) {
  if (function_exists('drupal_get_path_alias')) {
    $path = drupal_get_path_alias($_GET['q']);
    $query = drupal_query_string_encode($_GET, array('q'));
  }
  else {
    $path = $_REQUEST['q'];
    $query = '';
  }
  $url = securepages_get_destination($path, $query, $secure);

  if (function_exists('module_invoke_all')) {
    foreach (module_implements('exit') as $module) {
      if ($module != 'devel') {
        module_invoke($module, 'exit');
      }
    }
  }
  else {
    bootstrap_invoke_all('exit');
  }
  header('Location: '. $url);
  exit();
}

/**
 * securepages_get_destination()
 *
 * Build the full secure/insecure destination for the past url
 *
 * @param $path
 *  path of the page that we need to get to.
 *
 * @param $query
 *  The querystring of the url that the web site is going to be past to.
 *
 * @param $secure
 *  determines what type of page to return.
 *
 * @return
 *  valid url which is secure or insecure depending on the $secure flag.
 */
function securepages_get_destination($path, $query, $secure) {
  if (function_exists('url')) {
    // if url() exists then use that as it will more robust.
    $url = url($path, $query == '' ? NULL : $query, NULL, TRUE);
  }
  else {
    // This should convert to the current page ok.
    $url = 'http://'. $_SERVER['HTTP_HOST'] . request_uri();
  }

  if ($secure) {
    $url = preg_replace('/^http:\/\//i', 'https://', $url);
  }
  else {
    $url = preg_replace('/^https:\/\//i', 'http://', $url);
  }

  return $url;
}

/**
 * securepages_match()
 *
 * check the page past and see if it should be secure or insecure.
 *
 * @param $path
 *  the page of the page to check.
 *
 * @return
 *  0 - page should be insecure.
 *  1 - page should be secure.
 *  NULL - do not change page.
 */
function securepages_match($path) {
  /* Check to see if the current menu item has a preference and ignore the
   * secure pages settings
   */
  $item = menu_get_item(menu_get_active_item());
  if (isset($item['secure'])) {
    return $item['secure'];
  }

  /**
   * Check to see if the page matches the current settings
   */
  $secure = variable_get('securepages_secure', 1);
  $pages = variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*");
  $ignore = variable_get('securepages_ignore', "*/autocomplete/*\n*/ajax/*");

  if ($ignore) {
    $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\<front\\\\>($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($ignore, '/')) .')$/';
    if (preg_match($regexp, $path)) {
      if ($_SERVER['HTTPS'] == 'on') {
        return 1;
      }
      else {
        return 0;
      }
    }
  }
  if ($pages) {
    $regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\<front\\\\>($|\|)/'), array('|', '.*', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/';
    return !($secure xor preg_match($regexp, $path)) ? 1 : 0;
  }
  else {
    return;
  }
}

/**
 * Secure Pages SSL Test
 */
function securepages_test() {
  // If we are in an SSL page then assume that SSL is configured correctly.
  if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
    return TRUE;
  }
  $url = 'https://'. preg_replace(';^http[s]?://;s', '', url('admin/settings/securepages/test', NULL, NULL, TRUE));

  $response = drupal_http_request($url);

  return $response->code == 200 ? TRUE : FALSE;
}

1	<?php
2	// $Id: securepages.module,v 1.14 2007/12/22 07:03:46 gordon Exp $
3
4	/**
5	* Implementation of hook_init()
6	*/
7	function securepages_init() {
8	global $base_url;
9
10	$path = $_GET['q'];
11	if ($path == 'admin/settings/securepages/test') {
12	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
13	header('HTTP/1.1 200 OK');
14	}
15	else {
16	header('HTTP/1.1 404 Not Found');
17	}
18	exit();
19	}
20	if (!variable_get('securepages_enable', 0) \|\| basename($_SERVER['PHP_SELF']) != 'index.php') {
21	return;
22	}
23
24	$page_match = securepages_match($path);
25
26	if ($_POST) {
27	// If something has been posted to here then ignore the rules.
28	}
29	elseif ($page_match && !$_SERVER['HTTPS']) {
30	securepages_goto(TRUE);
31	}
32	elseif ($page_match === 0 && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
33	securepages_goto(FALSE);
34	}
35
36	// Correct the base_url so that everything comes from https.
37	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
38	$base_url = str_replace('http://', 'https://', $base_url);
39	}
40	}
41
42	/**
43	* Implementation of hook_menu()
44	*/
45	function securepages_menu($may_cache) {
46	$items = array();
47	if ($may_cache) {
48	$items[] = array(
49	'path' => 'admin/settings/securepages',
50	'title' => t('Secure Pages'),
51	'description' => t('Configure which pages are and are not to be viewed in SSL'),
52	'callback' => 'drupal_get_form',
53	'callback arguments' => 'securepages_settings',
54	'access' => user_access('administer site configuration'),
55	'type' => MENU_NORMAL_ITEM,
56	);
57	}
58	return $items;
59	}
60
61	/**
62	* Implementation of hook_settings()
63	*/
64	function securepages_settings() {
65	$form = array();
66
67	$form['securepages_enable'] = array(
68	'#type' => 'radios',
69	'#title' => t('Enable Secure Pages'),
70	'#default_value' => variable_get('securepages_enable', 0),
71	'#options' => array(t('Disabled'), t('Enabled')),
72	'#disabled' => !securepages_test(),
73	'#description' => t('To start using secure pages this setting must be enabled. This setting will only be able to changed when the web server has been configured for SSL.<br />If this test has failed then go <a href="!url">here</a>', array('!url' => preg_replace(';^http://;i', 'https://', url($_GET['q'], NULL, NULL, TRUE)))),
74	);
75	$form['securepages_switch'] = array(
76	'#type' => 'checkbox',
77	'#title' => t('Switch back to http pages when there are no matches'),
78	'#return_value' => TRUE,
79	'#default_value' => variable_get('securepages_switch', FALSE),
80	);
81	$form['securepages_secure'] = array(
82	'#type' => 'radios',
83	'#title' => t('Pages which will be be secure'),
84	'#default_value' => variable_get('securepages_secure', 1),
85	'#options' => array(t('Make secure every page except the listed pages.'), t('Make secure only the listed pages.')),
86	);
87	$form['securepages_pages'] = array(
88	'#type' => 'textarea',
89	'#title' => t('Pages'),
90	'#default_value' => variable_get('securepages_pages', "node/add\nnode//edit\nuser/\nadmin"),
91	'#cols' => 40,
92	'#rows' => 5,
93	'#description' => t("Enter one page per line as Drupal paths. The '' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/</em>' for every personal blog. '<em><front></em>' is the front page."),
94	);
95	$form['securepages_ignore'] = array(
96	'#type' => 'textarea',
97	'#title' => t('Ignore pages'),
98	'#default_value' => variable_get('securepages_ignore', "/autocomplete/"),
99	'#cols' => 40,
100	'#rows' => 5,
101	'#description' => t("The pages listed here will be ignored and be either returned in http or https. Enter one page per line as Drupal paths. The '' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/</em>' for every personal blog. '<em><front></em>' is the front page."),
102	);
103	return system_settings_form($form);
104	}
105
106	/**
107	* Implementation of hook_form_alter()
108	*/
109	function securepages_form_alter($form_id, &$form) {
110	if ($form['#action']) {
111	extract(parse_url($form['#action']));
112	parse_str($query, $query);
113	if (isset($query['q'])) {
114	$path = $query['q'];
115	}
116	else {
117	$base_path = base_path();
118	$path = (!strncmp($path, $base_path, strlen($base_path)) ? substr($path, strlen($base_path)) : $path);
119	}
120	$path = drupal_get_normal_path($path);
121	$query = drupal_query_string_encode($query);
122	$page_match = securepages_match($path);
123	if ($page_match && !$_SERVER['HTTPS']) {
124	$form['#action'] = securepages_get_destination($path, $query, TRUE);
125	}
126	elseif ($page_match === FALSE && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
127	$form['#action'] = securepages_get_destination($path, $query, FALSE);
128	}
129	}
130	}
131
132	/**
133	* Implementation of hook_link_alter()
134	*/
135	function securepages_link_alter(&$node, &$links) {
136	foreach ($links as $module => $link) {
137	if ($link['href']) {
138	$page_match = securepages_match($link['href']);
139	if ($page_match && !$_SERVER['HTTPS']) {
140	$links[$module]['href'] = securepages_get_destination($link['href'], NULL, TRUE);
141	}
142	elseif ($page_match === FALSE && $_SERVER['HTTPS'] && variable_get('securepages_switch', FALSE)) {
143	$links[$module]['href'] = securepages_get_destination($link['href'], NULL, FALSE);
144	}
145	}
146	}
147	}
148
149	/**
150	* securepage_goto()
151	*
152	* Redirects the current page to the secure or insecure version.
153	*
154	* @param $secure
155	* Determine which version of the set to move to.
156	*/
157	function securepages_goto($secure) {
158	if (function_exists('drupal_get_path_alias')) {
159	$path = drupal_get_path_alias($_GET['q']);
160	$query = drupal_query_string_encode($_GET, array('q'));
161	}
162	else {
163	$path = $_REQUEST['q'];
164	$query = '';
165	}
166	$url = securepages_get_destination($path, $query, $secure);
167
168	if (function_exists('module_invoke_all')) {
169	foreach (module_implements('exit') as $module) {
170	if ($module != 'devel') {
171	module_invoke($module, 'exit');
172	}
173	}
174	}
175	else {
176	bootstrap_invoke_all('exit');
177	}
178	header('Location: '. $url);
179	exit();
180	}
181
182	/**
183	* securepages_get_destination()
184	*
185	* Build the full secure/insecure destination for the past url
186	*
187	* @param $path
188	* path of the page that we need to get to.
189	*
190	* @param $query
191	* The querystring of the url that the web site is going to be past to.
192	*
193	* @param $secure
194	* determines what type of page to return.
195	*
196	* @return
197	* valid url which is secure or insecure depending on the $secure flag.
198	*/
199	function securepages_get_destination($path, $query, $secure) {
200	if (function_exists('url')) {
201	// if url() exists then use that as it will more robust.
202	$url = url($path, $query == '' ? NULL : $query, NULL, TRUE);
203	}
204	else {
205	// This should convert to the current page ok.
206	$url = 'http://'. $_SERVER['HTTP_HOST'] . request_uri();
207	}
208
209	if ($secure) {
210	$url = preg_replace('/^http:\/\//i', 'https://', $url);
211	}
212	else {
213	$url = preg_replace('/^https:\/\//i', 'http://', $url);
214	}
215
216	return $url;
217	}
218
219	/**
220	* securepages_match()
221	*
222	* check the page past and see if it should be secure or insecure.
223	*
224	* @param $path
225	* the page of the page to check.
226	*
227	* @return
228	* 0 - page should be insecure.
229	* 1 - page should be secure.
230	* NULL - do not change page.
231	*/
232	function securepages_match($path) {
233	/* Check to see if the current menu item has a preference and ignore the
234	* secure pages settings
235	*/
236	$item = menu_get_item(menu_get_active_item());
237	if (isset($item['secure'])) {
238	return $item['secure'];
239	}
240
241	/**
242	* Check to see if the page matches the current settings
243	*/
244	$secure = variable_get('securepages_secure', 1);
245	$pages = variable_get('securepages_pages', "node/add\nnode//edit\nuser/\nadmin");
246	$ignore = variable_get('securepages_ignore', "/autocomplete/\n/ajax/");
247
248	if ($ignore) {
249	$regexp = '/^('. preg_replace(array('/(\r\n?\|\n)/', '/\\\\\/', '/(^\|\\|)\\\\<front\\\\>($\|\\|)/'), array('\|', '.', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($ignore, '/')) .')$/';
250	if (preg_match($regexp, $path)) {
251	if ($_SERVER['HTTPS'] == 'on') {
252	return 1;
253	}
254	else {
255	return 0;
256	}
257	}
258	}
259	if ($pages) {
260	$regexp = '/^('. preg_replace(array('/(\r\n?\|\n)/', '/\\\\\/', '/(^\|\\|)\\\\<front\\\\>($\|\\|)/'), array('\|', '.', '\1'. preg_quote(variable_get('site_frontpage', 'node'), '/') .'\2'), preg_quote($pages, '/')) .')$/';
261	return !($secure xor preg_match($regexp, $path)) ? 1 : 0;
262	}
263	else {
264	return;
265	}
266	}
267
268	/**
269	* Secure Pages SSL Test
270	*/
271	function securepages_test() {
272	// If we are in an SSL page then assume that SSL is configured correctly.
273	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
274	return TRUE;
275	}
276	$url = 'https://'. preg_replace(';^http[s]?://;s', '', url('admin/settings/securepages/test', NULL, NULL, TRUE));
277
278	$response = drupal_http_request($url);
279
280	return $response->code == 200 ? TRUE : FALSE;
281	}
282