[22560] | 1 | <?php |
---|
| 2 | /* |
---|
| 3 | Plugin Name: Force HTTPS |
---|
[27560] | 4 | Version: 1.3.0 |
---|
[22560] | 5 | Description: Gives the capacity to force https connections on https enabled servers. |
---|
| 6 | Plugin URI: http://piwigo.org/ext/extension_view.php?eid=697 |
---|
| 7 | Author: bonhommedeneige |
---|
| 8 | Author URI: http://piwigo.org/forum/profile.php?id=19052 |
---|
| 9 | |
---|
| 10 | Changelog : |
---|
[27560] | 11 | 1.3.0 (05.03.2014) : Upgrade for Piwigo 2.6 compatibility |
---|
[22560] | 12 | 1.2.0 (05.05.2013) : Fixed unicity of strbool function (renamed to piwigo_force_https_strbool) |
---|
| 13 | Caused unicity issue with video-js plugin |
---|
| 14 | 1.1.0 (04.05.2013) : Added response code 301 before redirecting to https |
---|
| 15 | Added capacity to activate or not HSTS |
---|
| 16 | Corrected initialization of configuration at first launch |
---|
| 17 | 1.0.0 (02.05.2013) : Initial version |
---|
| 18 | */ |
---|
| 19 | |
---|
| 20 | defined('PHPWG_ROOT_PATH') or die('Hacking attempt!'); |
---|
| 21 | |
---|
| 22 | global $conf; |
---|
| 23 | |
---|
| 24 | // +-----------------------------------------------------------------------+ |
---|
| 25 | // | Define plugin constants | |
---|
| 26 | // +-----------------------------------------------------------------------+ |
---|
| 27 | define('FORCE_HTTPS_ID', basename(dirname(__FILE__))); |
---|
| 28 | define('FORCE_HTTPS_PATH' , PHPWG_PLUGINS_PATH . FORCE_HTTPS_ID . '/'); |
---|
[27560] | 29 | define('FORCE_HTTPS_VERSION', '1.3.0'); |
---|
[22560] | 30 | // this is automatically updated by PEM if you publish your plugin with SVN, otherwise you musn't forget to change it, as well as "Version" in the plugin header |
---|
| 31 | |
---|
| 32 | |
---|
| 33 | // +-----------------------------------------------------------------------+ |
---|
| 34 | // | Add event handlers | |
---|
| 35 | // +-----------------------------------------------------------------------+ |
---|
| 36 | // init the plugin |
---|
| 37 | add_event_handler('init', 'piwigo_force_https_init'); |
---|
| 38 | |
---|
| 39 | if (defined('IN_ADMIN')) |
---|
| 40 | { |
---|
| 41 | // admin plugins menu link |
---|
| 42 | add_event_handler('get_admin_plugin_menu_links', 'piwigo_force_https_admin_plugin_menu_links'); |
---|
| 43 | } |
---|
| 44 | |
---|
| 45 | add_event_handler('loc_end_page_header', 'piwigo_force_https_header' ); |
---|
| 46 | |
---|
| 47 | /** |
---|
| 48 | * Admin plugins menu link |
---|
| 49 | */ |
---|
| 50 | function piwigo_force_https_admin_plugin_menu_links($menu) |
---|
| 51 | { |
---|
| 52 | array_push($menu, array( |
---|
| 53 | 'NAME' => l10n('Force HTTPS'), |
---|
| 54 | 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin.php'), |
---|
| 55 | )); |
---|
| 56 | return $menu; |
---|
| 57 | } |
---|
| 58 | |
---|
| 59 | /** |
---|
| 60 | * plugin initialization |
---|
| 61 | * - check for upgrades |
---|
| 62 | * - unserialize configuration |
---|
| 63 | * - load language |
---|
| 64 | */ |
---|
| 65 | function piwigo_force_https_init() |
---|
| 66 | { |
---|
| 67 | global $conf, $pwg_loaded_plugins; |
---|
| 68 | |
---|
| 69 | // apply upgrade if needed |
---|
| 70 | if ( |
---|
| 71 | FORCE_HTTPS_VERSION == 'auto' or |
---|
| 72 | $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] == 'auto' or |
---|
| 73 | version_compare($pwg_loaded_plugins[FORCE_HTTPS_ID]['version'], FORCE_HTTPS_VERSION, '<') |
---|
| 74 | ) |
---|
| 75 | { |
---|
| 76 | // call install function |
---|
| 77 | include_once(FORCE_HTTPS_PATH . 'maintain.inc.php'); |
---|
| 78 | plugin_install(); |
---|
| 79 | |
---|
| 80 | // update plugin version in database |
---|
| 81 | if ( $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] != 'auto' and FORCE_HTTPS_VERSION != 'auto' ) |
---|
| 82 | { |
---|
| 83 | $query = ' |
---|
| 84 | UPDATE '. PLUGINS_TABLE .' |
---|
| 85 | SET version = "'. FORCE_HTTPS_VERSION .'" |
---|
| 86 | WHERE id = "'. FORCE_HTTPS_ID .'"'; |
---|
| 87 | pwg_query($query); |
---|
| 88 | |
---|
| 89 | $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] = FORCE_HTTPS_VERSION; |
---|
| 90 | |
---|
| 91 | if (defined('IN_ADMIN')) |
---|
| 92 | { |
---|
| 93 | $_SESSION['page_infos'][] = 'Force https updated to version '. FORCE_HTTPS_VERSION; |
---|
| 94 | } |
---|
| 95 | } |
---|
| 96 | } |
---|
| 97 | } |
---|
| 98 | |
---|
| 99 | /** |
---|
| 100 | * Http connections control |
---|
| 101 | * - function completes http header based on configuration settings |
---|
| 102 | */ |
---|
| 103 | function piwigo_force_https_header() { |
---|
| 104 | global $conf; |
---|
| 105 | |
---|
| 106 | // Force https connection |
---|
| 107 | $use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false'; |
---|
| 108 | $use_sts = isset($conf['fhp_use_sts']) ? piwigo_force_https_strbool($conf['fhp_use_sts']) : 'false'; |
---|
| 109 | |
---|
| 110 | // Activates STS security |
---|
| 111 | if ($use_https == 'true') { |
---|
| 112 | if ($use_sts == 'true' && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { |
---|
| 113 | header('Strict-Transport-Security: max-age=500'); |
---|
| 114 | } elseif (!isset($_SERVER['HTTPS'])) { |
---|
| 115 | header('Status-Code: 301'); |
---|
| 116 | header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']); |
---|
| 117 | } |
---|
| 118 | } |
---|
| 119 | } |
---|
| 120 | |
---|
| 121 | function piwigo_force_https_strbool($value) |
---|
| 122 | { |
---|
| 123 | return $value ? 'true' : 'false'; |
---|
| 124 | } |
---|
| 125 | ?> |
---|