source: extensions/Force_HTTPS/main.inc.php @ 26374

Last change on this file since 26374 was 22560, checked in by bonhommedeneige, 12 years ago

Initial commit. Version 1.2.0

File size: 4.5 KB
Line 
1<?php 
2/*
3Plugin Name: Force HTTPS
4Version: 1.2.0
5Description: Gives the capacity to force https connections on https enabled servers.
6Plugin URI: http://piwigo.org/ext/extension_view.php?eid=697
7Author: bonhommedeneige
8Author URI: http://piwigo.org/forum/profile.php?id=19052
9
10Changelog :
11 1.2.0 (05.05.2013) : Fixed unicity of strbool function (renamed to piwigo_force_https_strbool)
12                      Caused unicity issue with video-js plugin
13 1.1.0 (04.05.2013) : Added response code 301 before redirecting to https
14                                          Added capacity to activate or not HSTS
15                                          Corrected initialization of configuration at first launch
16 1.0.0 (02.05.2013) : Initial version
17*/
18
19defined('PHPWG_ROOT_PATH') or die('Hacking attempt!');
20
21global $conf;
22
23// +-----------------------------------------------------------------------+
24// | Define plugin constants                                               |
25// +-----------------------------------------------------------------------+
26define('FORCE_HTTPS_ID', basename(dirname(__FILE__)));
27define('FORCE_HTTPS_PATH' ,   PHPWG_PLUGINS_PATH . FORCE_HTTPS_ID . '/');
28define('FORCE_HTTPS_VERSION', '1.2.0');
29// this is automatically updated by PEM if you publish your plugin with SVN, otherwise you musn't forget to change it, as well as "Version" in the plugin header
30
31
32// +-----------------------------------------------------------------------+
33// | Add event handlers                                                    |
34// +-----------------------------------------------------------------------+
35// init the plugin
36add_event_handler('init', 'piwigo_force_https_init');
37
38if (defined('IN_ADMIN'))
39{
40  // admin plugins menu link
41  add_event_handler('get_admin_plugin_menu_links', 'piwigo_force_https_admin_plugin_menu_links');
42}
43
44add_event_handler('loc_end_page_header', 'piwigo_force_https_header' );
45
46/**
47 * Admin plugins menu link
48 */
49function piwigo_force_https_admin_plugin_menu_links($menu) 
50{
51  array_push($menu, array(
52    'NAME' => l10n('Force HTTPS'),
53    'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin.php'),
54  ));
55  return $menu;
56}
57
58/**
59 * plugin initialization
60 *   - check for upgrades
61 *   - unserialize configuration
62 *   - load language
63 */
64function piwigo_force_https_init()
65{
66  global $conf, $pwg_loaded_plugins;
67 
68  // apply upgrade if needed
69  if (
70    FORCE_HTTPS_VERSION == 'auto' or
71    $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] == 'auto' or
72    version_compare($pwg_loaded_plugins[FORCE_HTTPS_ID]['version'], FORCE_HTTPS_VERSION, '<')
73  )
74  {
75    // call install function
76    include_once(FORCE_HTTPS_PATH . 'maintain.inc.php');
77    plugin_install();
78   
79    // update plugin version in database
80    if ( $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] != 'auto' and FORCE_HTTPS_VERSION != 'auto' )
81    {
82      $query = '
83                UPDATE '. PLUGINS_TABLE .'
84                SET version = "'. FORCE_HTTPS_VERSION .'"
85                WHERE id = "'. FORCE_HTTPS_ID .'"';
86      pwg_query($query);
87     
88      $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] = FORCE_HTTPS_VERSION;
89     
90      if (defined('IN_ADMIN'))
91      {
92        $_SESSION['page_infos'][] = 'Force https updated to version '. FORCE_HTTPS_VERSION;
93      }
94    }
95  }
96 
97  // prepare plugin configuration
98  //$conf['piwigo_force_https'] = unserialize($conf['piwigo_force_https']);
99}
100
101/**
102 * SSL availability check
103 *   - function checks if ssl is available on domain
104 */
105function piwigo_force_https_checkssl() {
106        global $conf;
107       
108$mylinks="http://www.petitssuisses.com";
109$handlerr = curl_init($mylinks);
110curl_setopt($handlerr,  CURLOPT_RETURNTRANSFER, TRUE);
111$resp = curl_exec($handlerr);
112$ht = curl_getinfo($handlerr, CURLINFO_HTTP_CODE);
113
114if ($ht == '404')
115     { echo 'OK';}
116else { echo 'NO';
117}
118}
119
120/**
121 * Http connections control
122 * - function completes http header based on configuration settings
123 */
124function piwigo_force_https_header() {
125        global $conf;
126
127        // Force https connection
128        $use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false';
129        $use_sts = isset($conf['fhp_use_sts']) ? piwigo_force_https_strbool($conf['fhp_use_sts']) : 'false';
130
131        // Activates STS security
132        if ($use_https == 'true') {
133                if ($use_sts == 'true' && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
134                  header('Strict-Transport-Security: max-age=500');
135                } elseif (!isset($_SERVER['HTTPS'])) {
136                  header('Status-Code: 301');
137                  header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']);
138                }
139        }
140}
141
142function piwigo_force_https_strbool($value)
143{
144        return $value ? 'true' : 'false';
145}
146?>
Note: See TracBrowser for help on using the repository browser.