1 | <?php |
---|
2 | /* |
---|
3 | Plugin Name: Force HTTPS |
---|
4 | Version: 1.2.0 |
---|
5 | Description: Gives the capacity to force https connections on https enabled servers. |
---|
6 | Plugin URI: http://piwigo.org/ext/extension_view.php?eid=697 |
---|
7 | Author: bonhommedeneige |
---|
8 | Author URI: http://piwigo.org/forum/profile.php?id=19052 |
---|
9 | |
---|
10 | Changelog : |
---|
11 | 1.2.0 (05.05.2013) : Fixed unicity of strbool function (renamed to piwigo_force_https_strbool) |
---|
12 | Caused unicity issue with video-js plugin |
---|
13 | 1.1.0 (04.05.2013) : Added response code 301 before redirecting to https |
---|
14 | Added capacity to activate or not HSTS |
---|
15 | Corrected initialization of configuration at first launch |
---|
16 | 1.0.0 (02.05.2013) : Initial version |
---|
17 | */ |
---|
18 | |
---|
19 | defined('PHPWG_ROOT_PATH') or die('Hacking attempt!'); |
---|
20 | |
---|
21 | global $conf; |
---|
22 | |
---|
23 | // +-----------------------------------------------------------------------+ |
---|
24 | // | Define plugin constants | |
---|
25 | // +-----------------------------------------------------------------------+ |
---|
26 | define('FORCE_HTTPS_ID', basename(dirname(__FILE__))); |
---|
27 | define('FORCE_HTTPS_PATH' , PHPWG_PLUGINS_PATH . FORCE_HTTPS_ID . '/'); |
---|
28 | define('FORCE_HTTPS_VERSION', '1.2.0'); |
---|
29 | // this is automatically updated by PEM if you publish your plugin with SVN, otherwise you musn't forget to change it, as well as "Version" in the plugin header |
---|
30 | |
---|
31 | |
---|
32 | // +-----------------------------------------------------------------------+ |
---|
33 | // | Add event handlers | |
---|
34 | // +-----------------------------------------------------------------------+ |
---|
35 | // init the plugin |
---|
36 | add_event_handler('init', 'piwigo_force_https_init'); |
---|
37 | |
---|
38 | if (defined('IN_ADMIN')) |
---|
39 | { |
---|
40 | // admin plugins menu link |
---|
41 | add_event_handler('get_admin_plugin_menu_links', 'piwigo_force_https_admin_plugin_menu_links'); |
---|
42 | } |
---|
43 | |
---|
44 | add_event_handler('loc_end_page_header', 'piwigo_force_https_header' ); |
---|
45 | |
---|
46 | /** |
---|
47 | * Admin plugins menu link |
---|
48 | */ |
---|
49 | function piwigo_force_https_admin_plugin_menu_links($menu) |
---|
50 | { |
---|
51 | array_push($menu, array( |
---|
52 | 'NAME' => l10n('Force HTTPS'), |
---|
53 | 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin.php'), |
---|
54 | )); |
---|
55 | return $menu; |
---|
56 | } |
---|
57 | |
---|
58 | /** |
---|
59 | * plugin initialization |
---|
60 | * - check for upgrades |
---|
61 | * - unserialize configuration |
---|
62 | * - load language |
---|
63 | */ |
---|
64 | function piwigo_force_https_init() |
---|
65 | { |
---|
66 | global $conf, $pwg_loaded_plugins; |
---|
67 | |
---|
68 | // apply upgrade if needed |
---|
69 | if ( |
---|
70 | FORCE_HTTPS_VERSION == 'auto' or |
---|
71 | $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] == 'auto' or |
---|
72 | version_compare($pwg_loaded_plugins[FORCE_HTTPS_ID]['version'], FORCE_HTTPS_VERSION, '<') |
---|
73 | ) |
---|
74 | { |
---|
75 | // call install function |
---|
76 | include_once(FORCE_HTTPS_PATH . 'maintain.inc.php'); |
---|
77 | plugin_install(); |
---|
78 | |
---|
79 | // update plugin version in database |
---|
80 | if ( $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] != 'auto' and FORCE_HTTPS_VERSION != 'auto' ) |
---|
81 | { |
---|
82 | $query = ' |
---|
83 | UPDATE '. PLUGINS_TABLE .' |
---|
84 | SET version = "'. FORCE_HTTPS_VERSION .'" |
---|
85 | WHERE id = "'. FORCE_HTTPS_ID .'"'; |
---|
86 | pwg_query($query); |
---|
87 | |
---|
88 | $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] = FORCE_HTTPS_VERSION; |
---|
89 | |
---|
90 | if (defined('IN_ADMIN')) |
---|
91 | { |
---|
92 | $_SESSION['page_infos'][] = 'Force https updated to version '. FORCE_HTTPS_VERSION; |
---|
93 | } |
---|
94 | } |
---|
95 | } |
---|
96 | |
---|
97 | // prepare plugin configuration |
---|
98 | //$conf['piwigo_force_https'] = unserialize($conf['piwigo_force_https']); |
---|
99 | } |
---|
100 | |
---|
101 | /** |
---|
102 | * SSL availability check |
---|
103 | * - function checks if ssl is available on domain |
---|
104 | */ |
---|
105 | function piwigo_force_https_checkssl() { |
---|
106 | global $conf; |
---|
107 | |
---|
108 | $mylinks="http://www.petitssuisses.com"; |
---|
109 | $handlerr = curl_init($mylinks); |
---|
110 | curl_setopt($handlerr, CURLOPT_RETURNTRANSFER, TRUE); |
---|
111 | $resp = curl_exec($handlerr); |
---|
112 | $ht = curl_getinfo($handlerr, CURLINFO_HTTP_CODE); |
---|
113 | |
---|
114 | if ($ht == '404') |
---|
115 | { echo 'OK';} |
---|
116 | else { echo 'NO'; |
---|
117 | } |
---|
118 | } |
---|
119 | |
---|
120 | /** |
---|
121 | * Http connections control |
---|
122 | * - function completes http header based on configuration settings |
---|
123 | */ |
---|
124 | function piwigo_force_https_header() { |
---|
125 | global $conf; |
---|
126 | |
---|
127 | // Force https connection |
---|
128 | $use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false'; |
---|
129 | $use_sts = isset($conf['fhp_use_sts']) ? piwigo_force_https_strbool($conf['fhp_use_sts']) : 'false'; |
---|
130 | |
---|
131 | // Activates STS security |
---|
132 | if ($use_https == 'true') { |
---|
133 | if ($use_sts == 'true' && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { |
---|
134 | header('Strict-Transport-Security: max-age=500'); |
---|
135 | } elseif (!isset($_SERVER['HTTPS'])) { |
---|
136 | header('Status-Code: 301'); |
---|
137 | header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']); |
---|
138 | } |
---|
139 | } |
---|
140 | } |
---|
141 | |
---|
142 | function piwigo_force_https_strbool($value) |
---|
143 | { |
---|
144 | return $value ? 'true' : 'false'; |
---|
145 | } |
---|
146 | ?> |
---|