source: extensions/Force_HTTPS/main.inc.php @ 27560

Last change on this file since 27560 was 27560, checked in by bonhommedeneige, 10 years ago

Version 1.3.0 - Piwigo 2.6 compatibility
File size: 4.0 KB
Line 
1<?php 
2/*
3Plugin Name: Force HTTPS
4Version: 1.3.0
5Description: Gives the capacity to force https connections on https enabled servers.
6Plugin URI: http://piwigo.org/ext/extension_view.php?eid=697
7Author: bonhommedeneige
8Author URI: http://piwigo.org/forum/profile.php?id=19052
9
10Changelog :
11 1.3.0 (05.03.2014) : Upgrade for Piwigo 2.6 compatibility
12 1.2.0 (05.05.2013) : Fixed unicity of strbool function (renamed to piwigo_force_https_strbool)
13                      Caused unicity issue with video-js plugin
14 1.1.0 (04.05.2013) : Added response code 301 before redirecting to https
15                                          Added capacity to activate or not HSTS
16                                          Corrected initialization of configuration at first launch
17 1.0.0 (02.05.2013) : Initial version
18*/
19
20defined('PHPWG_ROOT_PATH') or die('Hacking attempt!');
21
22global $conf;
23
24// +-----------------------------------------------------------------------+
25// | Define plugin constants                                               |
26// +-----------------------------------------------------------------------+
27define('FORCE_HTTPS_ID', basename(dirname(__FILE__)));
28define('FORCE_HTTPS_PATH' ,   PHPWG_PLUGINS_PATH . FORCE_HTTPS_ID . '/');
29define('FORCE_HTTPS_VERSION', '1.3.0');
30// this is automatically updated by PEM if you publish your plugin with SVN, otherwise you musn't forget to change it, as well as "Version" in the plugin header
31
32
33// +-----------------------------------------------------------------------+
34// | Add event handlers                                                    |
35// +-----------------------------------------------------------------------+
36// init the plugin
37add_event_handler('init', 'piwigo_force_https_init');
38
39if (defined('IN_ADMIN'))
40{
41  // admin plugins menu link
42  add_event_handler('get_admin_plugin_menu_links', 'piwigo_force_https_admin_plugin_menu_links');
43}
44
45add_event_handler('loc_end_page_header', 'piwigo_force_https_header' );
46
47/**
48 * Admin plugins menu link
49 */
50function piwigo_force_https_admin_plugin_menu_links($menu) 
51{
52  array_push($menu, array(
53    'NAME' => l10n('Force HTTPS'),
54    'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin.php'),
55  ));
56  return $menu;
57}
58
59/**
60 * plugin initialization
61 *   - check for upgrades
62 *   - unserialize configuration
63 *   - load language
64 */
65function piwigo_force_https_init()
66{
67  global $conf, $pwg_loaded_plugins;
68 
69  // apply upgrade if needed
70  if (
71    FORCE_HTTPS_VERSION == 'auto' or
72    $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] == 'auto' or
73    version_compare($pwg_loaded_plugins[FORCE_HTTPS_ID]['version'], FORCE_HTTPS_VERSION, '<')
74  )
75  {
76    // call install function
77    include_once(FORCE_HTTPS_PATH . 'maintain.inc.php');
78    plugin_install();
79   
80    // update plugin version in database
81    if ( $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] != 'auto' and FORCE_HTTPS_VERSION != 'auto' )
82    {
83      $query = '
84                UPDATE '. PLUGINS_TABLE .'
85                SET version = "'. FORCE_HTTPS_VERSION .'"
86                WHERE id = "'. FORCE_HTTPS_ID .'"';
87      pwg_query($query);
88     
89      $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] = FORCE_HTTPS_VERSION;
90     
91      if (defined('IN_ADMIN'))
92      {
93        $_SESSION['page_infos'][] = 'Force https updated to version '. FORCE_HTTPS_VERSION;
94      }
95    }
96  }
97}
98
99/**
100 * Http connections control
101 * - function completes http header based on configuration settings
102 */
103function piwigo_force_https_header() {
104        global $conf;
105
106        // Force https connection
107        $use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false';
108        $use_sts = isset($conf['fhp_use_sts']) ? piwigo_force_https_strbool($conf['fhp_use_sts']) : 'false';
109
110        // Activates STS security
111        if ($use_https == 'true') {
112                if ($use_sts == 'true' && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
113                  header('Strict-Transport-Security: max-age=500');
114                } elseif (!isset($_SERVER['HTTPS'])) {
115                  header('Status-Code: 301');
116                  header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']);
117                }
118        }
119}
120
121function piwigo_force_https_strbool($value)
122{
123        return $value ? 'true' : 'false';
124}
125?>
Note: See TracBrowser for help on using the repository browser.