source: extensions/Force_HTTPS/main.inc.php @ 32582

Last change on this file since 32582 was 30991, checked in by bonhommedeneige, 10 years ago

Updated files for Piwigo 2.7 compatibility

File size: 4.1 KB
Line 
1<?php 
2/*
3Plugin Name: Force HTTPS
4Version: 1.4.0
5Description: Gives the capacity to force https connections on https enabled servers.
6Plugin URI: http://piwigo.org/ext/extension_view.php?eid=697
7Author: bonhommedeneige
8Author URI: http://piwigo.org/forum/profile.php?id=19052
9
10Changelog :
11 1.4.0 (02.01.2015) : Upgrade for Piwigo 2.7 compatibility
12 1.3.0 (05.03.2014) : Upgrade for Piwigo 2.6 compatibility
13 1.2.0 (05.05.2013) : Fixed unicity of strbool function (renamed to piwigo_force_https_strbool)
14                      Caused unicity issue with video-js plugin
15 1.1.0 (04.05.2013) : Added response code 301 before redirecting to https
16                                          Added capacity to activate or not HSTS
17                                          Corrected initialization of configuration at first launch
18 1.0.0 (02.05.2013) : Initial version
19*/
20
21defined('PHPWG_ROOT_PATH') or die('Hacking attempt!');
22
23global $conf;
24
25// +-----------------------------------------------------------------------+
26// | Define plugin constants                                               |
27// +-----------------------------------------------------------------------+
28define('FORCE_HTTPS_ID', basename(dirname(__FILE__)));
29define('FORCE_HTTPS_PATH' ,   PHPWG_PLUGINS_PATH . FORCE_HTTPS_ID . '/');
30define('FORCE_HTTPS_VERSION', '1.4.0');
31// this is automatically updated by PEM if you publish your plugin with SVN, otherwise you musn't forget to change it, as well as "Version" in the plugin header
32
33
34// +-----------------------------------------------------------------------+
35// | Add event handlers                                                    |
36// +-----------------------------------------------------------------------+
37// init the plugin
38add_event_handler('init', 'piwigo_force_https_init');
39
40if (defined('IN_ADMIN'))
41{
42  // admin plugins menu link
43  add_event_handler('get_admin_plugin_menu_links', 'piwigo_force_https_admin_plugin_menu_links');
44}
45
46add_event_handler('loc_end_page_header', 'piwigo_force_https_header' );
47
48/**
49 * Admin plugins menu link
50 */
51function piwigo_force_https_admin_plugin_menu_links($menu) 
52{
53  array_push($menu, array(
54    'NAME' => l10n('Force HTTPS'),
55    'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin.php'),
56  ));
57  return $menu;
58}
59
60/**
61 * plugin initialization
62 *   - check for upgrades
63 *   - unserialize configuration
64 *   - load language
65 */
66function piwigo_force_https_init()
67{
68  global $conf, $pwg_loaded_plugins;
69 
70  // apply upgrade if needed
71  if (
72    FORCE_HTTPS_VERSION == 'auto' or
73    $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] == 'auto' or
74    version_compare($pwg_loaded_plugins[FORCE_HTTPS_ID]['version'], FORCE_HTTPS_VERSION, '<')
75  )
76  {
77    // call install function
78    include_once(FORCE_HTTPS_PATH . 'maintain.inc.php');
79    plugin_install();
80   
81    // update plugin version in database
82    if ( $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] != 'auto' and FORCE_HTTPS_VERSION != 'auto' )
83    {
84      $query = '
85                UPDATE '. PLUGINS_TABLE .'
86                SET version = "'. FORCE_HTTPS_VERSION .'"
87                WHERE id = "'. FORCE_HTTPS_ID .'"';
88      pwg_query($query);
89     
90      $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] = FORCE_HTTPS_VERSION;
91     
92      if (defined('IN_ADMIN'))
93      {
94        $_SESSION['page_infos'][] = 'Force https updated to version '. FORCE_HTTPS_VERSION;
95      }
96    }
97  }
98}
99
100/**
101 * Http connections control
102 * - function completes http header based on configuration settings
103 */
104function piwigo_force_https_header() {
105        global $conf;
106
107        // Force https connection
108        $use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false';
109        $use_sts = isset($conf['fhp_use_sts']) ? piwigo_force_https_strbool($conf['fhp_use_sts']) : 'false';
110
111        // Activates STS security
112        if ($use_https == 'true') {
113                if ($use_sts == 'true' && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
114                  header('Strict-Transport-Security: max-age=500');
115                } elseif (!isset($_SERVER['HTTPS'])) {
116                  header('Status-Code: 301');
117                  header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']);
118                }
119        }
120}
121
122function piwigo_force_https_strbool($value)
123{
124        return $value ? 'true' : 'false';
125}
126?>
Note: See TracBrowser for help on using the repository browser.