1 | <?php |
---|
2 | /* |
---|
3 | Plugin Name: Force HTTPS |
---|
4 | Version: 1.4.0 |
---|
5 | Description: Gives the capacity to force https connections on https enabled servers. |
---|
6 | Plugin URI: http://piwigo.org/ext/extension_view.php?eid=697 |
---|
7 | Author: bonhommedeneige |
---|
8 | Author URI: http://piwigo.org/forum/profile.php?id=19052 |
---|
9 | |
---|
10 | Changelog : |
---|
11 | 1.4.0 (02.01.2015) : Upgrade for Piwigo 2.7 compatibility |
---|
12 | 1.3.0 (05.03.2014) : Upgrade for Piwigo 2.6 compatibility |
---|
13 | 1.2.0 (05.05.2013) : Fixed unicity of strbool function (renamed to piwigo_force_https_strbool) |
---|
14 | Caused unicity issue with video-js plugin |
---|
15 | 1.1.0 (04.05.2013) : Added response code 301 before redirecting to https |
---|
16 | Added capacity to activate or not HSTS |
---|
17 | Corrected initialization of configuration at first launch |
---|
18 | 1.0.0 (02.05.2013) : Initial version |
---|
19 | */ |
---|
20 | |
---|
21 | defined('PHPWG_ROOT_PATH') or die('Hacking attempt!'); |
---|
22 | |
---|
23 | global $conf; |
---|
24 | |
---|
25 | // +-----------------------------------------------------------------------+ |
---|
26 | // | Define plugin constants | |
---|
27 | // +-----------------------------------------------------------------------+ |
---|
28 | define('FORCE_HTTPS_ID', basename(dirname(__FILE__))); |
---|
29 | define('FORCE_HTTPS_PATH' , PHPWG_PLUGINS_PATH . FORCE_HTTPS_ID . '/'); |
---|
30 | define('FORCE_HTTPS_VERSION', '1.4.0'); |
---|
31 | // this is automatically updated by PEM if you publish your plugin with SVN, otherwise you musn't forget to change it, as well as "Version" in the plugin header |
---|
32 | |
---|
33 | |
---|
34 | // +-----------------------------------------------------------------------+ |
---|
35 | // | Add event handlers | |
---|
36 | // +-----------------------------------------------------------------------+ |
---|
37 | // init the plugin |
---|
38 | add_event_handler('init', 'piwigo_force_https_init'); |
---|
39 | |
---|
40 | if (defined('IN_ADMIN')) |
---|
41 | { |
---|
42 | // admin plugins menu link |
---|
43 | add_event_handler('get_admin_plugin_menu_links', 'piwigo_force_https_admin_plugin_menu_links'); |
---|
44 | } |
---|
45 | |
---|
46 | add_event_handler('loc_end_page_header', 'piwigo_force_https_header' ); |
---|
47 | |
---|
48 | /** |
---|
49 | * Admin plugins menu link |
---|
50 | */ |
---|
51 | function piwigo_force_https_admin_plugin_menu_links($menu) |
---|
52 | { |
---|
53 | array_push($menu, array( |
---|
54 | 'NAME' => l10n('Force HTTPS'), |
---|
55 | 'URL' => get_admin_plugin_menu_link(dirname(__FILE__).'/admin.php'), |
---|
56 | )); |
---|
57 | return $menu; |
---|
58 | } |
---|
59 | |
---|
60 | /** |
---|
61 | * plugin initialization |
---|
62 | * - check for upgrades |
---|
63 | * - unserialize configuration |
---|
64 | * - load language |
---|
65 | */ |
---|
66 | function piwigo_force_https_init() |
---|
67 | { |
---|
68 | global $conf, $pwg_loaded_plugins; |
---|
69 | |
---|
70 | // apply upgrade if needed |
---|
71 | if ( |
---|
72 | FORCE_HTTPS_VERSION == 'auto' or |
---|
73 | $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] == 'auto' or |
---|
74 | version_compare($pwg_loaded_plugins[FORCE_HTTPS_ID]['version'], FORCE_HTTPS_VERSION, '<') |
---|
75 | ) |
---|
76 | { |
---|
77 | // call install function |
---|
78 | include_once(FORCE_HTTPS_PATH . 'maintain.inc.php'); |
---|
79 | plugin_install(); |
---|
80 | |
---|
81 | // update plugin version in database |
---|
82 | if ( $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] != 'auto' and FORCE_HTTPS_VERSION != 'auto' ) |
---|
83 | { |
---|
84 | $query = ' |
---|
85 | UPDATE '. PLUGINS_TABLE .' |
---|
86 | SET version = "'. FORCE_HTTPS_VERSION .'" |
---|
87 | WHERE id = "'. FORCE_HTTPS_ID .'"'; |
---|
88 | pwg_query($query); |
---|
89 | |
---|
90 | $pwg_loaded_plugins[FORCE_HTTPS_ID]['version'] = FORCE_HTTPS_VERSION; |
---|
91 | |
---|
92 | if (defined('IN_ADMIN')) |
---|
93 | { |
---|
94 | $_SESSION['page_infos'][] = 'Force https updated to version '. FORCE_HTTPS_VERSION; |
---|
95 | } |
---|
96 | } |
---|
97 | } |
---|
98 | } |
---|
99 | |
---|
100 | /** |
---|
101 | * Http connections control |
---|
102 | * - function completes http header based on configuration settings |
---|
103 | */ |
---|
104 | function piwigo_force_https_header() { |
---|
105 | global $conf; |
---|
106 | |
---|
107 | // Force https connection |
---|
108 | $use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false'; |
---|
109 | $use_sts = isset($conf['fhp_use_sts']) ? piwigo_force_https_strbool($conf['fhp_use_sts']) : 'false'; |
---|
110 | |
---|
111 | // Activates STS security |
---|
112 | if ($use_https == 'true') { |
---|
113 | if ($use_sts == 'true' && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { |
---|
114 | header('Strict-Transport-Security: max-age=500'); |
---|
115 | } elseif (!isset($_SERVER['HTTPS'])) { |
---|
116 | header('Status-Code: 301'); |
---|
117 | header('Location: https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI']); |
---|
118 | } |
---|
119 | } |
---|
120 | } |
---|
121 | |
---|
122 | function piwigo_force_https_strbool($value) |
---|
123 | { |
---|
124 | return $value ? 'true' : 'false'; |
---|
125 | } |
---|
126 | ?> |
---|