2

I have built a bespoke site in Codeigniter and my client is getting orders through PayPal.

The problem that is happening is that I have written the site so that if a PayPal order is complete and returns back to the site, The booking gets updated to paid.

I have noticed that some orders, The customer is not returning to the site due sometimes the "Insecure Data" popup you get in most browsers.

I think, The way to resolve this is to make the return page an https:// page.

So am wondering how do you change the config in your CI to the https:// link on just that one page.

There may be other ways and am open to suggestions.

I am also considering the IPN route to update the order, But not too sure on that one.

Thanks

StuBlackett
  • 3,789
  • 15
  • 68
  • 113
  • 1
    i have tried this http://www.davidnard.com/2011/04/easy-ssl-redirection-in-codeigniter/ – Rakesh Sharma Mar 14 '14 at 11:08
  • Nice, seems like a good answer. Applying the SSL to my Bookings controller. – StuBlackett Mar 14 '14 at 11:10
  • I found that this had already been answered here http://stackoverflow.com/questions/1500527/how-can-i-have-codeigniter-load-specific-pages-using-ssl/1500558#1500558 – BrightIntelDusk Mar 14 '14 at 11:14
  • 1
    my suggestion would be to allow customers to enter the store on http - but then all the links are https. because really even your shipping form should be on https to protect peoples information. – cartalot Mar 14 '14 at 18:15
  • @cartalot Fair point, I have a "Bookings" controller and I think that should all be https:// – StuBlackett Mar 14 '14 at 22:02

2 Answers2

3

Use MY_url_helper helper. Add the following code to helper and use it whereever you want to force ssl.

<?php

function ssl_support() {
    $CI = & get_instance();
    return $CI->config->item('ssl_support');
}

if (!function_exists('force_ssl')) {

    function force_ssl() {
        if (ssl_support() && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off')) {
            $CI = & get_instance();
            $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
            redirect($CI->uri->uri_string());
        }
    }

}

if (!function_exists('remove_ssl')) {

    function remove_ssl() {
        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
            $CI = & get_instance();
            $CI->config->config['base_url'] = str_replace('https://', 'http://', $CI->config->config['base_url']);

            redirect($CI->uri->uri_string());
        }
    }

}
}
stavgian
  • 121
  • 1
  • 5
1

I would say put everything in one folder and use SSL for everhting?

application/config/config.php, set base url:

$config['base_url'] = "https://www.yoursite.com/";
Chilion
  • 4,380
  • 4
  • 33
  • 48