Hello, sorry if this has been answered somewhere else, but I couldn't find a topic that answered my question.
I want to SSL protect my /admin/ controller.
I found a cool snippet on the net that just redirected a http request to a https request, however I also have logic in my before() method of the admin controller that checks to see if a user is actually logged in, if not, they get redirected to the login page.
When used together this results in a too many redirects error.
I have the default .htaccess:
<code>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
</code>
Would it be better to create a .htaccess solution to this?
Or can a method be created that will play nicely with my auth check?
Cheers for any replies, sorry again if I didn't do a good enough search.
What have you defined as your base_url in the config?
It wil be added to the URI you pass to redirect(), and if it contains 'http', that is what will happen. Either have FuelPHP autodetect the base_url (which takes the protocol into account), or add code to your config to use the protocol used (use Input::protocol() for that) to make the connection to construct the base_url yourself.
If you use autodetect, and the site is "hit" via https, than the base_url is set to https too, and all methods in Fuel that use the base_url will therefore also use https, including redirect.
Perhaps something is wrong in your .htaccess rewrite rules.
If you disable those, and go manually to a page that requires login via https, does it then redirect correctly to the login page in https?
And what will happen if I use something like:
if (Input::protocol() != 'HTTPS')
{
$url = str_replace('http', 'https', Config::get('base_url')).'admin';
Response::redirect($url, 'refresh');
}