Remember that you have the include/config.php file
that you can use to set the behavior of your site regarding SSL.
You still need to force the sensitive pages to be accessed through SSL. Say, if someone
tried to access http://localhost/tshirtshop/credit-card-details/, the visitor should be
redirected automatically to https://localhost/tshirtshop/credit-card-details/.
Obviously, you don??™t need SSL connections for all areas of the site, and you shouldn??™t enforce it
in all places because that reduces performance and makes your pages invisible to search engines.
However, you do want to make sure that the checkout, customer login, customer registration, and
customer detail modification pages are accessible only via SSL.
Assuming that your site is working correctly with SSL, you should make some updates to
ensure that the pages can??™t be accessed via HTTP. First add the following method at the end of
the StoreFront class (in presentation/store_front.php):
// Visiting a sensitive page?
private function _IsSensitivePage()
{
if (isset($_GET['RegisterCustomer']) ||
isset($_GET['AccountDetails']) ||
isset($_GET['CreditCardDetails']) ||
isset($_GET['AddressDetails']) ||
isset($_GET['Checkout']) ||
isset($_POST['Login']))
return true;
return false;
}
Next, add the highlighted code in the __constructor() method of the StoreFront class:
// Class constructor
public function __construct()
{
$is_https = false;
// Is the page being accessed through an HTTPS connection?
if (getenv('HTTPS') == 'on')
$is_https = true;
// Use HTTPS when accessing sensitive pages
if ($this->_IsSensitivePage() && $is_https == false &&
USE_SSL != 'no')
CHAPTER 16 ?– MANAGING CUSTOMER DETAILS 540
{
$redirect_to =
Link::Build(str_replace(VIRTUAL_LOCATION, '', getenv('REQUEST_URI')),
'https');
header ('Location: '.
Pages:
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651