CakePHP HTTPS安全支付形式 [英] CakePHP HTTPS Secure payment form

问题描述

使用CakePHP 1.3，我们有一个酒店客房的预订系统。支票付款表单应将用户带到安全的付款页面（https://secure.domain.com/bookings/payment）。付款后，用户获得一个确认页面（安全也可以），但从这里，我们的页眉/页脚中的任何链接应该将用户带回到非安全域（http://domain.com）。

Using CakePHP 1.3 we have a booking system for hotel rooms. A check-availability form should bring the user to a secure payment page (https://secure.domain.com/bookings/payment). After making the payment, the user gets a confirmation page (secured is also ok), but from here, any links in our header/footer should take the user back to the non-secured domain (http://domain.com).

目前，我们为域 https：//设置了SSL UCC证书//secure.domain.com 和 https://domain.com 。我们还对支票可用性表单进行了硬编码，以运行操作 https://secure.domain.com/bookings /付款。因此，我们可以让用户进入HTTPS安全区域，但不退出，除非我们对该部分中的所有链接进行硬编码。

Currently we have our SSL UCC Cert set up for the domains https://secure.domain.com and https://domain.com. We have also hard coded the check-availability form to run the action https://secure.domain.com/bookings/payment. Thus, we can get the user to get in to the HTTPS secured area, but not back out unless we hard code all our links in that section.

Cake的安全组件非常混乱，因此我正在寻找最好的解决方案，使这种情况发生。

Cake's security component is quite confusing and thus I am looking for the best solution to make this happen.

Can Cake的安全组件可用于HTTPS付款页面，使生活更轻松，更多CakePHP标准化？任何其他建议？

Can Cake's Security component be used for HTTPS payment pages, make life easier, and keep the code more CakePHP standardized? Any other suggestions?

推荐答案

我使用 http://techno-geeks.org/2009/03/using-the-security-component-in- cakephp-for-ssl / 但发现它有问题。我最后向我的app_controller.php添加以下内容。

I used the example from http://techno-geeks.org/2009/03/using-the-security-component-in-cakephp-for-ssl/ but found it problematic. I ended up adding the following to my app_controller.php.

以下代码将HTTPS重定向到www.example.com，HTTP重定向到example.com。如果用户登录（参见 $ loggedUser ），它会强制为每个连接使用HTTPS。

The code below redirects HTTPS to www.example.com and HTTP to example.com. If a user is logged in (see $loggedUser), it forces HTTPS for every connection.

// Pages requiring a secure connection.
$secureItems = array();

// beforeFilter
function beforeFilter() {
    // Your logic...    
    $this->__checkSSL();
}

/**
 * Check SSL connection.
 */
function __checkSSL() {
    /** Make sure we are secure when we need to be! **/
    if (empty($this->loggedUser)) {
        if (in_array($this->action, $this->secureItems) && !env('HTTPS')) {
            $this->__forceSSL();
        } 

        if (!in_array($this->action, $this->secureItems) && env('HTTPS')) {
            $this->__unforceSSL();
        }
    } else {
        // Always force HTTPS if user is logged in.
        if (!env('HTTPS')) {
            $this->__forceSSL();
        }
    }
}

/**
 * Redirect to a secure connection
 * @return unknown_type
 */
function __forceSSL() { 
    if (strstr(env('SERVER_NAME'), 'www.')) {
        $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    } else {
        $this->redirect('https://www.' . env('SERVER_NAME') . $this->here); 
    }
}

/**
 * Redirect to an unsecure connection
 * @return unknown_type
 */
function __unforceSSL() {
    if (strstr(env('SERVER_NAME'), 'www.')) {
        $server = substr(env('SERVER_NAME'), 4);
        $this->redirect('http://' . $server . $this->here);
    } else {
        $this->redirect('http://' . env('SERVER_NAME') . $this->here);  
    }
}

这篇关于CakePHP HTTPS安全支付形式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！