Over a million developers have joined DZone.

Convert non-ssl to ssl links automatically and dynamically using Zend

DZone's Guide to

Convert non-ssl to ssl links automatically and dynamically using Zend

· Web Dev Zone
Free Resource

Add user login and MFA to your next project in minutes. Create a free Okta developer account, drop in one of our SDKs to your application and get back to building.

Hello dear readers,

Zend Framework is awesome and you probably know that already that's why you're using it. :)

Have you ever needed to replace the non-ssl links automatically with their SSL equivalent ?

Here is one way to achieve it using a front controller plugin.
The code of the plugin is below however it will need some tweaks on your part.

Replace YOURPREFIX with something like: EXT which will correspond to external classes you add to your Zend Framework installation.
The SecureLinks.php file should be saved in library\YOURPREFIX\Controller\Plugin\SecureLinks.php

Please also make sure you update $redir_script variable to point to your redirect script (code also included below).

In order for this to work is has to be registered with the front controller as follows.

$frontController = Zend_Controller_Front::getInstance();
// .... other cool stuff
$frontController->registerPlugin(new YOURPREFIX_Controller_Plugin_SecureLinks());



 * Corrects the non-ssl links to ssl ones for your sites.
 * @uses Zend_Controller_Plugin_Abstract
class YOURPREFIX_Controller_Plugin_SecureLinks extends Zend_Controller_Plugin_Abstract {
     * Updates the output buffer
     * @return void
    public function dispatchLoopShutdown() {
        $ssl = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
        $redir_script = 'https://secure.yoursite.com/redirect.php?url=';
        // do nothing if not SSL
        if (empty($ssl)) {
            return ;

        $response_obj = $this->getResponse();
        $buffer = $response_obj->getBody();

        // We'll proxy the links
        $regex = '#(<(?:a|othertag)[^<>]*(?:src|href)=[\'"])((?:http://(?:[\w-]+\.)?(YOUR-SITE|YOUR-SECOND-SITE)\.\w+)[^\'"]*)#si'; // no extension/TLD

        // if we have images
        if (1) {
            $view = Zend_Registry::get("view");

            // replaces ajax.googleapis, google.com, googlecode.com/
            $buffer = preg_replace('#http://(([\w-]+\.)?google(?:code|apis)?\.\w+[^\'"]*)#si', 'https://\\1', $buffer);

            $buffer = preg_replace($regex, '\\1' . $redir_script . '\\2', $buffer);




// usage: save it as redirect.php
// make links pointing to it as redirect.php?url=http://yahoo.com
$url = empty($_GET['url']) ? '' : $_GET['url'];

if (!empty($url)) {
    header('Location: ' . $url);



Source: http://www.devcha.com/2011/12/zend-framework-how-to-convert-non-ssl.html


Launch your application faster with Okta’s user management API. Register today for the free forever developer edition!


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}