diff options
| author | M <m@lfurio.us> | 2015-12-08 19:21:46 -0500 |
|---|---|---|
| committer | M <m@lfurio.us> | 2015-12-08 19:21:46 -0500 |
| commit | 2dd0900cd5c2adb610fd35e10133dd9fc10ca0f9 (patch) | |
| tree | cefbad3db6905ffc5de50ae7d0f3436cb4eb27a9 /app | |
| parent | 2896ade5e1257045513f871d59e6e4eaac27e317 (diff) | |
| download | scrott-2dd0900cd5c2adb610fd35e10133dd9fc10ca0f9.tar.gz scrott-2dd0900cd5c2adb610fd35e10133dd9fc10ca0f9.zip | |
+ Added controller security assertions: require_https and forbid_https
Diffstat (limited to 'app')
| -rw-r--r-- | app/class/controller.class.php | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/app/class/controller.class.php b/app/class/controller.class.php index 4ea40d1..fabd7e7 100644 --- a/app/class/controller.class.php +++ b/app/class/controller.class.php @@ -12,6 +12,26 @@ abstract class Controller extends Framework * Abstract function for concrete controller to handle the page request */ abstract function handle($argv); + + /* + * Security check + * Assert that the current connection to this server is secure. Redirects if not. + */ + function sec_require_https() + { + if (!isset($_SERVER['HTTPS'])) + $this->redirectTo("https://" . $_SERVER['SERVER_NAME'] . $this->ap()); + } + + /* + * Security check + * Assert that the current connection to this server is NOT secure. Redirects if not. + */ + function sec_forbid_https() + { + if (isset($_SERVER['HTTPS'])) + $this->redirectTo("http://" . $_SERVER['SERVER_NAME'] . $this->ap()); + } } ?> |