Jaburo Base

The Virtual Home of Edgar Ngwenya

Forcing Https in Yii

I came across this question while working on a Yii website project:

What is the best way to force Yii to serve a page with https?

On a site with a login page, for example, you always want to serve the page over https instead of http. After looking through the docs some, I came up with the following solution. Use a custom CFilter to force https on pages that need to be secured.

If you look at CAccessControlFilter in the documentation, you’ll see that it does something very similar to what I’m trying to do. CAccessControlFilter reads a set of rules from the Controller’s accessRules() method, processes them, and decides to let the request continue or to throw a permissions exception. What I need is an HttpsFilter that checks whether or not the current request is being made securely, and redirect to https if it isn’t. Setting this up will require two steps: writing the filter class, and adding a filter method to the Controller class, and adding the filter to my controllers.

Writing the Filter Class

Here’s the code for HttpFilter.php, which I stuck into my Yii project’s protected/components/ folder:

class HttpsFilter extends CFilter {
    protected function preFilter( $filterChain ) {
        if ( !Yii::app()->getRequest()->isSecureConnection ) {
            # Redirect to the secure version of the page.
            $url = 'https://' .
                Yii::app()->getRequest()->serverName .
            return false;
        return true;

Some notes:

  • HttpFilter inherits from CFilter
  • I override the preFilter method of the class. You probably don’t want to override filter() because CFilter may be doing special secret stuff inside.
  • preFilter() should return false if the processing of the page should stop, and true if all is well and the processing should continue.

Adding a Filter Method to the Controller Class

If you’re working on a standard Yii set-up, you’ll have a class file Controller.php located in your components directory. This Controller class is the parent class that all of your other controllers inherit from. Since we want the ability to enforce https on any of our pages. So to that end, I’ll add the method filterHttps to the Controller class. I’ll explain why the method has that name in the next section. Here’s my copy of protected/components/Controller.php:

class Controller extends CController
    public $breadcrumbs=array();
    public function filterHttps( $filterChain ) {
        $filter = new HttpsFilter;
        $filter->filter( $filterChain );

Here, filterHttps simply creates a new HttpsFilter, and calls filter() on it, which in turn calls the preFilter method we wrote above. Now that we’ve made filterHttps available to our controllers, it’s time to use it.

Adding the Filter to My Controllers

I started this article wanting to make sure that Yii forced my users to view the login page under http, and that’s where I’ll end. In a default set up, the login page is handled by the SiteController class. Here, we can add https checking for the login page by modifying the filters() method of SiteController, so that it reads like this:

public function filters()
    return array(
        'https +login', // Force https, but only on login page

The filter that we added has two parts. First, is “https”. When this filter is applied, Yii will look for the method filterHttps and call it to apply the filter. This is method we defined in the parent class of SiteController, in the previous section. Second, is “+login”. This tells Yii only to apply the filter for the “login” action, and not for any of the other actions handled by SiteController, like the home page.

It took me a while to figure this out, but when I did, I was happy with how clean the solution seemed. Here’s a link to an article on authentication and authorization in Yii which was pretty helpful.

posted by engwenya in Software Development and have Comments (25)

Day 2 of Yii…

I didn’t make too much progress today; I was tied up with random bits of work. Also, I failed to turn up anything useful when using Google to find tips on using Yii to set up a REST web service, which I think I’m going to need. Again I’m left wondering if there’s much support or documentation for Yii once you start to get off the beaten path. Still I did find a nice interface to S3 for PHP, so I guess today wasn’t a total wash. Work takes precedence tonight and tomorrow, but I’m hoping to get some time this weekend to complete my backup file site.

posted by engwenya in Software Development and have No Comments

5 hours in…

…and I have to admin that I’m impressed. I’ve been fiddling with Yii for about half a day, and I already have a website that does much more that the original. To refresh readers on the project, I’m trying to rewrite a website I threw together to manage the backups of essential files that I keep on Amazon S3. I’ll talk about my first impressions below.

You Get A Lot For Free

One thing I’m liking about Yii is how much you get for free – that is, how much basic functionality you get in your website without having to write any code. Starting a website with Yii takes very little effort. To begin, I:

  • Downloaded yii and unpacked it in website’s root folder.
  • Used the yii command line tool to install yii into my website’s document root.
  • Wrote up the database schema I wanted and put it into the database.
  • Edited a yii config file to point to my database.
  • Ran two yii commands to generate code based on the database schema.

All of this took about half an hour, mostly of which was spend writing the SQL. In the end, I had a website where I could create, update, and delete any of the entities defined in my database, via
a set of vanilla-looking web forms. Also, I could log in to and log out of a set of pre-defined accounts. Really, I felt I was 90% of the way there.

Excellent Tutorials

Yii comes out of the box with a blog website demo. There are two excellent tutorials that demo how to take this code and improve it, a pdf file and a screencast. Both were excellent in getting me started.

The Down Side

In trying to set up my site, many of the things I wanted to do were covered by the tutorials. ( The web is really composed of variations of the same handful of websites. :) ) When I veered off of the path, I did get a little lost at times. The Yii Class Reference document was helpful, but it some cases I could have used and example of how a particular method is typically called.

I’m looking forward to later today, when I might be able to get my project to a point where it’s ready for the outside world.

posted by engwenya in Software Development and have No Comments
Tags: ,

Diving Into Yii

I’ve been exposed to Yii a little bit through my work, so I decided to delve a bit deeper into using the framework. The developers of Yii claim that it’s fast, that it’s easy to use, and that it makes routine tasks very painless. I’ve decided to put some of the claims to the test and see how long it takes me to launch a web site using Yii.

The Project

I have half a dozen websites running that I care about, and with this situation comes the need to backup essential files like database dumps and zips of uploaded image directories. So I cobbled together a set of scripts to save these essential files on Amazon S3. In addition, I cobbled together a small website using PHP and Smarty where I could review the backups — mainly to see that the process was still working. I’m going to try to reproduce this website, using Yii, and add a few bells and whistles. I’m mostly curious to see how long it will take me to do it.

posted by engwenya in Software Development and have No Comments
Tags: ,

Hello world!

For those of you who are looking for the homepage of the Earth Federal Forces headquarters, you should be able to find more information here. For those of you who are looking for the online home of Edgar Ngwenya (and probably also those who don’t have any idea what the Earth Federal Forces are ), welcome!

posted by admin in Uncategorized and have No Comments