function securelogin_secure_redirect in Secure Login 7

Redirects an insecure request to the same path on the secure base URL.

1 call to securelogin_secure_redirect()

securelogin_secure_form in ./securelogin.module

Secures a form by altering its action to use the secure base URL.

File

./securelogin.module, line 116

Enables user login and other forms to be submitted securely via HTTPS.

Code

function securelogin_secure_redirect() {
  global $is_https;

  // Do not redirect from HTTPS requests, the command-line environment or cron.
  if ($is_https || drupal_is_cli() || drupal_static('securelogin_is_cron')) {
    return;
  }
  $path = drupal_is_front_page() ? '' : $_GET['q'];

  // POST requests need a 308 redirect to avoid losing POST data.
  $http_response_code = $_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD' ? 301 : 308;

  // Do not permit redirecting to an external URL.
  $options = array(
    'query' => drupal_get_query_parameters(),
    'https' => TRUE,
    'external' => FALSE,
  );

  // We don't use drupal_goto() here because we want to be able to use the
  // page cache, but let's pretend that we are.
  drupal_alter('drupal_goto', $path, $options, $http_response_code);

  // The 'Location' HTTP header must be absolute.
  $options['absolute'] = TRUE;
  $url = url($path, $options);
  $responses = array(
    301 => 'Moved Permanently',
    308 => 'Permanent Redirect',
  );
  $status = "{$http_response_code} {$responses[$http_response_code]}";
  drupal_add_http_header('Status', $status);
  drupal_add_http_header('Location', $url);

  // Drupal page cache requires a non-empty page body for some reason.
  print $status;

  // Mimic drupal_exit() and drupal_page_footer() and then exit.
  module_invoke_all('exit', $url);
  drupal_session_commit();
  if (variable_get('cache', 0) && ($cache = drupal_page_set_cache())) {
    drupal_serve_page_from_cache($cache);
  }
  else {
    ob_flush();
  }
  exit;
}