Home » Php » php – How to implement SSL in Zend MVC

php – How to implement SSL in Zend MVC

Posted by: admin July 12, 2020 Leave a comment


I have implemented secure pages before by using a specific secure folder (eg https folder vs http folder on the server). I have started using Zend Framework and would like parts of the application (eg login) to use https. I have searched on google and even here but could not find anything that explains how to handle this. Can I have https for specific controllers/actions? Thanks.

How to&Answers:

The cleanest way is to have an .ini file for the SSL config where you can enable SSL support for model/controller/action levels, like so:

Let’s say you have a module/controller/action like this:

## ini file (can be config.ini also)
ssl.modules.SSLModule.require_ssl = true  //-> entire module requires SSL 
ssl.modules.SSLModule.Index.require_ssl = true  //-> entire controller requires SSL
ssl.modules.SSLModule.Index.test.require_ssl = true  //-> single action requires SSL

You parse this either through config, or separately, and in your Bootstrap file you can include a controllerplugin, like mine here.

There are many other ways to do this, but I think you get the idea!

class Application_Controllerplugins_Ssl extends Zend_Controller_Plugin_Abstract

    public function preDispatch ( Zend_Controller_Request_Abstract $request )

        $shouldSecureUrl = false;

        //get the config settings for SSL
        $options = Application_ServiceManager::getConfig()->ssl;

        //if config is empty, exit
        if (!is_object($options))

        //simpler to use    
        $options = $options->toArray();

        //only use it production environment
        if ( APPLICATION_ENV == 'production' )

            if (

                ( isset($options['modules'][$request->module]['require_ssl']) && $options['modules'][$request->module]['require_ssl'] )  ||
                ( isset($options['modules'][$request->module][$request->controller]['require_ssl']) && $options['modules'][$request->module][$request->controller]['require_ssl'] )  ||
                ( isset($options['modules'][$request->module][$request->controller][$request->action]['require_ssl']) && $options['modules'][$request->module][$request->controller][$request->action]['require_ssl'] )


                $shouldSecureUrl = true;


            if ( $shouldSecureUrl )



    protected function _secureUrl ( Zend_Controller_Request_Abstract $request )

        $server = $request->getServer();
        $hostname = $server['HTTP_HOST'];

        if ( ! $request->isSecure() )
            $url = Zend_Controller_Request_Http::SCHEME_HTTPS . "://" . $hostname .

            $redirector = Zend_Controller_Action_HelperBroker::getStaticHelper('redirector');

I forgot to mention: to add it in your bootstrap:

$Zend_Controller_Front->registerPlugin( new Application_Controllerplugins_Ssl() );