ID ) && ! $besecure ) { $besecure = get_post_meta( $post->ID, 'besecure', true ); } //if forcing ssl on admin, be secure in admin and login page if( ! $besecure && force_ssl_admin() && ( is_admin() || pmpro_is_login_page() ) ) { $besecure = true; } $besecure = apply_filters( 'pmpro_besecure', $besecure ); $use_ssl = get_option( 'pmpro_use_ssl' ); if( $use_ssl == 1 ) { if( $besecure && ( empty( $_SERVER['HTTPS'] ) || $_SERVER['HTTPS'] == 'off' || $_SERVER['HTTPS'] == 'false' ) ) { //need to be secure wp_safe_redirect( 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit; } elseif ( ! $besecure && ! empty( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] != 'off' && $_SERVER['HTTPS'] != 'false' ) { //don't need to be secure wp_safe_redirect('http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ); exit; } } } add_action( 'wp', 'pmpro_besecure', 2 ); add_action( 'login_init', 'pmpro_besecure', 2 ); /** * Echo the JavaScript SSL redirect * if the Force SSL option is set. */ function pmpro_ssl_javascript_redirect() { global $besecure; $use_ssl = get_option( 'pmpro_use_ssl' ); if( ! is_admin() && $use_ssl == 2 ) { if( ! empty( $besecure ) ) { ?> get_var( "SELECT option_value FROM $wpdb->options WHERE option_name = 'siteurl' LIMIT 1" ); } //entire site is over https? if( strpos( $pmpro_siteurl, 'https:' ) !== false ) { $besecure = true; } return $besecure; } add_filter( 'pmpro_besecure', 'pmpro_check_site_url_for_https' ); //capturing case where a user links to https admin without admin over https function pmpro_admin_https_handler() { if ( ! empty( $_SERVER['HTTPS'] ) ) { $https = sanitize_text_field( $_SERVER['HTTPS'] ); if( strtolower( $https ) != 'off' && strtolower( $https ) != 'false' && is_admin() ) { if( substr( get_option( 'siteurl' ), 0, 5 ) == 'http:' && ! force_ssl_admin() ) { //need to redirect to non https wp_safe_redirect( esc_url_raw( 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] ) ); exit; } } } } add_action( 'init', 'pmpro_admin_https_handler' ); /* This code is for the "nuke" option to make URLs secure on secure pages. */ function pmpro_NuclearHTTPS() { //did they choose the option? $nuking = get_option( 'pmpro_nuclear_HTTPS' ); if(!empty($nuking)) { ob_start( 'pmpro_replaceURLsInBuffer' ); } } add_action( 'init', 'pmpro_NuclearHTTPS' ); function pmpro_replaceURLsInBuffer($buffer) { global $besecure; //only swap URLs if this page is secure if($besecure) { /* okay swap out all links like these: * http://domain.com * http://anysubdomain.domain.com * http://any.number.of.sub.domains.domain.com */ $buffer = preg_replace("/http\:\/\/([a-zA-Z0-9\.\-]*" . str_replace(".", "\.", PMPRO_DOMAIN) . ")/i", "https://$1", $buffer); } return $buffer; }