I've been working on a classified ads module for our organization. I just launched it yesterday and folks are using it with great success.
One of my concerns was collecting credit card information in a secure manner. So, using my .htaccess file, I've created a couple of mod_rewrite directives I thought other folks might like to see. (Any mod_rewrite gurus out there should please feel free to correct any mistakes I've made!)
# Classifieds should be a secure form. Redirect.
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^node/add/classifieds(.*) https://www.mysite.com/node/add/classifieds$1 [R,L]
# Make sure "edit" pages are secure.
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^node/([0-9]+)/edit https://www.mysite.com/node/$1/edit [R,L]
# If a member leaves the classifieds, make sure we're no longer in secure form. Redirect.
RewriteCond %{SERVER_PORT} !^80$
RewriteCond %{REQUEST_URI} ^node/([0-9]+)!/edit
RewriteRule ^(.*) http://www.mysite.com/$1 [R,L]
Note that when it comes to editing nodes, I'm not being picky about which node gets served up in secure format -- I just lumped them all in. We have so few individual posters (mostly the boss, a few forum addicts, and me) that forcing all edits to go through SSL isn't going to create a performance hit.
If anyone has improvements on what I've done above, I'd love to see them!
Comments
This sounds good
I will probably try to get this to work with webforms. I have been looking for such a solution. Thank you for sharing!
Great!
Sounds Great! ...even though there's a nice recipe for a classified setup at http://www.activefarming.com/classifieds-for-drupal - I suppose, there's a huge demand for a classified ads module in the community. Have you any plans to share and GPL-lisence your work?
Okay, can this work with clean URL's?
Let's say I want to make certain URLS (of webforms) redirect to https (SSL). Can I do this with the method illustrated above? I've tried modifying my .htaccess to achieve this, but haven't had success. Any ideas what it should look like? I tried:
The "edit" part doesn't seem relevant to what I'm trying to do with webforms, but I'm not sure what would replace it. When I try this, I get an access denied message for this webform, and then everything on my site use https (SSL). Thanks in advance for your suggestions.
Clean URLs Should Work
You should be OK with clean URLs, since that's what we're using on our site.
Also, if you're not concerned with securing the "edit" pages, you can change your second Rewrite Rule to:
The !/edit was necessary to prevent circular redirects, where one rule is forcing an edit page to be HTTPS, and another rule is forcing an edit page to be HTTP. It gets ugly quickly ;)
Also keep in mind that the rule above only works for URLs of the form: http://www.mysite.com/node/1234.
If you've enabled the path.module, you might have URLs like: http://www.mysite.com/SomethingImportant, in which case the redirect back to non-SSL pages doesn't happen. I'm no RegEx guru, but you have to be careful about changing the RewriteCond line above to:
RewriteCond %{REQUEST_URI} ^node/([a-zA-Z0-9]+)because that may encompass URLs like: http://www.mysite/node/add/classifieds (especially if you include the slash in the regular expression). I haven't fiddled with it, and you might want to, since you might find a solution. For the time being, the issue above is working for me.
If you do find a solution that seems to work, I would absolutely love to see it, since I might need it in the future! And, if I come up with something, I'll post it here.
As for "access denied" messages, you should make sure that Drupal is set to use HTTPS when it's supposed to, and HTTP at other times. The following was stolen blatantly from the CivicSpace web site:
Open your /sites/default/settings.php page and find:
$base_url = 'http://www.mysite.com';Change it to:
This will keep Drupal happily running in either SSL or non-SSL forms. So far, I have not run into any issues with this method.
I hope all of this helps!
Sounds Great! ...even though
We're currently using Drupal 4.6, and while I toyed with the flexinode module for our classifieds, in the end, I wrote my own module. I probably need to do some serious clean-up of the code and plenty of refactoring to make it better, but it taught me a lot about the forms functions in 4.6.
Our set-up is kind of unique, too, in that members are listing only one kind of item (in this case, cars), so I tailor-fit the module to include model year, type, VIN, interior/exterior color, mileage, etc. Again, this could have been done with flexinode, but there's also the print magazie portion. We produce a monthly full-size magazine with member classifieds at the back of the publication. There was a very specific set of requirements that had to be met for that, and I put in a very long hook_validate() function to do what needed to be done.
It's probably only a matter of taste: do it with views/flexinode and then write a few PHP/MySQL pages to pull the data the way you want for the magazine (I haven't worked with Views, so it might've fit the bill quite well), or roll your own and put it into a module to do similar things. I suspect my eagerness for learning the inner-workings of Drupal pushed me in the direction I chose.
Nevertheless, now that the classifieds are out the door and seem to be running well, I might be able to find some time to contribute to a more generalized solution!