What does this module secure by default?
This module secures /cart* pages, /user* pages, /checkout* pages, and /admin/store/* pages with your SSL enabled website.
- Clean URLs must be enabled
- SSL Certificate must be installed and working for your website
- Ubercart is NOT required for this module btw, it can be used for pretty much anything u want. But its most common use is with ubercart so thats where it gets its name from.
DRUPAL 7 RELEASE AND SECURITY NOTES
While I was trying to refrain from releasing a Drupal 7 port due to the inclusion of the Overlay module as a default setting in drupal 7 that makes drupal 7 data input inherently INsecure, it has been determined that the overlay module will NOT be disabled by default. I COMPLETELY disagree with this because it makes drupal INSECURE by default, but alas I can not do anything about it. Thus, with reluctance I am going to release a beta version of uc_ssl that DOES work with Drupal 7 but IT WILL DISABLE OVERLAY if you attempt to use the Mixed SSL mode since Overlay cannot handle mixed SSL environments. I am only doing this because I've gotten many requests for a Drupal 7 port. The port functions identically to Drupal 6 uc_ssl. I have converted all the drupal 6 functions that it uses over to the Drupal 7 counterparts. The only changes between D6 and D7 are that there are some additional help messages and the inclusion of some code to disable Overlay when appropriate. To stick to tradition I've added NO additional features to the module code other than what I've mentioned here. Any issues with the D6 module should exist in the D7 version as well.
Do I need this module?
If you have an SSL Certificate and you want to secure your ubercart pages with that Cert then this is the module for you. Download this module, install, config it, and you'll be running with your cert in no time. This module does NOT help you get your certificate running!! If your website does NOT work with https by manually typing it in, then you need to get that working FIRST and then you can configure this module. You can install it before hand but you will not be able to configure it as it does test to see if SSL is actually working or not.
This module is very simple. It has a small administration panel and just does what it does. All you have to do is enable the module, input your secure domain name and your non-secure domain name and you're set to go. If you forget to do this, the module will inform you that you need to do so until you eventually configure it.
It has several options. One of which is called "Enable Switch". Basically if you set this to disabled, then your entire website will ALWAYS be in https mode. If it's set to "Enabled", then only the Ubercart /cart links will be secured. Again this module is VERY basic and was meant to be as small as possible with as little things as possible that could break or go wrong. It's not meant to be a huge module like Secure Pages that is big and bulky and often times breaks.
Another of the options is Enable/Disable of the module in its admin page. Once it's all setup, you can turn it off completely. This is useful for debugging things etc. And thats really all there is to it. The module admin page should be pretty self explanatory.
Does this support multi-language sites?
If you use the built in Drupal Local module, then yes. If you use any other type of Language system that modifies the base_path url then no.
This module implements 3 very easy to use hooks.
hook_exclude_ssl_switch_paths() //Only as of 7.x-1.11
They simply return arrays in the form of array('Path_Description' => 'path'); Where path can contain * wildcards. The Array key is simply used as a description to make reading your code easier. So you can use something like this:
'Some path', => '/some/*/path',
'Some path2' => '/someother',
'Some path3' => '/some*/other/*'
The exception is that with the hook_exclude_ssl_switch_paths() is that uc_ssl will completely ignore any path specified in that hook. If you have a URL that you do not want uc_ssl to take ANY action on no matter what, then this is the hook for you :) Thanks to m.stenta for this hook idea, it has interesting use cases.
Below is in example of the hook that needs to be in your module if you wish to include paths other than those provided in this module (which is basically any non /cart type path).
$paths = array(
'Description of a path' => '/this/is/the/path',
NOTE: These must be Clean URL URI's not ?q= type uri's. They can be aliases as long as they are in clean url form. You CAN have a ? in the url so long as it does not have a ?q= since that is used by internal drupal calls for things such as ajax and autocomplete.
Also Note: This module wont touch any image or ahref links on your website. If you have images in templates that use full paths including http:// in the path, your web browser will report the page as having "Unsecured items" on the page. If you receive these warnings, then have a web developer look at your website and fix it for you if you are not a developer yourself. Any good web developer would NEVER use a path like that unless absolutely necessary.
Read the module for more in depth examples of the hooks.
Keywords: Drupal SSL, Ubercart SSL, SSL, eCommerce SSL, SSL Login, https, Drupal Commerce SSL