<?php
/*
Plugin Name: bs-wp-https
Plugin URI: http://blogsecurity.net/
Description: Ensure logins and wp-admin requests are performed over HTTPS
Author: David Kierznowski
Version: 1.0
Author URI: http://blogsecurity.net
*/ 

/*
    License: GPL

    Copyright (C) 2007, BlogSecurity, http://blogsecurity.net
    All rights reserved.

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/


function bs_wp_https_docrypt() {

	$url = "http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
		$url = parse_url($url);

	if ( $_SERVER['QUERY_STRING'] ) {
		$url = "https://" . $url['host'] . $url['path'] . '?' . $url['query'];
	} else {
		$url = "https://" . $url['host'] . $url['path'];
	}

	ob_start();
		header("Location: " . $url );
	ob_end();

}

function bs_wp_real_url($blog_url, $dup_url) {

	/* Custom function to get REQUEST_URI 
	   and substract the blog home dir 
	*/

	$blog_blob = parse_url( $blog_url );
		$len = strlen ( $blog_blob['path'] );
	$real_path = substr ( $_SERVER['REQUEST_URI'], $len ); 
	$real_url = $blog_url . $real_path;
	return $real_path;

}

function bs_wp_https()
{

	global $wpdb;

        $current_url = get_bloginfo('home') . $_SERVER['REQUEST_URI'];
	$real_path = bs_wp_real_url(get_bloginfo('home'), $current_url);

	if ( preg_match ( "/^\/wp-admin|wp-login.php/i", $real_path ) ) {
		if ( !$_SERVER['HTTPS'] ) :
			bs_wp_https_docrypt();
		endif;
	}


}

add_action("init",bs_wp_https,0);
 
?>