I had to use XOOPS under ssl every time soo.. i realiced a hack to do it..

1- In mainfile.php just before the license put:



//<<< SSL PATCH >>>

if ( $_SERVER["SERVER_PORT"] == 80 ){

define('XOOPS_HTTP_METHOD', 'http');

}else{

define('XOOPS_HTTP_METHOD', 'https');

}

//<<< SSL PATCH >>>



You also habe to modify the line 39 from the mainfile.php



define('XOOPS_URL', 'http://THESITEURL');



with:



//<<< SSL PATCH >>>

define('XOOPS_URL', XOOPS_HTTP_METHOD.'://THESITEURL');

//<<< SSL PATCH >>>



Those lines changes that if the petition was under ssl .. . every URL link will be in SSL (HTTPS)
.


2- On header.php just before the licese you have to insert:



//<<< PARCHE SSL >>>

$secure_page = array();

$secure_page[1] = "/user.php";

$secure_page[2] = "/register.php";



if ( !$_SERVER["HTTPS"] && array_search( $_SERVER["REQUEST_URI"] , $secure_page ) != false ){

header("Location:https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);

}

//<<< PARCHE SSL >>>



On include/common.php change the next lines:



if (!empty($_SESSION['xoopsUserId'])) {

$xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']);

if (!is_object($xoopsUser)) {

$xoopsUser = '';

$_SESSION = array();

} else {

if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {

setcookie($xoopsConfig['session_name'], session_id(), time()+(60*$xoopsConfig['session_expire']), '/', '', 0);

}

$xoopsUser->setGroups($_SESSION['xoopsUserGroups']);

$xoopsUserIsAdmin = $xoopsUser->isAdmin();

}

}





with:



//<<< PARCHE SSL >>>

if (!empty($_SESSION['xoopsUserId']) ) {

if ( !$_SERVER["HTTPS"] && $_SESSION['xoopsSessionSSL'] != "" ){

header("Location:https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);

}

if( $_SERVER["HTTPS"] && $_SESSION['xoopsSessionSSL'] == "" ){

header("Location:http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);

}

$xoopsUser =& $member_handler->getUser($_SESSION['xoopsUserId']);

if (!is_object($xoopsUser)) {

$xoopsUser = '';

$_SESSION = array();

} else {

if ($xoopsConfig['use_mysession'] && $xoopsConfig['session_name'] != '') {

setcookie($xoopsConfig['session_name'], session_id(), time()+(60*$xoopsConfig['session_expire']), '/', '', 0);

}

$xoopsUser->setGroups($_SESSION['xoopsUserGroups']);

}

}else{

if ( $_SERVER["HTTPS"] && $_SERVER["REQUEST_URI"] != "/user.php" && $_SERVER["REQUEST_URI"] != "/register.php" && $_SERVER["REQUEST_URI"] != "/modules/profile/register.php"){

header("Location:http://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);

}

}

//<<< PARCHE SSL >>>





4- You also have to change 3 files to have the option too login under SSL mode or not.



/include/checklogin.php

/modules/templates/blocks/system_block_login.html

/modules/templates/system_userform.html



LUCK ... correct me... and sorry for my english.

really i dont now... and i dont undestand why the XOOPS SSL login doesn t work

let me now if i undestand your last problem...

you want your site in HTTPS mode and non in HTTP... you dont care what the user types in the browser...http://yoursite.com orhttps://yoursite.com allways in HTTPS.

try to put this lines in the mainfile.php

if( !$_SERVER["HTTPS"] ){
header("Location:https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);
}

luck!

is somebody there??

sorry... you have to copy this lines ... in the mainfile.php

you have to install any compiler...

use the synaptic or try to do

apt-get install gcc

I cant find were is defined the XOOPS url variable for the system block login.html.

The idea is to logon users allways with SSL from the login Block. I dont want the users to make an extra click to logon with SSL.

if you can read spanish or just interpretate it... here is a link were teachs you step by step Spanish Complete XOOPS Installation Tutorial .
I think that everyone would could understand it with a little of work

xoops/index.html ??? were is exactly that page???

http://yoursite/xoops/index.html

or

httd://yoursite/index.html ???

both are wrong!

... maybe is checking your main url (http://yoursite) and your apache founds first index.html and later index.php so apache reads index.html.

luck

Here is the solution ...

if ( !$_SERVER["HTTPS"] ){
define('XOOPS_HTTP_METHOD', 'http');
}else{
define('XOOPS_HTTP_METHOD', 'https');
}

and ...

define('XOOPS_URL', XOOPS_HTTP_METHOD.'://your.site');

The problem was that XOOPS defines:

define('XOOPS_URL', 'http://your.site');

so all the actions of the forms will have http instead https, that hack will fix that problem.

Now if you ask forhttps://your.xoops.site you will be allways in https mode.