Have you had any luck with this?

I think I'm making progress getting SSL working on my site.

I turned the site "on."

I set up "Preferences" -> "General Settings" for ssl login.

I changed mainfile.php to:

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http:// mysite.com');
} else {
define('XOOPS_URL', 'http:// mysite.com');
}

I opened "https:// mysite.com" and clicked on the "secure login link." After creating an exception for my pop-up blocker, I went through the SSL login process all the way to the "close" page, which closed the pop-up. When the parent window redirected to index.php, I get an "Internal Server Error".

Anyone else? Suggestions?

So, it isn't index.php or user.php I need to edit. I greped for "form action=\"http://mysite.com/user.php\"" and only found it in ./cache/db%3Asystem_siteclosed.html.

How is this cache file created?

What do I need to edit to put the SSL login link on the "Site Closed" page?

Thanks again!

I found the culprit:

I have the site "turned off," but I allow members of every group except anonymous to view the site. This is a great feature of xoops, because I don't want anonymous users to view anything except a login prompt (no banner, no registration, no password recovery). But I *do* want anonymous users to be able to login via SSL!

I guess I'll have to edit index.php to include the SSL link?

The site is to be a secure "intranet," with only admin add new users. Lost passwords will also require an administrator to recover. "Turning off" the site works well for this, but not if SSL logins can't happen.

Any suggestions?

I don't see the link to login via SSL on the main login screen.

"<{$block.sslloginlink}>" is in system_block_login.html.

Any suggestions?

Should the link in General Settings be to "login.php" or the directory?

The ssl certificate is setup properly on the server. I've tested it independantly of xoops, and it works just fine.

I moved the login.php from ./extras to ./ssl, and added the path to the XOOPS root directory to the script.

I chose "yes" in the "Use SSL for login," in xoops' "Preferences Main >> General Settings" form. I set the SSL Post variable. In "URL where SSL login page is located," I've tried pointing to BOTH "./ssl/login.php" AND "./ssl"

I used absolute paths everywhere, and only use relative paths in this message for convenience.

When I login, I can find no evidence that login.php is even being used. I added a couple of lines to the beginning of login.php, which were basically:

echo "ssl login";
sleep(60);

And, again, there is NO evidence that login.php is being used, although logins are successfull.

So, I went and editted mainfile.php and set XOOPS_URL to http<b>s</b>://mysite.com.

login.php still does not seem to be used, but I still get the "you've logged in" page. When it redirects back to index.php, I get an internal server error.

Someone suggested adding a XOOPS_URL_SSL variable, so I tried this (to no avail).

In short, I'm having two problems:

1) login.php does not seem to be used, even though I've followed the instructions to use it.

2) when I set XOOPS_URL to "https://", I get an Internal server error after the login redirect.

Thank you in advance for any help you can offer!