The ssl certificate is setup properly on the server. I've tested it independantly of xoops, and it works just fine.

I moved the login.php from ./extras to ./ssl, and added the path to the XOOPS root directory to the script.

I chose "yes" in the "Use SSL for login," in xoops' "Preferences Main >> General Settings" form. I set the SSL Post variable. In "URL where SSL login page is located," I've tried pointing to BOTH "./ssl/login.php" AND "./ssl"

I used absolute paths everywhere, and only use relative paths in this message for convenience.

When I login, I can find no evidence that login.php is even being used. I added a couple of lines to the beginning of login.php, which were basically:

echo "ssl login";
sleep(60);

And, again, there is NO evidence that login.php is being used, although logins are successfull.

So, I went and editted mainfile.php and set XOOPS_URL to https://mysite.com.

login.php still does not seem to be used, but I still get the "you've logged in" page. When it redirects back to index.php, I get an internal server error.

Someone suggested adding a XOOPS_URL_SSL variable, so I tried this (to no avail).

In short, I'm having two problems:

1) login.php does not seem to be used, even though I've followed the instructions to use it.

2) when I set XOOPS_URL to "https://", I get an Internal server error after the login redirect.

Thank you in advance for any help you can offer!

You seem to misundestand the way XOOPS is offering an ssl login... To get a secure login, the user HAS to press a link "Secure login". A popup will open (to the path you specified), and here ya go.

Make sure <{$block.sslloginlink}> is present in the login-templat e(system_block_login.html).

I don't see the link to login via SSL on the main login screen.

"<{$block.sslloginlink}>" is in system_block_login.html.

Any suggestions?

Should the link in General Settings be to "login.php" or the directory?

I found the culprit:

I have the site "turned off," but I allow members of every group except anonymous to view the site. This is a great feature of xoops, because I don't want anonymous users to view anything except a login prompt (no banner, no registration, no password recovery). But I *do* want anonymous users to be able to login via SSL!

I guess I'll have to edit index.php to include the SSL link?

The site is to be a secure "intranet," with only admin add new users. Lost passwords will also require an administrator to recover. "Turning off" the site works well for this, but not if SSL logins can't happen.

Any suggestions?

So, it isn't index.php or user.php I need to edit. I greped for "form action=\"http://mysite.com/user.php\"" and only found it in ./cache/db%3Asystem_siteclosed.html.

How is this cache file created?

What do I need to edit to put the SSL login link on the "Site Closed" page?

Thanks again!

I think I'm making progress getting SSL working on my site.

I turned the site "on."

I set up "Preferences" -> "General Settings" for ssl login.

I changed mainfile.php to:

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http:// mysite.com');
} else {
define('XOOPS_URL', 'http:// mysite.com');
}

I opened "https:// mysite.com" and clicked on the "secure login link." After creating an exception for my pop-up blocker, I went through the SSL login process all the way to the "close" page, which closed the pop-up. When the parent window redirected to index.php, I get an "Internal Server Error".

Anyone else? Suggestions?

I too find the implementation of this particular feature confusing and struggled to get it to work as expected. I don't think this is the place for an official bug report, but to get the discussion going clearly, here is how I would describe the problem:

Preconditions:
- SSL is enabled and configured in System->Preferences
- User is not logged in and is viewing any page on the site
- "System->Preferences->General Settings->URL where SSL login page is located" is set to https://www.yoursite.com/extras/login.php (but this should be given the default URL of XOOPS_URL."/extras/login.php")
- login.php has its $path variable properly set

Expected behavior:
1. User clicks "Secure Login" link
2. System opens new window with SSL connection
3. System displays simple login form (username, password, submit button)
4. User fills in form and clicks "Submit" (or "Login" or whatever)
5. System authenticates user
6. System refreshes main page (now that user is logged in)
7. System closes the login window opened by the system in step 2

Actual behavior (2.0.7 and current CVS):
1. User clicks "Secure Login" link
2. System opens new window with SSL connection
3. System displays simple login form
4. User enters credentials and clicks Submit
5. System authenticates user
6. System displays text asking user to either log in or cancel
7. User clicks User Login button
+ Some browsers will complain at this point that the form is being sent in a non-secure way
8. System displays Close button
9. User clicks Close button
10. System refreshes main page with user now logged in

Postcondition:
- User is logged in in original window and has access to all password protected content

Recommendations:
- drop the new window login method in leiu of an SSL login module
- pop-up blockers may make this login method impossible
- user may simply close the login window (rather than clicking the Close button)
- a module integrates better with XOOPS than an extra

Has there been any progress on making a slightly simpler way to offer SSL login? I have purchased and installed SSL for my entire site, but am having difficulties getting this thing to work. I changed my mainfile.php to
define ('XOOPS_URL', 'https://www.beerloverseverywhere.com'), so that every page should be secure, and now some of my images aren't showing up. ??? There has to be an easier way to do this.

I searched FAQ's and didn't come up with a solution. Help!

Any luck with the images not showing up?

If your images are not showing up you need to change from

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http:// mysite.com');
} else {
define('XOOPS_URL', 'http:// mysite.com');
}

remove the space between "http:// <-no space-> mysite.com');

Should look like this:

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http://mysite.com');
} else {
define('XOOPS_URL', 'http://mysite.com');
}

Cheers,
Cordel