1
jacob
SSL problems
  • 2004/9/24 14:49

  • jacob

  • Just popping in

  • Posts: 8

  • Since: 2004/9/22


The ssl certificate is setup properly on the server. I've tested it independantly of xoops, and it works just fine.

I moved the login.php from ./extras to ./ssl, and added the path to the XOOPS root directory to the script.

I chose "yes" in the "Use SSL for login," in xoops' "Preferences Main >> General Settings" form. I set the SSL Post variable. In "URL where SSL login page is located," I've tried pointing to BOTH "./ssl/login.php" AND "./ssl"

I used absolute paths everywhere, and only use relative paths in this message for convenience.

When I login, I can find no evidence that login.php is even being used. I added a couple of lines to the beginning of login.php, which were basically:

echo "ssl login";
sleep(60);

And, again, there is NO evidence that login.php is being used, although logins are successfull.

So, I went and editted mainfile.php and set XOOPS_URL to https://mysite.com.

login.php still does not seem to be used, but I still get the "you've logged in" page. When it redirects back to index.php, I get an internal server error.

Someone suggested adding a XOOPS_URL_SSL variable, so I tried this (to no avail).

In short, I'm having two problems:

1) login.php does not seem to be used, even though I've followed the instructions to use it.

2) when I set XOOPS_URL to "https://", I get an Internal server error after the login redirect.

Thank you in advance for any help you can offer!

2
Jan304
Re: SSL problems
  • 2004/9/24 16:00

  • Jan304

  • Official Support Member

  • Posts: 520

  • Since: 2002/3/31


You seem to misundestand the way XOOPS is offering an ssl login... To get a secure login, the user HAS to press a link "Secure login". A popup will open (to the path you specified), and here ya go.

Make sure <{$block.sslloginlink}> is present in the login-templat e(system_block_login.html).

3
jacob
Re: SSL problems
  • 2004/9/24 19:58

  • jacob

  • Just popping in

  • Posts: 8

  • Since: 2004/9/22


I don't see the link to login via SSL on the main login screen.

"<{$block.sslloginlink}>" is in system_block_login.html.

Any suggestions?

Should the link in General Settings be to "login.php" or the directory?

4
jacob
Re: SSL problems
  • 2004/9/26 23:42

  • jacob

  • Just popping in

  • Posts: 8

  • Since: 2004/9/22


I found the culprit:

I have the site "turned off," but I allow members of every group except anonymous to view the site. This is a great feature of xoops, because I don't want anonymous users to view anything except a login prompt (no banner, no registration, no password recovery). But I *do* want anonymous users to be able to login via SSL!

I guess I'll have to edit index.php to include the SSL link?

The site is to be a secure "intranet," with only admin add new users. Lost passwords will also require an administrator to recover. "Turning off" the site works well for this, but not if SSL logins can't happen.

Any suggestions?

5
jacob
Re: SSL problems - what to edit?
  • 2004/9/27 17:58

  • jacob

  • Just popping in

  • Posts: 8

  • Since: 2004/9/22


So, it isn't index.php or user.php I need to edit. I greped for "form action=\"http://mysite.com/user.php\"" and only found it in ./cache/db%3Asystem_siteclosed.html.

How is this cache file created?

What do I need to edit to put the SSL login link on the "Site Closed" page?

Thanks again!

6
jacob
Progress?
  • 2004/9/27 20:03

  • jacob

  • Just popping in

  • Posts: 8

  • Since: 2004/9/22


I think I'm making progress getting SSL working on my site.

I turned the site "on."

I set up "Preferences" -> "General Settings" for ssl login.

I changed mainfile.php to:

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http:// mysite.com');
} else {
define('XOOPS_URL', 'http:// mysite.com');
}

I opened "https:// mysite.com" and clicked on the "secure login link." After creating an exception for my pop-up blocker, I went through the SSL login process all the way to the "close" page, which closed the pop-up. When the parent window redirected to index.php, I get an "Internal Server Error".

Anyone else? Suggestions?

7
tedmasterweb
Re: Progress?

I too find the implementation of this particular feature confusing and struggled to get it to work as expected. I don't think this is the place for an official bug report, but to get the discussion going clearly, here is how I would describe the problem:

Preconditions:
- SSL is enabled and configured in System->Preferences
- User is not logged in and is viewing any page on the site
- "System->Preferences->General Settings->URL where SSL login page is located" is set to https://www.yoursite.com/extras/login.php (but this should be given the default URL of XOOPS_URL."/extras/login.php")
- login.php has its $path variable properly set

Expected behavior:
1. User clicks "Secure Login" link
2. System opens new window with SSL connection
3. System displays simple login form (username, password, submit button)
4. User fills in form and clicks "Submit" (or "Login" or whatever)
5. System authenticates user
6. System refreshes main page (now that user is logged in)
7. System closes the login window opened by the system in step 2

Actual behavior (2.0.7 and current CVS):
1. User clicks "Secure Login" link
2. System opens new window with SSL connection
3. System displays simple login form
4. User enters credentials and clicks Submit
5. System authenticates user
6. System displays text asking user to either log in or cancel
7. User clicks User Login button
+ Some browsers will complain at this point that the form is being sent in a non-secure way
8. System displays Close button
9. User clicks Close button
10. System refreshes main page with user now logged in

Postcondition:
- User is logged in in original window and has access to all password protected content

Recommendations:
- drop the new window login method in leiu of an SSL login module
- pop-up blockers may make this login method impossible
- user may simply close the login window (rather than clicking the Close button)
- a module integrates better with XOOPS than an extra

8
beerMe
Trouble implementing SSL login
  • 2004/12/2 19:52

  • beerMe

  • Not too shy to talk

  • Posts: 133

  • Since: 2004/9/13


Has there been any progress on making a slightly simpler way to offer SSL login? I have purchased and installed SSL for my entire site, but am having difficulties getting this thing to work. I changed my mainfile.php to
define ('XOOPS_URL', 'https://www.beerloverseverywhere.com'), so that every page should be secure, and now some of my images aren't showing up. ??? There has to be an easier way to do this.

I searched FAQ's and didn't come up with a solution. Help!

9
yomamaii
Re: Trouble implementing SSL login
  • 2004/12/16 2:02

  • yomamaii

  • Just popping in

  • Posts: 4

  • Since: 2004/8/15


Any luck with the images not showing up?

10
cordel
Re: Trouble implementing SSL login
  • 2005/3/25 2:30

  • cordel

  • Friend of XOOPS

  • Posts: 6

  • Since: 2005/2/8 6


If your images are not showing up you need to change from

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http:// mysite.com');
} else {
define('XOOPS_URL', 'http:// mysite.com');
}

remove the space between "http:// <-no space-> mysite.com');

Should look like this:

//define('XOOPS_URL', 'http:// mysite.com');
$port = $HTTP_SERVER_VARS['SERVER_PORT'];
if($port == "443"){
define('XOOPS_URL', 'http://mysite.com');
} else {
define('XOOPS_URL', 'http://mysite.com');
}

Cheers,
Cordel

Login

Who's Online

169 user(s) are online (155 user(s) are browsing Support Forums)


Members: 0


Guests: 169


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits