11
technigrafa
Re: Trouble implementing SSL login

I am using the SSL login with XOOPS and have a question. When the secure login windows pops up, everything seems to be okay, but when logging in the browser always complains with this pop up box:

Resized Image

And that is annoying because it makes our clients wonder whether it is really secure. I guess my question is - Is it really securing the login and how do I keep this pop-up window from appearing?

12
technigrafa
Re: Trouble implementing SSL login

*bump*

13
gruessle
Re: Trouble implementing SSL login
  • 2006/6/18 19:53

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


Any solution to this yet?
Grüssle
......

http://www.vmclinks.com

14
nekro
Re: Trouble implementing SSL login
  • 2006/6/21 21:42

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


Here is the solution ...

if ( !$_SERVER["HTTPS"] ){
define('XOOPS_HTTP_METHOD', 'http');
}else{
define('XOOPS_HTTP_METHOD', 'https');
}

and ...

define('XOOPS_URL', XOOPS_HTTP_METHOD.'://your.site');

The problem was that XOOPS defines:

define('XOOPS_URL', 'http://your.site');

so all the actions of the forms will have http instead https, that hack will fix that problem.

Now if you ask forhttps://your.xoops.site you will be allways in https mode.

15
technigrafa
Re: Trouble implementing SSL login

Thanks! This sounds promising! But what file do we add that code to?

Edit:
Okay, I answered by own question. You must mean mainfile.php. Sorry for not being terribly savvy

That seems to work nicely.

I have found a problem though. If someone visits the sitename.com rather than www.sitename.com and tries to use the SSL login, it looks like it doesn't log them in, unless they manually change the URL to www.sitename.com. Is there any way to automatically change any request for sitename.com to www.sitename.com? I suppose this can be done with mod_rewrite.

16
nekro
Re: Trouble implementing SSL login
  • 2006/6/22 13:53

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


sorry... you have to copy this lines ... in the mainfile.php

17
technigrafa
Re: Trouble implementing SSL login

Well,

This seems to do the trick in .htaccess:

RewriteEngine on
 
RewriteCond 
%{HTTP_HOST} ^www.domain.net/$ [NC]
 
RewriteRule ^(.*)$ domain.net$[R=301,L]


That will make sure that anyone typing in domain.net will get www.domain.net, which is important because SSL is specific to one or the other.

The one thing this DOESN'T do is change:

domain.net/modules/news to www.domain.net/modules/news

So if someone has the non-www page bookmarked, this won't work. Any mod rewrite experts out there now how to through in a wildcard?

18
technigrafa
Re: Trouble implementing SSL login

I thought this might do it:

RewriteEngine on
RewriteRule 
^www.{REQUEST_URI}/$ {REQUEST_URI}$[R=301,L]


But no luck as for the longer URLs.

19
nekro
Re: SSL problems
  • 2006/6/22 14:50

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


let me now if i undestand your last problem...

you want your site in HTTPS mode and non in HTTP... you dont care what the user types in the browser...http://yoursite.com orhttps://yoursite.com allways in HTTPS.

try to put this lines in the mainfile.php

if( !$_SERVER["HTTPS"] ){
header("Location:https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);
}

luck!

20
technigrafa
Re: SSL problems

Thanks again.

I don't think this is what I'm going for. That changes http to https all the time.

I am saying this:

If SSL login is enabled in XOOPS and a user types in yoursite.com, but your SSL requires www.yoursite.com, the XOOPS SSL login won't work, unless the user manually visits www.yoursite.com (which is where they are authenticated to).

So I used mod rewrite to make any requests to yoursite.com go to www.yoursite.com, which is great, BUT if a user goes directly to yoursite.com/modules/news, my trick won't automatically change the URL to www.yoursite.com/modules/news

Does that make sense?

Login

Who's Online

193 user(s) are online (84 user(s) are browsing Support Forums)


Members: 0


Guests: 193


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits