XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. Xoops Development / 
  3. Xoops Bug Reports
  4. Xoops 2.0 Bug Report 
  5.  / SSL problems
Register
11
technigrafa
Re: Trouble implementing SSL login

I am using the SSL login with XOOPS and have a question. When the secure login windows pops up, everything seems to be okay, but when logging in the browser always complains with this pop up box:

Resized Image

And that is annoying because it makes our clients wonder whether it is really secure. I guess my question is - Is it really securing the login and how do I keep this pop-up window from appearing?
12
technigrafa
Re: Trouble implementing SSL login

*bump*
13
gruessle
Re: Trouble implementing SSL login

  • 2006/6/18 19:53

  • gruessle

  • Friend of XOOPS

  • Posts: 348

  • Since: 2003/9/20


Any solution to this yet?
Grüssle
......

http://www.vmclinks.com
14
nekro
Re: Trouble implementing SSL login

  • 2006/6/21 21:42

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


Here is the solution ...

if ( !$_SERVER["HTTPS"] ){
define('XOOPS_HTTP_METHOD', 'http');
}else{
define('XOOPS_HTTP_METHOD', 'https');
}

and ...

define('XOOPS_URL', XOOPS_HTTP_METHOD.'://your.site');

The problem was that XOOPS defines:

define('XOOPS_URL', 'http://your.site');

so all the actions of the forms will have http instead https, that hack will fix that problem.

Now if you ask for https://your.xoops.site you will be allways in https mode.
15
technigrafa
Re: Trouble implementing SSL login

Thanks! This sounds promising! But what file do we add that code to?

Edit:
Okay, I answered by own question. You must mean mainfile.php. Sorry for not being terribly savvy

That seems to work nicely.

I have found a problem though. If someone visits the sitename.com rather than http://www.sitename.com and tries to use the SSL login, it looks like it doesn't log them in, unless they manually change the URL to http://www.sitename.com. Is there any way to automatically change any request for sitename.com to http://www.sitename.com? I suppose this can be done with mod_rewrite.
16
nekro
Re: Trouble implementing SSL login

  • 2006/6/22 13:53

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


sorry... you have to copy this lines ... in the mainfile.php
17
technigrafa
Re: Trouble implementing SSL login

Well,

This seems to do the trick in .htaccess:

RewriteEngine on
 
RewriteCond %{HTTP_HOST} ^www.domain.net/$ [NC]
 
RewriteRule ^(.*)$ domain.net$[R=301,L]


That will make sure that anyone typing in domain.net will get http://www.domain.net, which is important because SSL is specific to one or the other.

The one thing this DOESN'T do is change:

domain.net/modules/news to http://www.domain.net/modules/news

So if someone has the non-www page bookmarked, this won't work. Any mod rewrite experts out there now how to through in a wildcard?
18
technigrafa
Re: Trouble implementing SSL login

I thought this might do it:

RewriteEngine on
RewriteRule ^www.{REQUEST_URI}/$ {REQUEST_URI}$[R=301,L]


But no luck as for the longer URLs.
19
nekro
Re: SSL problems

  • 2006/6/22 14:50

  • nekro

  • Quite a regular

  • Posts: 213

  • Since: 2005/11/9


let me now if i undestand your last problem...

you want your site in HTTPS mode and non in HTTP... you dont care what the user types in the browser... http://yoursite.com or https://yoursite.com allways in HTTPS.

try to put this lines in the mainfile.php

if( !$_SERVER["HTTPS"] ){
header("Location: https://".$_SERVER["HTTP_HOST"].$_SERVER["REQUEST_URI"]);
}

luck!
20
technigrafa
Re: SSL problems

Thanks again.

I don't think this is what I'm going for. That changes http to https all the time.

I am saying this:

If SSL login is enabled in XOOPS and a user types in yoursite.com, but your SSL requires http://www.yoursite.com, the XOOPS SSL login won't work, unless the user manually visits http://www.yoursite.com (which is where they are authenticated to).

So I used mod rewrite to make any requests to yoursite.com go to http://www.yoursite.com, which is great, BUT if a user goes directly to yoursite.com/modules/news, my trick won't automatically change the URL to http://www.yoursite.com/modules/news

Does that make sense?
« 1 (2) 3 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

107 user(s) are online (85 user(s) are browsing Support Forums)

Members: 0

Guests: 107

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Dec 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits