Using SSL with Xoops
  • 2008/5/8 17:56

  • btesec

  • Friend of XOOPS

  • Posts: 623

  • Since: 2007/2/20

I am an not so familiar with SSL. But I have to setup a site and need to implement SSL.

1. What or how is the best way to do this?
2. What are the requirement for me to be able to use ssl for the site?
3. I am planning to use service from COMODO.com

I really appreciate your help. I also think the community will benefit.



Re: Using SSL with Xoops
  • 2008/5/9 17:25

  • btesec

  • Friend of XOOPS

  • Posts: 623

  • Since: 2007/2/20


Re: Using SSL with Xoops
  • 2008/5/12 18:54

  • btesec

  • Friend of XOOPS

  • Posts: 623

  • Since: 2007/2/20

Do we really need this?

Re: Using SSL with Xoops
  • 2008/5/19 19:25

  • TheFinni

  • Just popping in

  • Posts: 75

  • Since: 2003/11/25

Hi Btesec,

Xoops is able to run with SSL just as it does without it. The only difference is a secure server certificate installed on your server that allows information to be sent encrypted to the user from your site. There are a ton of different providers and COMODO seems to be the one you've chosen.

The only thing XOOPS doesn't do very well in my opinion is the ability to specify which requests/links are SSL and which are not. Since a SSL request is slower it doesn't make sense to use it unless the user is exchanging private or sensitive data between them and the server. I.e login, password changes, edit profile, ecommerce.

My method and I think this should be built in to the core has been to add a couple of constants to the mainfile.php.

One to force SSL and one to force non-SSL.

The respective constant names I've chosen are: XOOPS_URL_SSL and XOOPS_URL_NON_SSL.

Additionally I've needed a way to "adjust" the XOOPS_URL to either SSL or NON-SSL.

This is how my mainfile.php file looks like now:

// XOOPS Physical Path
    // Physical path to your main XOOPS directory WITHOUT trailing slash
    // Example: define('XOOPS_ROOT_PATH', 'C:/web/yoursite');
define('XOOPS_TRUST_PATH','C:/web/yoursite/trust_folder');//added for protector module

$_SERVER['HTTPS'] = isset($_SERVER['HTTPS'])? $_SERVER['HTTPS'] : '';
$connection_type = (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1' || 
strstr(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']),'SSL') || 
strstr(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']),'SSL') || 
strtolower(substr($_SERVER['SCRIPT_URI'], 06)) == 'https:' || $_SERVER['SERVER_PORT'] == '443' 
|| strtolower($_SERVER['HTTP_CLUSTER_HTTPS']) == 'on')

// XOOPS Virtual Path (URL)
    // Virtual path to your main XOOPS directory WITHOUT trailing slash
define('XOOPS_URL', (($connection_type == 'SSL') ? 'https' 'http').XOOPS_S_NAME);

//TN added for forcing either a secure or non-secure connection
define('XOOPS_ENABLE_SSL'false);//change to true to activate
define('XOOPS_URL_SSL''http'.(XOOPS_ENABLE_SSL == true 's' '').XOOPS_S_NAME);

I'm using several $connection_type tests to check if SSL is used. Different servers seem to use different constants. I've added most of them to check.

When you have your SSL installed on your server you can just edit XOOPS_ENABLE_SSL to true and then start using the constants in your modules or anywhere to force a SSL link or not.

To force SSL in a link you would write: echo XOOPS_URL_SSL . '/modules/news/index.php'; instead of XOOPS_URL . '/modules/news/index.php';

In a smarty template you could call <{$smarty.const.XOOPS_URL_SSL}> for SSL and <{$smarty.const.XOOPS_URL_NON_SSL}> for non-ssl.

Hope that helps!

Re: Using SSL with Xoops
  • 2008/11/13 10:27

  • piar

  • Just popping in

  • Posts: 22

  • Since: 2008/10/30

Thanks for that instruction TheFinni - it is really very helpful and I agree that this should be built in to the core.

I just have one problem with this - it is about cache.
After that changes in mainfile.php when I login using SSL everywhere I have links beginning with 'https' except that ones in Administration menu for administering modules (ex. System->Banners, System->Block etc.). They are still 'http' and I've found that they are cached in file: xoops_data/caches/xoops_cache/xoops_adminmenu_XoopsGuiDefault.php.
Is it somehow possible to disable that caching mechanism - so when I enter Admin panel with http I'll get http links, and when with https - https links?

Re: Using SSL with Xoops
  • 2008/11/13 13:27

  • ghia

  • Community Support Member

  • Posts: 4953

  • Since: 2008/7/3 1

It is possible that the caching mechanism of XOOPS is not prepared to work with both. You may have a look at the multiXOOPS hacks which provide for multisite operation and I believe they resolve also for the http/https.

If you clear your cache and use only https in admin, I think you should be able to do all admin under SSL.

Re: Using SSL with Xoops
  • 2008/11/13 14:16

  • piar

  • Just popping in

  • Posts: 22

  • Since: 2008/10/30

Thanks for that suggestions!
It is as you wrote - cache mechanism don't go well with http/https switching (but probably there are problems only with that Admin panel).
Maybe it is not a perfect solution - but I made changes that disabled that cache and now it works as I expect. If someone has same problem, here is what I've done:
In modules/system/class/gui/default/default.php in function loadMenu() I've commented out everything and put there:
return $this->generateMenu();

and in function generateMenu() I've changed last lines like this:
//XoopsCache::write("adminmenu_" . __CLASS__, $modules);
return $modules// added

So now that menu works without using cache.


Who's Online

58 user(s) are online (38 user(s) are browsing Support Forums)

Members: 0

Guests: 58



Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits