Hi Btesec,
Xoops is able to run with SSL just as it does without it. The only difference is a secure server certificate installed on your server that allows information to be sent encrypted to the user from your site. There are a ton of different providers and COMODO seems to be the one you've chosen.
The only thing XOOPS doesn't do very well in my opinion is the ability to specify which requests/links are SSL and which are not. Since a SSL request is slower it doesn't make sense to use it unless the user is exchanging private or sensitive data between them and the server. I.e login, password changes, edit profile, ecommerce.
My method and I think this should be built in to the core has been to add a couple of constants to the mainfile.php.
One to force SSL and one to force non-SSL.
The respective constant names I've chosen are: XOOPS_URL_SSL and XOOPS_URL_NON_SSL.
Additionally I've needed a way to "adjust" the XOOPS_URL to either SSL or NON-SSL.
This is how my mainfile.php file looks like now:
// XOOPS Physical Path
// Physical path to your main XOOPS directory WITHOUT trailing slash
// Example: define('XOOPS_ROOT_PATH', 'C:/web/yoursite');
define('XOOPS_ROOT_PATH', 'C:/web/yoursite');
define('XOOPS_TRUST_PATH','C:/web/yoursite/trust_folder');//added for protector module
define('XOOPS_S_NAME', '://www.yoursite.com');
$_SERVER['HTTPS'] = isset($_SERVER['HTTPS'])? $_SERVER['HTTPS'] : '';
$_SERVER['HTTP_X_FORWARDED_BY'] = isset($_SERVER['HTTP_X_FORWARDED_BY'])? $_SERVER['HTTP_X_FORWARDED_BY'] : '';
$_SERVER['HTTP_X_FORWARDED_HOST'] = isset($_SERVER['HTTP_X_FORWARDED_HOST'])? $_SERVER['HTTP_X_FORWARDED_HOST'] : '';
$_SERVER['SCRIPT_URI'] = isset($_SERVER['SCRIPT_URI'])? $_SERVER['SCRIPT_URI'] : '';
$_SERVER['HTTP_CLUSTER_HTTPS'] = isset($_SERVER['HTTP_CLUSTER_HTTPS'])? $_SERVER['HTTP_CLUSTER_HTTPS'] : '';
$connection_type = (strtolower($_SERVER['HTTPS']) == 'on' || $_SERVER['HTTPS'] == '1' ||
strstr(strtoupper($_SERVER['HTTP_X_FORWARDED_BY']),'SSL') ||
strstr(strtoupper($_SERVER['HTTP_X_FORWARDED_HOST']),'SSL') ||
strtolower(substr($_SERVER['SCRIPT_URI'], 0, 6)) == 'https:' || $_SERVER['SERVER_PORT'] == '443'
|| strtolower($_SERVER['HTTP_CLUSTER_HTTPS']) == 'on')
? 'SSL' : 'NONSSL';
// XOOPS Virtual Path (URL)
// Virtual path to your main XOOPS directory WITHOUT trailing slash
define('XOOPS_URL', (($connection_type == 'SSL') ? 'https' : 'http').XOOPS_S_NAME);
//TN added for forcing either a secure or non-secure connection
define('XOOPS_ENABLE_SSL', false);//change to true to activate
define('XOOPS_URL_SSL', 'http'.(XOOPS_ENABLE_SSL == true ? 's' : '').XOOPS_S_NAME);
define('XOOPS_URL_NON_SSL', 'http'.XOOPS_S_NAME);
I'm using several $connection_type tests to check if SSL is used. Different servers seem to use different constants. I've added most of them to check.
When you have your SSL installed on your server you can just edit XOOPS_ENABLE_SSL to true and then start using the constants in your modules or anywhere to force a SSL link or not.
To force SSL in a link you would write: echo XOOPS_URL_SSL . '/modules/news/index.php'; instead of XOOPS_URL . '/modules/news/index.php';
In a smarty template you could call <{$smarty.const.XOOPS_URL_SSL}> for SSL and <{$smarty.const.XOOPS_URL_NON_SSL}> for non-ssl.
Hope that helps!
