[fixed]How do I create a secure login for self registration and front end users?

[Strongbox]

I am using the front end users module as a way to collect client data and I need to be able to make the registration and login secure with https. What would be the best way to do this?

i.e.

Client clicks on my registration and is taken to the https version
Client clicks on the login and is taken to the https version

Thanks!

[Strongbox]

It seems that using a rewriterule in the .htaccess file would be the best way to go.

This is what I have tried so far... with no luck:

Code: Select all

php_flag magic_quotes_gpc Off
php_flag register_globals Off
php_flag session.use_trans_sid Off
php_flag safe_mode off


# Make sure you have Options FollowSymLinks
# and Allow on
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
#Rewrites page.shtml as index.php?page
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteCond %{REQUEST_FILENAME} !-d [NC]
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
RewriteRule ^/client-sign-up-form.html(.*) https://www.mortgagecommando.com/client-sign-up-form.html

I can get the whole site to rewrite to https by doing the following:

Code: Select all

php_flag magic_quotes_gpc Off
php_flag register_globals Off
php_flag session.use_trans_sid Off
php_flag safe_mode off


# Make sure you have Options FollowSymLinks
# and Allow on
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
#Rewrites page.shtml as index.php?page
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteCond %{REQUEST_FILENAME} !-d [NC]
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
RewriteRule ^(.*) https://www.mortgagecommando.com/client-sign-up-form.html

But I just want certain pages to rewrite to https... solution anyone?

[Strongbox]

I keep looking but I can't find a solution for this.... I can't believe that no one else needs or wants secure logins??? This is the age of ID theft and everyone is concerned about giving out info anyway, so it seems that this would be a worthy task.

Maybe I missed how this is done somewhere?

Thanks!

[Strongbox]

Here is a solution.

You simply create a custom tag:

NAME : ssl

Content:

Code: Select all

{
    // Check if accessed via SSL
    if($_SERVER['HTTPS'] != 'on')
    {
        // If not, redirect
        $newurl = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
        header("location: $newurl");
    }
}

Then you just call the tag by inserting the following at the top of the page:

Code: Select all

{ssl}

What is does is first checks to see if page is viewed in SSL if it is not then it pulls the pulled page info and adds https to it and redirects.

Simple fix, no .htaccess issues clean

Enjoy!  Cool