Secure Pages

[hexdj]

I have a couple of forms that need to go thru a SSL, my site already has an SSL. I have the pages already written in CMS MS now my question is, how do I make CMS MS automatically switch to HTTPS:// when these pages are accessed? is this even possible?. Thanks!

[hexdj]

Ted at the chatroom pointed me to the solution, which is not built in into CMSMS. Have to edit my .htaccess file and do something like this:

RewriteRule ^/secure_page(.*) https://mysite.com/secure_page$1


EDIT:

I actually just had a chance to try this out and didn't work. Can someone gimme a hand? Thanks!

[hexdj]

Anyone?

[RonnyK]

You did check this post.

http://forum.cmsmadesimple.org/index.ph ... 821.0.html

Ronny

[hexdj]

I missed that one, I will give it a try. Thanks RonnyK!

[hexdj]

The method pointed out by RonnyK seems to work, except that when I am in one of my secure pages, all the links appear to point to an HTTPSS:// address, which FireFox says it can't open, because it does not how to handle it, due to the double SS in there. Also CSS Styles are gone for some reason when I get into a secure page. I looked in my files and nowhere is it expressed to point to httpss://

[alby]

The method pointed out by RonnyK seems to work, except that when I am in one of my secure pages, all the links appear to point to a HTTPSS:// address, which FireFox says it can't open, because it does not how to handle it, due to the double SS in there. I looked in my files and nowhere is it expressed to poing to httpss://

Check in config.php if you have:

$config['root_url'] = 'http://www.mysite.com';
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
{
#$config['root_url'] = str_replace('http','https',$config['root_url']);
}

If yes, try comment with #

Alby

[tsw]

hmh, that code needs some work it seems

[Pierre M.]

Hello all,

may be the code needs some work.
I suggest something else at the webserver level. Untested, as I have no SSL Apache at hand :

Code: Select all

RewriteEngine on
RewriteCond HTTPS off
RewriteRule ^/(.*) https://fully.qualified.domain.name/$1 [L,R]

To be tuned, because untested and unwarantied.

Pierre M.

[hexdj]

Alby:

Your method seems to work, except that now my address bar in firefox is pink instead of green (secure) and the lock shows as open and when I click on the lock it says that some elements that are loaded aren't secure.

Do you have any advice for this?

The method pointed out by RonnyK seems to work, except that when I am in one of my secure pages, all the links appear to point to a HTTPSS:// address, which FireFox says it can't open, because it does not how to handle it, due to the double SS in there. I looked in my files and nowhere is it expressed to poing to httpss://

Check in config.php if you have:

$config['root_url'] = 'http://www.mysite.com';
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
{
#$config['root_url'] = str_replace('http','https',$config['root_url']);
}

If yes, try comment with #

Alby

[alby]

Your method seems to work, except that now my address bar in firefox is pink instead of green (secure) and the lock shows as open and when I click on the lock it says that some elements that are loaded aren't secure.

Do you have any advice for this?

Your site is ALL on SSL connection?
If yes set (in config.php):
$config['root_url'] = 'https://www.mysite.com';

If not:
1. or disabled UDT and enable again in config.php (drop my # comment)
2. or try Pierre M. tips
3. (from tsw) that code needs some work

Alby

[hexdj]

OK, I'm giving up on these methods because all of them have their own caveats.

Could someone tell me if there's any other to redirect pages with .htaccess
For example the following line doesn't work

Redirect 301 /store/ https://www.mysite.com/store/

The reason why it doesn't work is (I think) because it creates a redirecting loop. Maybe someone else know another way out of it?


UPDATE:

I turned my /store/ PAGE into a link in the Edit Content section of CMSMS,
Now this link redirects to the following: https://www.mysite/store/ssl
SSL is a child page for /store/
and now /store/ssl/ is this page should have my store

It redirects beautifully, but now here's the issue that I have: I don't want all my pages to be secured, just the store. How can I get out of the https:// protocol when clicked on any other menu in my site?

[hexdj]

BEST SOLUTION SO FAR

Thanks everyone for their kind suggestions but the following method seems to be the best I have found so far, it's not ideal (at least in my case) since I had to make two templates that are almost exactily the same, except for loading different User Defined Tags.

First off I created one UDT called {https}

Code: Select all

if(empty($_SERVER['HTTPS']))
{
    // If not, redirect
    $newurl = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    header("location: $newurl");
    exit();
}

And a second UDT for regular pages that don't need to be secured, this one I called {http}

Code: Select all

if(empty($_SERVER['HTTPS']))
{
    // Do nothing
}
else
{
    $newurl = 'http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
    header("location: $newurl");
    exit();
}

Now my default Layout Template is called DEFAULT_TEMP and has the {http} tag in the head section

And my secure template is called SECURE_TEMP and has the {https} tag in it

Given that my template is the same for all my pages it's a pitty having to make two virtually identical templates just to switch between http and https if I make changes to my default template I have to remember to make those changes in my secure template as well. But for now it's a quick and dirty solution and it's the one I am gonna stick with.

Hope this helps somebody else!

[calguy1000]

if this solution works for you, then there are ways to make it so you only have to use one page template.

One way is:

a) add {assign var='secure' value='1'} to the metadata section of your secure pages
b) use this in your page template:

Code: Select all

{if isset($secure)}
  {https}
{else}
  {http}
{/if}

[hexdj]

Even better! I am just not too much of a php/smarty programmer and fairly new to CMSMS

thanks calguy!!