Page 1 of 1
Encryption for Front End User Uploads?
Posted: Fri May 07, 2010 3:26 pm
by charlesr
Hi all.
Is there a way to encrypt the FEU Uploads via SSL or otherwise? I did a google search, which showed up things from the guides about applying SSL to certain pages using tags etc., but I don't think having the page encrypted helps - it needs to be the form itself that calls it yes?
My client is on claranet which says:
To access the secure webspace, use:
https://clarahost.clara.net/www.domain.com/
This will encrypt data (eg credit card details) being sent to the website so that no-one can intercept and read it while it crosses the internet from the browser to the server. However, any data sent via https will not be stored encrypted on the server, which can only be done by the customers own scripts, as the secure url is merely a pointer to the normal webspace.
I do not have any SSL implemented anywhere on the site and although I'm learning from what I read, it's slow progress, so any help much appreciated. Thanks.
Re: Encryption for Front End User Uploads?
Posted: Mon May 10, 2010 2:54 pm
by charlesr
What are the rules on bumping? I had a look around the "readme first" stuff, but couldn't see anything relevant.
Does anyone out there have any https skills? Thanks.
Re: Encryption for Front End User Uploads?
Posted: Mon May 10, 2010 3:16 pm
by janb
Hi
I must admit i don't have so much experience about this either so i hoped other width more experience could reply you on this.
..but at least you deserve an answer
First of all, cmsms is ready regarding SSL.
It is the web service you have to start with, apache or MS IIS or whatever you are using.
If your host is at a web-hotel, you will normally find relevant howtos regarding enable/use SSL there.
If you are on you own, google SSH howto's.
It is (!) a challenge to do this the first time, but worth to go thorough it.
When it comes to certificates, I will recommend you buying a certificate if this is for a customer, else try to go though the howto's making one yourself if it's for your own purpose, but don't buy one before SSL is up and running with the final name/final domain name.
Btw. It's ok to bump
JanB
Re: Encryption for Front End User Uploads?
Posted: Thu May 13, 2010 10:07 am
by charlesr
Looking at the page source it says:
But in the template in the FEU upload admin area it says:
{$startform}
{if isset($max_uploadsize)}
So the bit I need to modify is in {$startform}
I downloaded the "Uploads" code from the modules folder and did a search for "startform" but couldn't see anything. Anyone able to figure out where I look for the startform code please?
Re: Encryption for Front End User Uploads?
Posted: Thu Jun 24, 2010 9:57 am
by naturelab
Hey charlesr :-
On a different note, ( sorry to hijack this thread ) you might be able to help me out. I am currently working on a job and my client also uses
Claranet. I am having big problems getting the .htaccessfile to work. Have you had similar issues using this host ?
I have updated my config file as I always do :
Code: Select all
#------------
#URL Settings
#------------
#What type of URL rewriting should we be using for pretty URLs? Valid options are:
#'none', 'internal', and 'mod_rewrite'. 'internal' will not work with IIS some CGI
#configurations. 'mod_rewrite' requires proper apache configuration, a valid
#.htaccess file and most likely {metadata} in your page templates. For more
#information, see:
#http://wiki.cmsmadesimple.org/index.php/FAQ/Installation/Pretty_URLs#Pretty_URL.27s
$config['url_rewriting'] = 'mod_rewrite';
#Extension to use if you're using mod_rewrite for pretty URLs.
$config['page_extension'] = '/';
#If you're using the internal pretty url mechanism or mod_rewrite, would you like to
#show urls in their hierarchy? (ex. http://www.mysite.com/parent/parent/childpage)
$config['use_hierarchy'] = true;
#If using none of the above options, what should we be using for the query string
#variable? (ex. http://www.mysite.com/index.php?page=somecontent)
$config['query_var'] = 'page';
and my .htaccess file is :-
Code: Select all
Options +FollowSymLinks
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
RewriteEngine on
# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
RewriteCond %{REQUEST_URI} !/$
RewriteCond %{REQUEST_URI} !\.
RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]
# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
The urls are being written ok ( when I hover over links, the desired url formation is displayed in the status bar, but when I click, I get a ( 500 Internal Server Error ).
Any help greatly appreciated - thx
Re: Encryption for Front End User Uploads?
Posted: Thu Jun 24, 2010 10:20 am
by charlesr
The only problem I had like that was when I changed to their enterprise package and the webspace install got jumbled. Their support guy was really friendly and responded fairly swiftly to fix everything.
I'm trying to install my own SSL certificate now, but they suggested I need a virtual server for that and have since gone dark....
Re: Encryption for Front End User Uploads?
Posted: Thu Jun 24, 2010 3:11 pm
by naturelab
thx for the quick reply - much appreciated. After a lot of trial and error, I got it working by using this ( hope this is of use to someone else ) :-
Code: Select all
DirectoryIndex index.php index.html
Options +FollowSymLinks
RewriteBase /
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>
#php_value register_globals 0