Page 1 of 1
[fixed]How do I create a secure login for self registration and front end users?
Posted: Fri Nov 10, 2006 8:06 am
by Strongbox
I am using the front end users module as a way to collect client data and I need to be able to make the registration and login secure with https. What would be the best way to do this?
i.e.
Client clicks on my registration and is taken to the https version
Client clicks on the login and is taken to the https version
Thanks!
Re: How do I create a secure login for self registration and front end users?
Posted: Thu Nov 16, 2006 5:05 pm
by Strongbox
It seems that using a rewriterule in the .htaccess file would be the best way to go.
This is what I have tried so far... with no luck:
Code: Select all
php_flag magic_quotes_gpc Off
php_flag register_globals Off
php_flag session.use_trans_sid Off
php_flag safe_mode off
# Make sure you have Options FollowSymLinks
# and Allow on
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
#Rewrites page.shtml as index.php?page
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteCond %{REQUEST_FILENAME} !-d [NC]
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
RewriteRule ^/client-sign-up-form.html(.*) https://www.mortgagecommando.com/client-sign-up-form.html
I can get the whole site to rewrite to https by doing the following:
Code: Select all
php_flag magic_quotes_gpc Off
php_flag register_globals Off
php_flag session.use_trans_sid Off
php_flag safe_mode off
# Make sure you have Options FollowSymLinks
# and Allow on
Options +FollowSymLinks
RewriteEngine On
RewriteBase /
#Rewrites page.shtml as index.php?page
RewriteCond %{REQUEST_FILENAME} !-f [NC]
RewriteCond %{REQUEST_FILENAME} !-d [NC]
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
RewriteRule ^(.*) https://www.mortgagecommando.com/client-sign-up-form.html
But I just want certain pages to rewrite to https... solution anyone?
Re: How do I create a secure login for self registration and front end users?
Posted: Sun Nov 19, 2006 4:21 pm
by Strongbox
I keep looking but I can't find a solution for this.... I can't believe that no one else needs or wants secure logins??? This is the age of ID theft and everyone is concerned about giving out info anyway, so it seems that this would be a worthy task.
Maybe I missed how this is done somewhere?
Thanks!
Re: How do I create a secure login for self registration and front end users?
Posted: Sun Nov 19, 2006 6:21 pm
by Strongbox
Here is a solution.
You simply create a custom tag:
NAME : ssl
Content:
Code: Select all
{
// Check if accessed via SSL
if($_SERVER['HTTPS'] != 'on')
{
// If not, redirect
$newurl = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
header("location: $newurl");
}
}
Then you just call the tag by inserting the following at the top of the page:
What is does is first checks to see if page is viewed in SSL if it is not then it pulls the pulled page info and adds https to it and redirects.
Simple fix, no .htaccess issues clean
Enjoy! Cool