Make any page go to HTTPS! {TAG}

[Strongbox]

OK, in my quest to find a simple way to make pages SSL for login and registration this is the solution I came up with.

You simply create a custom tag:

NAME : ssl

Content:

Code: Select all

{
    // Check if accessed via SSL
    if($_SERVER['HTTPS'] != 'on')
    {
        // If not, redirect
        $newurl = 'https://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'];
        header("location: $newurl");
    }
} 

Then you just call the tag by inserting the following at the top of the page:

Code: Select all

{ssl}

What is does is first checks to see if page is viewed in SSL if it is not then it pulls the pulled page info and adds https to it and redirects.

Simple fix, no .htaccess issues clean

Enjoy! 

[Strongbox]

The only issue now is that I get a security warning when logging in about info being sent over a non-encrypted connection and could be easily read ect etc.

Anyone know what would cause this? This would be a major turn off to most Internet users..... back to the drawing board I guess!

[Dr.CSS]

I think you need a SSL certificate to make it real...

[Strongbox]

DUH!

I don't think that the PLESK cert will work! I will get a full cert then see what happens.

UPDATE:

This was not the issue... oh well needed my own site Cert anyway! 

[Strongbox]

Well, I got a cert.... the error still pops up and the only way I could fix it is to make the root URL in the config file HTTPS://www.mysite.com

I'm not smart enough to get it to work any other way... without the error.... maybe someone else can give some input on this issue?.... I can't be the only one that wants this! 

[Dr.CSS]

You could make the pages static HTML with HTTPS as the URL for them...

[JohnnyB]

Any content pulled into the page, i.e, images,  must have an https call path.  Otherwise the browser reports to the user that some content is SSL (https) based and some content is not.  The default is to have http://domain.com/images/image.gif instead of what a SSL cert wants, which is https://domain.com/images/image.gif.

I remember seeing a fix for another CMS I worked with that would check if the page should be served as https:// and if so, it would change the base url to https:// to avoid certificate conflicts.  The fix would re-write unsecure links to secure - it was joomla.  Sorry I can't say how to do this in CMSms (I'm a noob here).  I hope to learn though

here's the link to the joomla fix - maybe it will help with inspiration. http://forum.joomla.org/index.php/topic ... #msg402169



John D. Beatrice

[Strongbox]

It's even worse than that. What happens in my case is that the user goes to register with the 'frontenduser' 'selfregistration' modules and the box pops up when they click to register saying that although this page is secure that they are going to send information to a non-secure path that someone could read etc.

SCARY!

I like the idea of having the page pull all links from https when a secure page is open. I know that there has to be a way to do this and maybe what you have shown from the other cms system that shall not be named... ) is a good way to get started. I am just not fluent enough in php to figure this out myself. It looks like a simple fix though from what I can see.

[midnightmind]

This is what I ended up using to force an SSL page.

Code: Select all

if ($_SERVER["SERVER_PORT"] != 443)
{
   header('Location: https://'.$_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] .'?'. $_SERVER[QUERY_STRING]);
}

The only issue I had with CMSms was the stylesheet having a full path instead of a relative path. I ended up just making an SSL equivalent of my template with SSL paths to the sylesheet. Easy enough.

I suggest using the method described at http://blog.taragana.com/index.php/arch ... ndent-way/ for determining the complete URL of a page.

[JohnnyB]

Right,
The only other thing to do is use .htaccess and rewrite everything to httpS:// so all content appears to load from a secure address...