Problem with SSL on login page only

General Discussion about the commercial Enuuk Auction Platform
Post Reply
bamse
Posts: 220
Joined: Mon Feb 06, 2012 12:05 pm
Contact:

Problem with SSL on login page only

Post by bamse » Sat Feb 23, 2013 4:15 pm

Not sure whether this is due to my modifications or some incorrectly set up web server.

If I set "SSL on login page only", I do indeed get SSL on the login page. However after login any links on the site are "https://" instead of "http:///".

Can somebody confirm this?

RWAP
Site Admin
Posts: 748
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Problem with SSL on login page only

Post by RWAP » Sat Feb 23, 2013 4:41 pm

That is correct - I thought I had detailed the changes required on here, but can't find them.

In class\Action\User.php

Find:
Find:

Code: Select all

        if($this->context->siteOptions['SSLInLogin']){
            $siteOption = $this->context->siteOptions;
            $siteOption['protocol'] = 'https';
            $this->context->siteOptions = $siteOption;
Add below this:

Code: Select all

            $data['redirectLinks']=true;

Code: Select all

                    if(isset($p['redirect'])){
                        //delete some parameters
                        $p[0] = ""; $p['id'] = ""; $p['password'] = "";
                        $this->context->parameters = $p;

                        //decode redirect path and run the action code
                        list($className,$methodToCall) = explode("::",$p['redirect']);
                        $className = "Action_".$className;
                        $operation = new $className();
                        $operation->setContext($this->context);
                        if($methodToCall && method_exists($operation,$methodToCall)){
                            $operation->$methodToCall();
                        }else{
                            $operation->defaultAction();
                        }

                    }else{
                        $this->profile();
                    }
Change this to:

Code: Select all

                    if(isset($p['redirect'])){
                        //delete some parameters
                        $p[0] = ""; $p['id'] = ""; $p['password'] = "";
                        $this->context->parameters = $p;

                        //decode redirect path and run the action code
                        list($className,$methodToCall) = explode("::",$p['redirect']);
                        $className = "Action_".$className;
                        $operation = new $className();
                        $operation->setContext($this->context);
                        if($methodToCall && method_exists($operation,$methodToCall)){
                            $operation->$methodToCall();
                        }else{
                            $operation->defaultAction();
                        }
                    }else{
                        $data['newURL']='/user/profile';
		                $data['template'] = "userRedirect.php";
		                $this->context->addData($data);
                    }
Find:

Code: Select all

        }else{ //no action
            $data['title'] = 'Recover Password';
            $data['template'] = 'userRecoverPassword.php';
            $data['action'] = 'recoverPass';
            $this->context->addData($data);
        }
Change this to:

Code: Select all

        }else{ //no action
        	if($this->context->siteOptions['SSLInLogin'] && $par['redirectNeeded']){
                $siteOption = $this->context->siteOptions;
	            $siteOption['protocol'] = 'http';
	            $this->context->siteOptions = $siteOption;
				$data['newURL']='/user/recoverPassword';
				$data['template'] = "userRedirect.php";
				$this->context->addData($data);
                return;
            }
            $data['title'] = _('Recover Password');
            $data['template'] = 'userRecoverPassword.php';
            $data['action'] = 'recoverPass';
            $this->context->addData($data);
        }
Then, create a new themes\default\userRedirect.php:

Code: Select all

<script type="text/javascript">
	//<![CDATA[
	top.location = '<?=$siteOptions['protocol']?>://<?=$HTTPHost?><?=$newURL?>';
    //]]>
</script>
    <div id="content">
    <h2 class="hBox"><?=_('User login')?></h2>
    	<div class="tableLook">
        	<?=_('Logging you in...')?>
        <div class="clear"></div>
        </div>
    </div>
And change the themes\default\userLogin.php
Find:

Code: Select all

                <p class="c16 cLast"><a href="<?=$relativePath?>user/recoverPassword"><?= _('Forgot your password?')?></a></p>
Change this to:

Code: Select all

                <p class="c16 cLast"><a href="<?=$relativePath?>user/recoverPassword?redirectNeeded=<?=$redirectLinks?>"><?= _('Forgot your password?')?></a></p>

RWAP
Site Admin
Posts: 748
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Problem with SSL on login page only

Post by RWAP » Sat Feb 23, 2013 4:47 pm

This also can be combined with my improved logon module:

viewtopic.php?f=11&t=243&start=0

bamse
Posts: 220
Joined: Mon Feb 06, 2012 12:05 pm
Contact:

Re: Problem with SSL on login page only

Post by bamse » Sat Feb 23, 2013 10:15 pm

Thanks a lot for the reply and the code.

ON a related note, enabling SSL everywhere seems to break the tabs on the offerDetail page. Clicking on any of the tabs takes me to the homepage instead of showing the tab content.

RWAP
Site Admin
Posts: 748
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Problem with SSL on login page only

Post by RWAP » Sun Feb 24, 2013 1:30 pm

There is no specific reason why SSL would break the tabs - it may just be that you need to clear your browser cache, as it would suggest that global.js or tinyMCE has not loaded properly...

RWAP
Site Admin
Posts: 748
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Problem with SSL on login page only

Post by RWAP » Sun Feb 24, 2013 1:38 pm

One thing worth checking is have a look at the source code for the page - check that https:// is being used to load the javascripts - as it may well be that something required for the tabs is being loaded using http:// and then the browser will not load unsecure content.

Firefox is about the best browser (with Firebug installed) to check on how the page is loaded and whether there are any errors being thrown in the code.

bamse
Posts: 220
Joined: Mon Feb 06, 2012 12:05 pm
Contact:

Re: Problem with SSL on login page only

Post by bamse » Sun Feb 24, 2013 8:54 pm

Somehow the problem disappeared on its own. Perhaps it was just a slow internet connection!?

RWAP
Site Admin
Posts: 748
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Problem with SSL on login page only

Post by RWAP » Mon Feb 25, 2013 2:52 pm

Could well be - have a look at mod_spdy to help with SSL connections (which are invariably slower than http)

zohanx747
Posts: 1
Joined: Thu Oct 31, 2013 12:08 pm
Contact:

Re: Problem with SSL on login page only

Post by zohanx747 » Thu Oct 31, 2013 12:19 pm

ON a related note, enabling SSL everywhere seems to break the tabs on the offerDetail page. Clicking on any of the tabs takes me to the homepage instead of showing the tab content.
ZoHaN

RWAP
Site Admin
Posts: 748
Joined: Fri Jan 08, 2010 2:23 am
Location: Stoke-on-Trent
Contact:

Re: Problem with SSL on login page only

Post by RWAP » Thu Oct 31, 2013 12:24 pm

It shouldn't (I have just tried it on Enuuk v3.3) - which version of Enuuk are you running?

Your best bet would be to either provide a link to your site (PM me if you don't want to make it public yet) or to use Firebug within Firefox to see what is breaking global.js

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest