Skip to:
Content
Pages
Categories
Search
Top
Bottom

https with bbPress login


  • emailjohndavid
    Member

    @emailjohndavid

    Hello,

    I am trying to set up bbPress login with https and all other login related pages to go through https. My ssl pages are working fine when loading, but I get a warning message at the login saying “Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.” Surely enough, ‘login’ button is associated with http://mydomainname/forum/bb-login.php instead of https. Where and how would I fix this problem? Any help would be really appreciated!

Viewing 5 replies - 1 through 5 (of 5 total)

  • _ck_
    Participant

    @_ck_

    Did you look inside the login-form.php template?

    You might be referring to the 2nd one inside the failed login form which is probably in the core.

    A plugin might be able to fix this problem by detecting if the user is in HTTP vs HTTPS mode and filtering bb_get_option_uri – this intrigues me so I might write it and post it here shortly.


    _ck_
    Participant

    @_ck_

    I have no way to test this code right now

    but try putting into a file called https-mode.php

    and put it into your my-plugins directory

    (you might have to create the directory)

    and then activate it in your control panel.

    In theory it should make bbpress internal urls HTTPS when it detects you are trying to use HTTPS:// (SSL) mode, even though your main bbpress url is HTTP://

    <?php
    /*
    Plugin Name: HTTPS mode
    Description: forces internal bbPress URLs from HTTP to HTTPS only when using SSL
    */

    add_filter( 'bb_get_uri', 'https_mode',1,3);
    add_filter( 'bb_get_option_uri','https_mode',1);

    function https_mode($uri,$resource='',$context='') {
    if (!empty($_SERVER['HTTPS']) && strpos($uri,'http://')===0) {$uri=str_replace('http://','https://',$uri);}
    return $uri;
    }

    ?>


    emailjohndavid
    Member

    @emailjohndavid

    Thanks again!

    While I was reading your post, I remembered that my bbPress URL under settings was not pointed to https. Problem solved when I changed http to https in bbPress URL setting.

    Is there a way to have login pages password sensitive pages to use https but leave other pages to http?


    _ck_
    Participant

    @_ck_

    Yes, that is what my plugin attempts to do.

    You would set your regular bbPress url as HTTP but the plugin will detect when you are trying to use HTTPS and modify the internal url on the fly to HTTPS without permanently changing it.

    Then you just have to modify your login links to link via HTTPS to start the process.

    I guess I could further modify my plugin to force a HTTPS redirect when it sees the bb-login.php page.


    emailjohndavid
    Member

    @emailjohndavid

    I will try this soon and let you know. Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.