Skip to:
Content
Pages
Categories
Search
Top
Bottom

Same forum using http and https


  • eduardosilva
    Participant

    @eduardosilva

    Hello,

    I would like to have my forum with SSL enabled (user could type http or https), I already managed to avoid dupicated content using the “canonical” tag but when i access my bbPress forum using https the requested page loads fine, but all the links (topics, forums, tags,…) are without https.

    You can see the same behaviour in this board if you try to access it through https

    Just try: https://bbpress.org/forums/forum/troubleshooting (need to accept the ceritificate)

    Is there any way of fixing this?

    I’m using bbPress 1.1 alpha (svn from end of january/2010)

    Thank you!

Viewing 16 replies - 1 through 16 (of 16 total)

  • _ck_
    Participant

    @_ck_

    I have an HTTPS trick around here somewhere, trying to find it.

    ah here it was:

    http://bbpress.org/forums/topic/https-with-bbpress-login#post-23667


    zaerl
    Participant

    @zaerl

    Now it’s official. The HTML entities bug is pretty annoying.

    Edit: nevermind. You edit the post.


    _ck_
    Participant

    @_ck_

    @zaerl, yeah fortunately I had the code posted in an old post, but I guess I could have used a pastebin or direct download.


    eduardosilva
    Participant

    @eduardosilva

    That worked!

    Everything works fine, except for the /bb-admin part using https. This page seens to redirect to the main forum, but switching to http works ok. (This is not a big problem, since my main objective was to have only the forum with ssl).

    Just for the record (if someone else is searching for this):

    The canonical modification can be made editing the header.php of the template and inserting the following line in the head section.

    <link rel="canonical" href="<?php echo "http://" . $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; ?>" />

    edit: this line look a bit messed here, check the original at pastebin: http://pastebin.com/626EqW74

    Thank you! :)


    _ck_
    Participant

    @_ck_

    Hmm, we should try to make it also work for bb-admin in case you have to administrate remotely, like over a wifi network.

    Can you tell me more specifically how it fails on admin?


    eduardosilva
    Participant

    @eduardosilva

    _ck_,

    I just noticed that also the controls for Sticky, delete topic, lock and unlock are not working, when you click on those links or in the link of admin panel, I’m redirected to the base address (still on https).

    This only occurs when I’m logged in as admin. If I’m with guest access I can go to /bb-admin and see the login screen.

    This is my ssl apache log:

    my_ip - - [07/Jun/2010:17:05:13 -0300] "GET /bb-admin HTTP/1.1" 301 328

    my_ip - - [07/Jun/2010:17:05:14 -0300] "GET /bb-admin/ HTTP/1.1" 302 -

    my_ip - - [07/Jun/2010:17:05:16 -0300] "GET / HTTP/1.1" 200 23610

    my_ip - - [07/Jun/2010:17:05:18 -0300] "GET /favicon.ico HTTP/1.1" 404 2715

    In a short way (and probably wrong), it looks like a 301 redirect for /bb-admin/(.*) to /

    But this only happens logged in as admin, on https trying to access anything inside of /bb-admin (the rest seems to work as it should).

    Using http everything is fine.

    Thanks!


    chrishajer
    Participant

    @chrishajer

    Rescued from Akismet


    _ck_
    Participant

    @_ck_

    Ah those controls (Sticky, delete topic, lock and unlock) are done javascript (ajax) in 1.1 so there is probably yet another url that has to be “adjusted” and hopefully not hard coded.


    _ck_
    Participant

    @_ck_

    Did some digging, here’s why that happens:

    Someone (ahem, Sam?) hard coded the url for bb-admin and worse than that, they did it as a relative url, instead of full url, so my little plugin can’t detect the page is in https mode.

    example:

    $uri = bb_get_uri('bb-admin/delete-post.php'

    right there, wow, hardcoding, after all that nonsense with even more CONSTANTS for all those silly paths.

    So, what we need is to detect when bb-admin is being requested and convert it back out of the relative url into a full url.


    eduardosilva
    Participant

    @eduardosilva

    Hello again _ck_, sorry for not giving any feedback earlier, but in the last few days I’ve been busy with my work and I wasn’t able to test your modification.

    I just made some tests with your modification, but the problem with bb-admin persisted.

    Anyway, I’m happy with the current achievements, the forum working with SSL is pretty nice, and normally I just use the administration part at home or work (in a safe network).

    Maybe one of us should fill a bug report for the https on the bugtracker?

    Thanks for all the help and I’m glad to see you back in the forums.

    :)


    _ck_
    Participant

    @_ck_

    LOL, filing a bug in the bugtracker doesn’t magically get features working, there’s no-one to work on extra things like that these days.

    But I think the problem is that the admin section must be checking the base url somewhere for security that I am not catching and doesn’t like it, so it redirects it.

    My current guess is it’s happening in function bb_auth which I am examining now.

    Ah it’s probably because bbPress 1.x has the secure_auth cookie where 0.9 does not, makes things much more complicated since you have to be logged in under SSL as well.


    _ck_
    Participant

    @_ck_

    Okay I think I found a fix – we simply have to bypass the malfunctioning secure_auth method in 1.x and just use the regular auth cookie. It’s what’s fighting us as soon as it detects SSL mode.

    So add this to the bottom of the plugin for 1.x

    function bb_validate_auth_cookie( $cookie = '', $scheme = 'auth' ) {
    global $wp_auth_object;
    return $wp_auth_object->validate_auth_cookie( $cookie, $scheme );
    }

    Test it carefully of course.

    view: http://pastebin.com/embed_iframe.php?i=wSYPsdjT

    download: http://pastebin.com/download.php?i=wSYPsdjT


    namelesshorseman
    Member

    @namelesshorseman

    hi _ck_,

    I’m trying to use your fix http://bbpress.org/forums/topic/https-with-bbpress-login#post-23667 + your code above, but get the following error when I try to activate the plugin:

    Fatal error: Cannot redeclare bb_validate_auth_cookie() (previously declared in <path to bbPress>/bb-includes/functions.bb-pluggable.php:142) in <path to bbPress>/my-plugins/https-mode.php on line 22

    Any ideas?

    Thanks!

    Tomek


    _ck_
    Participant

    @_ck_

    That’s strange because pluggable functions should step out of the way if they are already defined before it gets to it.

    For some reason the plugin is loading AFTER the pluggable loads, instead of before. I can’t quite explain that.

    Try renaming the plugin by putting an underscore in front of the name, ie.

    _https-mode.php

    and make sure it’s directly under my-plugins/ and not in a sub-directory under it.

    That’s the only idea that pops into my head right at the moment.

    ps. make sure you are using the newest one so far here:

    http://pastebin.com/embed_iframe.php?i=wSYPsdjT


    namelesshorseman
    Member

    @namelesshorseman

    Thanks _ck_. Changinn it to _http-mode.php made it “Autoload” (or something like it), so SSL now works for admin!


    _ck_
    Participant

    @_ck_

    I should probably submit this as a real plugin.

    It’s so small though I guess I’ll keep it in my bb-tweaks collection.

Viewing 16 replies - 1 through 16 (of 16 total)

You must be logged in to reply to this topic.