[emailjohndavid]

Hello,

I am trying to set up bbPress login with https and all other login related pages to go through https. My ssl pages are working fine when loading, but I get a warning message at the login saying “Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.” Surely enough, ‘login’ button is associated with http://mydomainname/forum/bb-login.php instead of https. Where and how would I fix this problem? Any help would be really appreciated!

[_ck_]

Did you look inside the login-form.php template?

You might be referring to the 2nd one inside the failed login form which is probably in the core.

A plugin might be able to fix this problem by detecting if the user is in HTTP vs HTTPS mode and filtering bb_get_option_uri – this intrigues me so I might write it and post it here shortly.

[_ck_]

I have no way to test this code right now

but try putting into a file called https-mode.php

and put it into your my-plugins directory

(you might have to create the directory)

and then activate it in your control panel.

In theory it should make bbpress internal urls HTTPS when it detects you are trying to use HTTPS:// (SSL) mode, even though your main bbpress url is HTTP://

<?php

/*

Plugin Name: HTTPS mode

Description: forces internal bbPress URLs from HTTP to HTTPS only when using SSL

*/



add_filter( 'bb_get_uri', 'https_mode',1,3);

add_filter( 'bb_get_option_uri','https_mode',1);



function https_mode($uri,$resource='',$context='') {

if (!empty($_SERVER['HTTPS']) && strpos($uri,'http://')===0) {$uri=str_replace('http://','https://',$uri);}

return $uri;

}



?>

[emailjohndavid]

Thanks again!

While I was reading your post, I remembered that my bbPress URL under settings was not pointed to https. Problem solved when I changed http to https in bbPress URL setting.

Is there a way to have login pages password sensitive pages to use https but leave other pages to http?

[_ck_]

Yes, that is what my plugin attempts to do.

You would set your regular bbPress url as HTTP but the plugin will detect when you are trying to use HTTPS and modify the internal url on the fly to HTTPS without permanently changing it.

Then you just have to modify your login links to link via HTTPS to start the process.

I guess I could further modify my plugin to force a HTTPS redirect when it sees the bb-login.php page.

[emailjohndavid]

I will try this soon and let you know. Thanks!

[honestscott]

I guess I could further modify my plugin to force a HTTPS redirect when it sees the bb-login.php page.

Hi,

Did you ever modify the plugin?

I am looking to only use https on my login, and registration pages.

I have a SSL certificate, but, when I update my general settings URL to https, things break on my forum.

Thanks for your help.

Scott