I have an HTTPS trick around here somewhere, trying to find it.
ah here it was:
https://bbpress.org/forums/topic/https-with-bbpress-login#post-23667
Now it’s official. The HTML entities bug is pretty annoying.
Edit: nevermind. You edit the post.
@zaerl, yeah fortunately I had the code posted in an old post, but I guess I could have used a pastebin or direct download.
That worked!
Everything works fine, except for the /bb-admin part using https. This page seens to redirect to the main forum, but switching to http works ok. (This is not a big problem, since my main objective was to have only the forum with ssl).
Just for the record (if someone else is searching for this):
The canonical modification can be made editing the header.php of the template and inserting the following line in the head section.
<link rel="canonical" href="<?php echo "http://" . $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"]; ?>" />
edit: this line look a bit messed here, check the original at pastebin: http://pastebin.com/626EqW74
Thank you! 
Hmm, we should try to make it also work for bb-admin in case you have to administrate remotely, like over a wifi network.
Can you tell me more specifically how it fails on admin?
_ck_,
I just noticed that also the controls for Sticky, delete topic, lock and unlock are not working, when you click on those links or in the link of admin panel, I’m redirected to the base address (still on https).
This only occurs when I’m logged in as admin. If I’m with guest access I can go to /bb-admin and see the login screen.
This is my ssl apache log:
my_ip - - [07/Jun/2010:17:05:13 -0300] "GET /bb-admin HTTP/1.1" 301 328
my_ip - - [07/Jun/2010:17:05:14 -0300] "GET /bb-admin/ HTTP/1.1" 302 -
my_ip - - [07/Jun/2010:17:05:16 -0300] "GET / HTTP/1.1" 200 23610
my_ip - - [07/Jun/2010:17:05:18 -0300] "GET /favicon.ico HTTP/1.1" 404 2715
In a short way (and probably wrong), it looks like a 301 redirect for /bb-admin/(.*) to /
But this only happens logged in as admin, on https trying to access anything inside of /bb-admin (the rest seems to work as it should).
Using http everything is fine.
Thanks!
Ah those controls (Sticky, delete topic, lock and unlock) are done javascript (ajax) in 1.1 so there is probably yet another url that has to be “adjusted” and hopefully not hard coded.
Did some digging, here’s why that happens:
Someone (ahem, Sam?) hard coded the url for bb-admin and worse than that, they did it as a relative url, instead of full url, so my little plugin can’t detect the page is in https mode.
example:
$uri = bb_get_uri('bb-admin/delete-post.php'
right there, wow, hardcoding, after all that nonsense with even more CONSTANTS for all those silly paths.
So, what we need is to detect when bb-admin is being requested and convert it back out of the relative url into a full url.
Hello again _ck_, sorry for not giving any feedback earlier, but in the last few days I’ve been busy with my work and I wasn’t able to test your modification.
I just made some tests with your modification, but the problem with bb-admin persisted.
Anyway, I’m happy with the current achievements, the forum working with SSL is pretty nice, and normally I just use the administration part at home or work (in a safe network).
Maybe one of us should fill a bug report for the https on the bugtracker?
Thanks for all the help and I’m glad to see you back in the forums.
LOL, filing a bug in the bugtracker doesn’t magically get features working, there’s no-one to work on extra things like that these days.
But I think the problem is that the admin section must be checking the base url somewhere for security that I am not catching and doesn’t like it, so it redirects it.
My current guess is it’s happening in function bb_auth which I am examining now.
Ah it’s probably because bbPress 1.x has the secure_auth cookie where 0.9 does not, makes things much more complicated since you have to be logged in under SSL as well.
Okay I think I found a fix – we simply have to bypass the malfunctioning secure_auth method in 1.x and just use the regular auth cookie. It’s what’s fighting us as soon as it detects SSL mode.
So add this to the bottom of the plugin for 1.x
function bb_validate_auth_cookie( $cookie = '', $scheme = 'auth' ) {
global $wp_auth_object;
return $wp_auth_object->validate_auth_cookie( $cookie, $scheme );
}
Test it carefully of course.
view: http://pastebin.com/embed_iframe.php?i=wSYPsdjT
download: http://pastebin.com/download.php?i=wSYPsdjT
hi _ck_,
I’m trying to use your fix https://bbpress.org/forums/topic/https-with-bbpress-login#post-23667 + your code above, but get the following error when I try to activate the plugin:
Fatal error: Cannot redeclare bb_validate_auth_cookie() (previously declared in <path to bbPress>/bb-includes/functions.bb-pluggable.php:142) in <path to bbPress>/my-plugins/https-mode.php on line 22
Any ideas?
Thanks!
Tomek
That’s strange because pluggable functions should step out of the way if they are already defined before it gets to it.
For some reason the plugin is loading AFTER the pluggable loads, instead of before. I can’t quite explain that.
Try renaming the plugin by putting an underscore in front of the name, ie.
_https-mode.php
and make sure it’s directly under my-plugins/ and not in a sub-directory under it.
That’s the only idea that pops into my head right at the moment.
ps. make sure you are using the newest one so far here:
http://pastebin.com/embed_iframe.php?i=wSYPsdjT
Thanks _ck_. Changinn it to _http-mode.php made it “Autoload” (or something like it), so SSL now works for admin!
I should probably submit this as a real plugin.
It’s so small though I guess I’ll keep it in my bb-tweaks collection.
