Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enabling HTTPS logins doesn't work for non standard port (Trac #866) #866

Closed
elgg-gitbot opened this issue Feb 16, 2013 · 10 comments
Closed
Labels

Comments

@elgg-gitbot
Copy link

Original ticket http://trac.elgg.org/ticket/866 on 39193405-01-22 by codebrane, assigned to unknown.

Elgg version: 1.5

1.5 RC2

If you enable HTTPS logins from the installer, you can never login if you have a non standard SSL port. There's no way to specify the port from the installer. If you prepend https:// to the site url in the installer, the site becomes httpss://

@elgg-gitbot
Copy link
Author

trac user kevin_traas wrote on 39425728-11-10

I ran into the same issue setting things to use HTTPS - even though I'm running on standard 443/tcp. The only problem I've found so far has been on the login page, which I fixed as per the following diff:

Change line 27 of /var/www/views/default/account/forms/login.php:

From: if ((isset($CONFIG->https_login)) && ($CONFIG->https_login))

To: if ((isset($CONFIG->https_login)) && ($CONFIG->https_login) && !ereg('https', $login_url))

Solved my problem!

@elgg-gitbot
Copy link
Author

trac user kevin_traas wrote on 39425731-06-17

Replying to kevin_traas:

On second thought.... the better solution might be to use eregi(), not ereg(). So, as follows:

To: if ((isset($CONFIG->https_login)) && ($CONFIG->https_login) && !eregi('https', $login_url))

@elgg-gitbot
Copy link
Author

brettp wrote on 40085195-09-20

Anyone know the status of this?

@elgg-gitbot
Copy link
Author

Milestone changed to Elgg 1.8 by brettp on 40088148-05-07

@elgg-gitbot
Copy link
Author

cash wrote on 40146951-03-29

Here is the complete status on this:

  1. codebrane is correct that Elgg does not support non-standard ports for SSL logins. This is very rare. The best way to handle it is to add an option in the global CONFIG object for specifying port.
  2. kevin's issue is that he is running his entire site with SSL and he turned on the SSL login. The instructions on this should be updated as I've seen a few people do this. We could also add a check to prevent the httpss as he suggests.
    1. The registration form action does not use https and I think it should if login is using it.

All of the above are simple changes that we can wait for 1.8 to handle.

@elgg-gitbot
Copy link
Author

cash wrote on 40861103-05-22

(In [svn:7281]) Refs #866 - registration uses https if configured for login

@elgg-gitbot
Copy link
Author

Milestone changed to Elgg 1.8.1 by cash on 40894736-09-03

@elgg-gitbot
Copy link
Author

Milestone changed to Elgg 1.8.13 by brettp on 43024592-10-21

@elgg-gitbot
Copy link
Author

Milestone changed to Elgg 1.8.14 by cash on 43074389-05-22

@ewinslow
Copy link
Contributor

Solution is to not use the https login feature and just specify the port in your wwwroot, serving the whole site over https.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

2 participants