FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » FUDforum » How To » Secure the 2.3.7 version? deadend.  () 1 Vote
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
icon5.gif  Secure the 2.3.7 version? deadend. [message #17603] Tue, 06 April 2004 16:30 Go to next message
StarLight{PL} is currently offline  StarLight{PL}   Poland
Messages: 22
Registered: March 2003
Karma: 0
Junior Member
At first, I must say I cannot upgrade because of heavy modifications made to the forum and its templates (lack of time). Ok, that aside, here's the problem.

I've tried implementing https:// support in 2.3.7. Did so by starting output buffering in GLOBALS.php and writing a callback function which converts all occurences of http://forum.url/ to https://forum.url/. if $GLOBALS['HTTP_SERVER_VARS']['HTTPS'] is on. So far so good, BUT!

When I try to post a form, let's say it's quicklogin form (but others also, like pm, post a message), I'm being bounced back to http://. This is regardless of form having an "action" attribute pointing to https://.

Well, okay, I thought. There must be some kind of header('Location: command which keeps me bouncing back. So I went and redefined all instances of header('Location: to point to https:// (the ones with the double quotes around "location: also) [joe + macros + good search&replace = not too much work Smile]. In the include _and_ in the forum directory.

NO AVAIL. STILL KEEPS ME BOUNCED BACK.

Now I'm puzzled.

Any clues why this thing stil bounces me back to http? Has it perhaps something to do with $GLOBALS['returnto']? If yes, then where I can redefine it to sense https over http?

Ilia - any insights appreciated much. For example what's going on when the form (any form) is posted (in the forum ofcourse, not in http Wink)? I found out that the login & password are sent on a secure connection - but that's it Sad. There has to be something with the processing of the form. HELP Very Happy

EDIT: I forgot. This also happens when going to 'last post in thread' via the little arrow. Confused

[Updated on: Tue, 06 April 2004 16:37]

Report message to a moderator

Re: Secure the 2.3.7 version? deadend. [message #17606 is a reply to message #17603] Tue, 06 April 2004 16:54 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
The process is much simpler then that Wink

Step #1: you need to open GLOBALS.php inside the include/ directory and replace all instances of http:// with https://
Step #2: login as the admin and rebuild all the themes that are active.

That's it you are done.


FUDforum Core Developer
Odp: Secure the 2.3.7 version? deadend. [message #17616 is a reply to message #17603] Wed, 07 April 2004 07:57 Go to previous messageGo to next message
StarLight{PL} is currently offline  StarLight{PL}   Poland
Messages: 22
Registered: March 2003
Karma: 0
Junior Member
Yep, I've done that in the first place (it was enough to change just WWW_ROOT, as I recall), but we're trying to reduce the workload on the serwer and securing the whole forum would put too much overhead over the poor thing, because it could crash [note: this is *NOT* windows server] Smile I've all of header('Location: http:...) replaced by a sensing function, but I've not touched the $GLOBALS['returnto']; b ecause I thought they'll be automatically https. I think I was wrong Wink

Any more insights? Smile

greetz / StarLight
Re: Odp: Secure the 2.3.7 version? deadend. [message #17617 is a reply to message #17616] Wed, 07 April 2004 12:36 Go to previous messageGo to next message
Ilia is currently offline  Ilia   Canada
Messages: 13241
Registered: January 2002
Karma: 0
Senior Member
Administrator
Core Developer
If you rebuild the theme after changing WWW_ROOT it should modify just about all (if not all) instances of http:// with https://
icon6.gif  Odp: Secure the 2.3.7 version? deadend. [message #17618 is a reply to message #17603] Wed, 07 April 2004 14:33 Go to previous messageGo to next message
StarLight{PL} is currently offline  StarLight{PL}   Poland
Messages: 22
Registered: March 2003
Karma: 0
Junior Member
Yes, it does that allright... but we want to implement a possibility to choose if the user should go all-secure-way, or over unencrypted connection. Rebuilding etc. - I've been there, what I'm trying to implement (and almost succeeded Wink ) is a functionality to *sense* if the connection is HTTP or HTTPS. I think I'll try and play with those returnto globals. The only thing which puzzles me is i don't know where https is being changed into http. This has to be thorugh some header("Location:, but, as I mentioned I've changed all occurences of Location: http to Location: "._is_secure().":// etc. - so all those redirects are now https-aware. I didn't touch these returnto - I think I should tinker with those to achieve the functionality I want Very Happy...

greetz & thanks for the great forum package... It's awesome in many ways.

StarLight
icon10.gif  Odp: Secure the 2.3.7 version? deadend. - SOLVED [message #17621 is a reply to message #17603] Wed, 07 April 2004 16:09 Go to previous message
StarLight{PL} is currently offline  StarLight{PL}   Poland
Messages: 22
Registered: March 2003
Karma: 0
Junior Member
yahoooooooooo!!!

Ok, I've done it! I've modified every reference to header("Location {ROOT}, and also to Location: GLOBALS('returnto') [the later did the trick for login but not much else]...

now my forum has http sensing... in a hacked way, but... Very Happy dum di dum humm humm...

I consider this topic RESOLVED Very Happy

greetz and thanks anyway Ilia, and keep up the good work (although I do not like the cluttered new layout much Twisted Evil )

StarLight
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: Display answer of a special member
Next Topic: probleme with ID in egroupware / FUD
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 24 10:14:43 GMT 2024

Total time taken to generate the page: 0.02656 seconds