[geeklog-users] ssl for admin functions
Ted Roby
geeklog at tedroby.com
Mon Feb 2 19:18:30 EST 2004
On Feb 2, 2004, at 9:56 AM, Tony Bibbs wrote:
> Assuming you are using a fairly recent version of PHP you could do
> this in lib-common.php *after* the include of config.php:
>
> if (stristr($_SERVER["SERVER_PROTOCOL"],'https')) {
> $_CONF['site_url'] = 'https://mydomain';
> } else {
> $_CONF['site_url'] = 'http://mydomain';
> }
>
> This assumes that your admins login using some page that is SSL'd and
> from that point on the snippet above should keep them in SSL.
>
> --Tony
>
Is version 4.3.3 recent enough?
If it is, this snippet did not fix the problem. Let me try to explain
how it happens.
You go to the page on http.
You click on a function located in /admin.
This causes you to be redirected to https.
You are then prompted for the login to access /admin.
You remain in https while you navigate around.
You will continue to be in https until you click on a link that
specifically calls http.
You make a change. (Let's say you enable a block.)
When you click save, you do not get the message that says your changes
have been saved.
Instead, you are back at the Block Manager.
Nothing reflects that anything has been changed.
More information about the geeklog-users
mailing list