[geeklog-users] ssl for admin functions

Tony Bibbs tony at tonybibbs.com
Tue Feb 3 09:17:15 EST 2004


My code snippet should work but the assumption is your admins *start* in 
https.  Once in https, my code snippet below will keep them in https 
mode permanently.  It's won't work the why you quite described it but it 
should keep your admins in https mode.  If you want to add another layer 
of security to force them into https mode you can modify the 
auth.inc.php to redirect them to https if the SERVER_PROTOCOL is http.

--Tony

Ted Roby wrote:
> 
> On Feb 2, 2004, at 9:56 AM, Tony Bibbs wrote:
> 
>> Assuming you are using a fairly recent version of PHP you could do 
>> this in lib-common.php *after* the include of config.php:
>>
>> if (stristr($_SERVER["SERVER_PROTOCOL"],'https')) {
>>     $_CONF['site_url'] = 'https://mydomain';
>> } else {
>>     $_CONF['site_url'] = 'http://mydomain';
>> }
>>
>> This assumes that your admins login using some page that is SSL'd and 
>> from that point on the snippet above should keep them in SSL.
>>
>> --Tony
>>
> 
> Is version 4.3.3 recent enough?
> 
> If it is, this snippet did not fix the problem. Let me try to explain 
> how it happens.
> 
> You go to the page on http.
> You click on a function located in /admin.
> This causes you to be redirected to https.
> You are then prompted for the login to access /admin.
> You remain in https while you navigate around.
> You will continue to be in https until you click on a link that 
> specifically calls http.
> You make a change. (Let's say you enable a block.)
> When you click save, you do not get the message that says your changes 
> have been saved.
> Instead, you are back at the Block Manager.
> Nothing reflects that anything has been changed.
> 
> 
> _______________________________________________
> geeklog-users mailing list
> geeklog-users at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-users



More information about the geeklog-users mailing list