[geeklog-users] ssl for admin functions
Tony Bibbs
tony at tonybibbs.com
Tue Feb 3 09:17:15 EST 2004
My code snippet should work but the assumption is your admins *start* in
https. Once in https, my code snippet below will keep them in https
mode permanently. It's won't work the why you quite described it but it
should keep your admins in https mode. If you want to add another layer
of security to force them into https mode you can modify the
auth.inc.php to redirect them to https if the SERVER_PROTOCOL is http.
--Tony
Ted Roby wrote:
>
> On Feb 2, 2004, at 9:56 AM, Tony Bibbs wrote:
>
>> Assuming you are using a fairly recent version of PHP you could do
>> this in lib-common.php *after* the include of config.php:
>>
>> if (stristr($_SERVER["SERVER_PROTOCOL"],'https')) {
>> $_CONF['site_url'] = 'https://mydomain';
>> } else {
>> $_CONF['site_url'] = 'http://mydomain';
>> }
>>
>> This assumes that your admins login using some page that is SSL'd and
>> from that point on the snippet above should keep them in SSL.
>>
>> --Tony
>>
>
> Is version 4.3.3 recent enough?
>
> If it is, this snippet did not fix the problem. Let me try to explain
> how it happens.
>
> You go to the page on http.
> You click on a function located in /admin.
> This causes you to be redirected to https.
> You are then prompted for the login to access /admin.
> You remain in https while you navigate around.
> You will continue to be in https until you click on a link that
> specifically calls http.
> You make a change. (Let's say you enable a block.)
> When you click save, you do not get the message that says your changes
> have been saved.
> Instead, you are back at the Block Manager.
> Nothing reflects that anything has been changed.
>
>
> _______________________________________________
> geeklog-users mailing list
> geeklog-users at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-users
More information about the geeklog-users
mailing list