Page 2 of 4

Re: Limited SSL Usage in phpBB3

Posted: Sat Mar 13, 2010 8:43 pm
by mrberry
php version 5.2.11

Re: Limited SSL Usage in phpBB3

Posted: Sun Mar 14, 2010 2:35 pm
by ToonArmy
mrberry wrote:php version 5.2.11
Apologies, it was my bad. Broke my own ACP too! Try again, I've updated the file. :)

Re: Limited SSL Usage in phpBB3

Posted: Mon Mar 15, 2010 3:12 pm
by mrberry
works great! thanks.

Re: Limited SSL Usage in phpBB3

Posted: Sat Apr 03, 2010 7:47 pm
by aggregator
Thanks for this great hook, ToonArmy.
It works like a charm!

Just one minor inconvenience I noticed:
When using password protected forums, the redirect after entering the password does not work. It redirects to "The forum you selected does not exist." and one has to browse to the board manually.

I am using the current stable phpBB release without any special hacks.
Any chance of getting this fixed or could it be due to something in my setup?


Regards,
aggregator

Re: Limited SSL Usage in phpBB3

Posted: Sun Apr 04, 2010 12:21 am
by ToonArmy
aggregator wrote:Thanks for this great hook, ToonArmy.
It works like a charm!

Just one minor inconvenience I noticed:
When using password protected forums, the redirect after entering the password does not work. It redirects to "The forum you selected does not exist." and one has to browse to the board manually.

I am using the current stable phpBB release without any special hacks.
Any chance of getting this fixed or could it be due to something in my setup?


Regards,
aggregator
We don't advise using password protected forums, but I'll have a look anyway.

Re: Limited SSL Usage in phpBB3

Posted: Sun Apr 04, 2010 1:15 am
by ToonArmy
ToonArmy wrote:We don't advise using password protected forums, but I'll have a look anyway.
Hopefully I've fixed it, same URL. http://github.com/cs278/phpbb3/blob/hoo ... ontrol.php

Re: Limited SSL Usage in phpBB3

Posted: Sun Apr 04, 2010 3:16 am
by aggregator
The fix did the trick. Thank you very much :)
We don't advise using password protected forums
Why, if I may ask?
They seem to provide a reasonable second level of protection, in case a user account gets compromised.
As long as passwords for sensitive forums are distributed off-site, that is.

Re: Limited SSL Usage in phpBB3

Posted: Sun Apr 04, 2010 1:53 pm
by ToonArmy
aggregator wrote:The fix did the trick. Thank you very much :)
We don't advise using password protected forums
Why, if I may ask?
They seem to provide a reasonable second level of protection, in case a user account gets compromised.
As long as passwords for sensitive forums are distributed off-site, that is.
Well they're fine as a supplement to proper permissions.

Re: Limited SSL Usage in phpBB3

Posted: Mon Aug 30, 2010 3:59 am
by yaashul
I copied that hook file in include/hook directory. And how to activate this hook?

Re: Limited SSL Usage in phpBB3

Posted: Mon Aug 30, 2010 2:06 pm
by ToonArmy
yaashul wrote:I copied that hook file in include/hook directory. And how to activate this hook?
Clear the cache from your ACP index and it will be enabled.

Re: Limited SSL Usage in phpBB3

Posted: Mon Sep 13, 2010 3:35 pm
by jpipitone43
This works great - however when I go to submit the form after putting in my login credentials, my browser says:

"This form will be sent in a way that is not secure. Are you sure you want to send it?"

I've viewed the source, and noticed that there are still some items on the page that are not displayed securely.

Any ideas?

Re: Limited SSL Usage in phpBB3

Posted: Mon Sep 13, 2010 4:23 pm
by ToonArmy
jpipitone43 wrote:This works great - however when I go to submit the form after putting in my login credentials, my browser says:

"This form will be sent in a way that is not secure. Are you sure you want to send it?"

I've viewed the source, and noticed that there are still some items on the page that are not displayed securely.

Any ideas?
Like what items? Got any example URLs?

Re: Limited SSL Usage in phpBB3

Posted: Mon Sep 13, 2010 4:57 pm
by jpipitone43
I'll re-enable it and get back to you, busy day at the office today ;-)

PS - I only get the message in Safari, but IE displays the page wacky, as if it can't find the style sheets.

Google Chrome just displays the red skull and crossbones because there are insecure items on the page.

I'll post those items asap.

Re: Limited SSL Usage in phpBB3

Posted: Mon Sep 13, 2010 6:37 pm
by jpipitone43
Here's the URL to my forums:

http://civic.com/civicforum/

Here's what I've done so far:

1) Copied hook_ssl-control.php to my includes folder
2) Cleared the template cache in the ACP
3) Cookie Settings in ACP -> Cookie secure: Disabled (is this correct?)
4) Server URL settings - Force server URL settings: No
5) Server protocol is still http (this is so regular browsing through forums is still port 80)
6) Server port: 80

SSL links are generated perfectly, but some items are insecure.

Here are the insecure items - I've investigated and found that these items are related to my custom template in the header, but is phpBB3 related.

Code: Select all

<link href="http://civic.com/civicforum/style.php?id=3&lang=en&sid=c29455b4008d43ca2bfa6e31f36da6ef" rel="stylesheet" type="text/css" media="screen, projection" />
The hooks script is working perfectly as it should, my problem resides with that one style sheet that is dynamically rendered. I will try to solve it.

Re: Limited SSL Usage in phpBB3

Posted: Mon Sep 13, 2010 6:46 pm
by jpipitone43
Something else I found.

If you try to register on the site using the phpbb registration, the form will not submit:

https://civic.com/civicforum/ucp.php?mode=register

Scroll to the bottom and click I agree to these terms - it goes nowhere.

Any ideas?

I've disabled the hook script for now in case users are trying to register this way.