SSL Hook & Index Page login issue

[yaashul]

I just implement SSL for login and ACP using
http://github.com/cs278/phpbb3/blob/hoo ... ontrol.php

discussion topic
http://www.phpbb.com/community/viewtopi ... 5&start=45


But having some issue with login. I'm not able to login from index page... Phpbb moderator suggest that I should ask this from the ppl who created this SEO mod. Please help me know what shud I do?

I did the following changes in Include/functions.php

from this

Code: Select all

$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=logout', true, $user->session_id);

to this

Code: Select all

$u_login_logout = append_sid("ucp.$phpEx", 'mode=logout', true, $user->session_id);

from this

Code: Select all

$u_login_logout = append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login');

to this

Code: Select all

$u_login_logout = append_sid("ucp.$phpEx", 'mode=login');

from this

Code: Select all

'S_LOGIN_ACTION'      => ((!defined('ADMIN_START')) ? append_sid("{$phpbb_root_path}ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)),

to this

Code: Select all

'S_LOGIN_ACTION'      => ((!defined('ADMIN_START')) ? append_sid("ucp.$phpEx", 'mode=login') : append_sid("index.$phpEx", false, true, $user->session_id)),

and it start working but is it a security risk to change it like that... is there any alternate to to this task?

[dcz]

Problem is that phpBB SEO rewriting even if not implemented as a hook, acts as a standalone hook, implying that no other hook may act on the urls. Because hooks for urls are very inefficient (I've tried a while ago to register phpbb_seo class as a hook and it was really a performance lost since we are talking about many call per page), and chances are very little that a hook for url would work with rewritten ones.

Though, you can still do it in phpbb_seo_class.php, try to replace :

Code: Select all

      if ( isset($this->seo_stop_files[$this->filename]) ) {
         // add full url
         $url = $this->path == $phpbb_root_path ? $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url) : $url;
         return ($this->seo_cache[$url] = $url);
      }

with :

Code: Select all

         if ($this->filename == 'ucp') {
            if (preg_match('`(i=profile&(amp;)?)?mode=(register|login|reg_details)`', $qs)) {
               $url = $this->sslify($url, true);
            }
         }

[yaashul]

No it didn't work... by using it if i click on login page it show index page always...same with register...

[dcz]

Sorry wrong copy paste.

The idea was to replace :

Code: Select all

      if ( isset($this->seo_stop_files[$this->filename]) ) {
         // add full url
         $url = $this->path == $phpbb_root_path ? $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url) : $url;
         return ($this->seo_cache[$url] = $url);
      }

with:

Code: Select all

      if ( isset($this->seo_stop_files[$this->filename]) ) {
         // add full url
         $url = $this->path == $phpbb_root_path ? $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url) : $url;
         if ($this->filename == 'ucp') {
            if (preg_match('`(i=profile&(amp;)?)?mode=(register|login|reg_details)`', $qs)) {
               $url = $this->sslify($url, true);
            }
         }
         return ($this->seo_cache[$url] = $url);
      }

[yaashul]

still not working

login page showing following url on index page

-https://www.website.com/https://www.website.com/ucp.php?mode=login


and login form showing this on index page

Code: Select all

<form method="post" action="https://www.website.com/https://www.website.com/ucp.php?mode=login" class="headerspace">

[dcz]

You must have hard coded something in your templates or elsewhere, this code works on a vanilla premod.

[yaashul]

you can chck it on my website...I haven't hard coded anything.. my website name is in my profile.

[dcz]

Is it possible that you also have part of the hook you linked here installed ?

Cause the code suggested is standalone and require all your custom changes to be removed (the one you mentioned in this thread).

[yaashul]

Yes I have removed all those changes I mentioned in this thread already.... i.e. placing {$phpbb_root_path} again in those three changes I have done in functions.php

[yaashul]

I have removed the changes I have done & post in 1st post in this topic and this solution that u provide still dont work. Can you please suggest what I'm missing here?

I removed the sll hook and your solution works fine... except after login it shows all the pages as https... what I'm looking here is just pages login page password page and acp pages as ssl.

+ there is a problem in this solution.... after login all pages become https but after logout all pages still remain https instead of going back to http...

[yaashul]

1 more issue with this solution... once u open the page it open as http once u login it convert into https...which is ok

but when u logged out and remain as guest it still show page as http

[ev0l]

Hey guys,

I'm facing the same problems, buuut I've got the (ok, at least one.. ^^) solution for the following case:

- UCP including login & register SSL encrypted
- rest of board NOT encrypted
- encryption only active when vistiting the UCP

I'm still working on version 0.6.6 PHPbbSEO Ultimate, update coming soon but I hope there is no code change in this area.

I'm using the code snipped from dcz

Sorry wrong copy paste.

The idea was to replace :

Code: Select all

      if ( isset($this->seo_stop_files[$this->filename]) ) {
         // add full url
         $url = $this->path == $phpbb_root_path ? $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url) : $url;
         return ($this->seo_cache[$url] = $url);
      }

with:

Code: Select all

      if ( isset($this->seo_stop_files[$this->filename]) ) {
         // add full url
         $url = $this->path == $phpbb_root_path ? $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url) : $url;
         if ($this->filename == 'ucp') {
            if (preg_match('`(i=profile&(amp;)?)?mode=(register|login|reg_details)`', $qs)) {
               $url = $this->sslify($url, true);
            }
         }
         return ($this->seo_cache[$url] = $url);
      }

And modified in phpbb_seo_class.php (same file):

Code: Select all

$server_protocol = $this->ssl['use']? 'https://' : 'http://';


to

Code: Select all

$server_protocol = false? 'https://' : 'http://';


just to force the http usage- I know, this can also be done through the ACP.. but.. I like files

the second change:


Add AFTER:

Code: Select all

$script_path = (empty($script_path) ) ? '' : $script_path . '/';

Code: Select all

if($_SERVER['SCRIPT_NAME'] == '/ucp.php') $this->seo_path['phpbb_url'] =  strtolower("https://" . $server_name . $server_port . '/'). $script_path;
else $this->seo_path['phpbb_url'] =  strtolower("http://" . $server_name . $server_port . '/'). $script_path;


and change:

Code: Select all

$this->seo_path['phpbb_urlR'] = $this->seo_path['phpbb_url'] =  $this->seo_path['root_url'] . $script_path;

to

Code: Select all

$this->seo_path['phpbb_urlR'] =  $this->seo_path['root_url'] . $script_path;

Finished. It is working on my board and until now, no issues.. what do you think?

Regards
ev0l

[yaashul]

Still ACP is working on HTTP only; not on HTTPS

[ev0l]

Try this:

Add after:

Code: Select all

if ( !$this->seo_opt['url_rewrite'] || defined('ADMIN_START') || isset($this->seo_stop_dirs[$this->path]) ) {

Code: Select all

// START Add SSL to ADMIN
                        if($this->path == $phpbb_root_path . 'adm/') {
                            $url = $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url);
                            $url = $this->sslify($url, true);
                        }
                        // END Add SSL to ADMIN

and @dcz: I'm facing the problem that your code:

Code: Select all

      if ( isset($this->seo_stop_files[$this->filename]) ) {
         // add full url
         $url = $this->path == $phpbb_root_path ? $this->seo_path['phpbb_url'] . preg_replace('`^' . $phpbb_root_path . '`', '', $url) : $url;
         if ($this->filename == 'ucp') {
            if (preg_match('`(i=profile&(amp;)?)?mode=(register|login|reg_details)`', $qs)) {
               $url = $this->sslify($url, true);
            }
         }
         return ($this->seo_cache[$url] = $url);
      }

Is not working for the reg_details page. It works for register and login, but not when trying to change the password in the ucp. Still, the if statement is correct since it gets called on the page. Do you have any idea? I think it has something to do with the $url var.

regards,
ev0l

[dcz]

could it be because the link is using the module id rather than the mode full name ?