run TXP in a SSL-secured domain/subdirectory?

Sencer · 2006-10-29 09:47:10

You do not have to hardcode anything in the templates.

There is one place (in textpattern/publish.php for the public-side; and in textpattern/index.php for the admin-side) where we detect what the environment setting is, and use that for generating all links (with or without https). You can work around that detection by adding the following line to config.php:

define('PROTOCOL','https://')

To help us potentially improve the detection, show us the content of $_SERVER, for example by adding

***
<txp:php>var_dump($_SERVER)</txp:php>
***

to the page somewhere and giving us the result of that. Usually ‘https’ is set to “on” there.

Last edited by Sencer (2006-10-29 09:48:00)

saccade · 2006-10-29 10:19:35

You do not have to hardcode anything in the templates.

Of course, I know. I did it only for finding the problem and thought about a temporal workaround until it is solved better. :-)
Thank you for all your work and fast help :-)

Here what I got after adding your code to my page in the center area:

Parse error: parse error, unexpected $ in /homepages/XXXXXXXXXXXXXXXX/textpattern/publish/taghandlers.php(2681) : eval()’d code on line 1

Maybe I added it at a wrong place?

EDIT
With the added line in config.php security works. Thank you very much!

Last edited by saccade (2006-10-29 10:27:20)

saccade · 2006-10-29 10:31:37

Maybe the following information is essential too:
1. The page resides in a subdirectory /spk/ of the main directory.
2. The site ist hosted with Schlund&Partner and has the same characteristics as 1&1-sites regarding textpattern in subdirectories. There were rewrite-difficulties in the beginning.

saccade · 2006-10-29 10:43:50

Now I ran your php-line directly as a php-file called by https: within my spk-directory.

Here is the result:

... ["HTTPS"]=>  string(1) "1" ... ["REDIRECT_HTTPS"]=> string(1) "1" ...

EDIT: deleted additional information not relevant here

Last edited by saccade (2006-10-29 11:22:23)

Sencer · 2006-10-29 10:58:50

["HTTPS"]=> string(1) "1"

Ok, they are using 1 instead of ON. We’ll take that into account for future releases.

In the meantime, you can use the workaround I mentioned above (with config.php), and – if wanted – configure the webserver to only allow access to the site via https.

saccade · 2006-10-29 11:06:50

Thank you very much!

Should I delete the diagnostics and dump part in my posts above for security and better readability in the future?

Last edited by saccade (2006-10-29 11:09:20)

Sencer · 2006-10-29 11:11:55

Given that the relevant information is alsoin other posts now, sure, you can do that, if you like.

Textpattern CMS

Textpattern CMS support forum

#13 2006-10-29 09:47:10

Re: run TXP in a SSL-secured domain/subdirectory?

#14 2006-10-29 10:19:35

Re: run TXP in a SSL-secured domain/subdirectory?

#15 2006-10-29 10:31:37

Re: run TXP in a SSL-secured domain/subdirectory?

#16 2006-10-29 10:43:50

Re: run TXP in a SSL-secured domain/subdirectory?

#17 2006-10-29 10:58:50

Re: run TXP in a SSL-secured domain/subdirectory?

#18 2006-10-29 11:06:50

Re: run TXP in a SSL-secured domain/subdirectory?

#19 2006-10-29 11:11:55

Re: run TXP in a SSL-secured domain/subdirectory?

Board footer