Go to main content

Navigation menu

Textpattern CMS support forum

You are not logged in. Register | Login | Help

  1. Index
  2. » Archives
  3. » run TXP in a SSL-secured domain/subdirectory?

Pages: 1 2

#1 2005-10-19 08:19:16

saccade
Plugin Author
From: Neubeuern, Germany
Registered: 2004-11-05
Posts: 521

run TXP in a SSL-secured domain/subdirectory?

I need to run TXP in a SSL- and password-secured subdirectory.
It is located in a password-protected directory.
So far everything regarding running TXP seems well but only the login-page seems to be correctly SSL-secured. The other pages show no SSL-icon.
How can I make all TXP-pages SSL-secured?

Offline

#2 2005-10-19 08:33:25

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: run TXP in a SSL-secured domain/subdirectory?

Haven’t tries this myself, yet. You’ll probably have to modify some code here and there. Start by changing textpattern/index.php, line 66:

<code> define(“hu”,‘http://’.$siteurl.’/’); // v1.0 experimental relative url global define(“rhu”,preg_replace(“/http:\/\/.+(\/.*)\/?$/U”,”$1”,hu));

</code>
to this:
<code> define(“hu”,‘https://’.$siteurl.’/’); // v1.0 experimental relative url global define(“rhu”,preg_replace(“/https:\/\/.+(\/.*)\/?$/U”,”$1”,hu));
</code>

And textpattern/publish.php line 68

<code> define(“hu”,‘http://’.$siteurl.’/’); // v1.0 experimental relative url global define(“rhu”,preg_replace(“/http:\/\/.+(\/.*)\/?$/U”,”$1”,hu));
</code>

to this:

<code> define(“hu”,‘https://’.$siteurl.’/’); // v1.0 experimental relative url global define(“rhu”,preg_replace(“/https:\/\/.+(\/.*)\/?$/U”,”$1”,hu));
</code>

and line 218 in the same file

<code> $out[‘subpath’] = $subpath = preg_quote(preg_replace(“/http:\/\/.(\/.)/Ui”,”$1”,hu),”/”);
</code>

with this:

<code> $out[‘subpath’] = $subpath = preg_quote(preg_replace(“/https:\/\/.(\/.)/Ui”,”$1”,hu),”/”);
</code>

Offline

#3 2005-10-20 07:12:49

saccade
Plugin Author
From: Neubeuern, Germany
Registered: 2004-11-05
Posts: 521

Re: run TXP in a SSL-secured domain/subdirectory?

Thank you,

it seems to work (as far as I can see now) pretty fine!

Offline

#4 2006-06-14 07:16:32

claudio
New Member
Registered: 2005-12-19
Posts: 6

Re: run TXP in a SSL-secured domain/subdirectory?

I applied pcastell’s patch on 4.0.3 and it seems to work perfectly.
I agree that this feature should be added to the next releases of TXP, as it should be very simple to add it to the source code and it might be really useful for security-concerned sites.
It seems to me also that the best solution would be saving the prefix (http/https) in the config file, either detecting it automatically on installation or by asking to the user.
Greetings

Claudio

Offline

#5 2006-06-14 08:25:02

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: run TXP in a SSL-secured domain/subdirectory?

Thanks for reminding us. Yes, I’ll make sure this gets added before 4.0.4 is released.

Offline

#6 2006-10-28 21:46:48

saccade
Plugin Author
From: Neubeuern, Germany
Registered: 2004-11-05
Posts: 521

Re: run TXP in a SSL-secured domain/subdirectory?

txp 4.0.4 comes with “Automatic support of SSL

But my https-site shows a broken-security-sign again (it was well before with the changes mentioned above) after the ugrade from 4.0.3 to 4.0.4.
Do I need to change any setting?
Or have I to change to forced SSL? (By the way: How to to this?)

Offline

#7 2006-10-29 02:07:29

Mary
Sock Enthusiast
Registered: 2004-06-27
Posts: 6,236

Re: run TXP in a SSL-secured domain/subdirectory?

Would you post your full diagnostics, please?

Offline

#8 2006-10-29 06:55:09

Sencer
Archived Developer
From: cgn, de
Registered: 2004-03-23
Posts: 1,803
Website

Re: run TXP in a SSL-secured domain/subdirectory?

But my https-site shows a broken-security-sign again

That might happen because you are showing unsecured elements in a secured page. For example images or stylesheets. You should check the documentation of your browser to check if that’s the case. To fix it you need to check where you are using http: urls instead of https urls – all textpattern generated urls should be ok (maybe it’s manual links, maybe it’s plugins). If you want to “force” https for all urls to a certain directory/url you can do that with mod_rewrite. The fact that you can reach the same content via ssl and regular http is a matter of configuration of the webserver, not textpattern.

Please post a link to the page, if ou are still having problems.

Offline

#9 2006-10-29 08:45:55

saccade
Plugin Author
From: Neubeuern, Germany
Registered: 2004-11-05
Posts: 521

Re: run TXP in a SSL-secured domain/subdirectory?

Here my full diagnostics.

I checked my templates and the favicon was located in an unsecured directory, so I changed that. But still the same result.

Only in the head there are http-links:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
but I think that shouldn’t be the problem. I even tried it with https, but that didn’t change he result.

Unfortunately it is a page for internal discussions of my colleagues in work, so I cannot easily post a link here.

Last edited by saccade (2006-10-29 08:46:56)

Offline

#10 2006-10-29 08:49:15

saccade
Plugin Author
From: Neubeuern, Germany
Registered: 2004-11-05
Posts: 521

Re: run TXP in a SSL-secured domain/subdirectory?

Just now I noticed, that the links to full articles (permlinks) are not https but http.
Navigational links to categories/sections are https.
The link_to_home also is only http.

And here my diagnostics:

Textpattern-Version: 4.0.4 (r1956)
Letzte Aktualisierung: 2006-10-28 20:57:23/2006-10-28 20:56:14
Document Root: /kunden/homepages/XXXXXXXXXXXX (/homepages/XXXXXXXXXXXX)
$path_to_site: /homepages/XXXXXXXXXXXX
Textpattern-Pfad: /homepages/XXXXXXXXXXXX
Schema der URLs: section_title
Temporäres Verzeichnis: /homepages/XXXXXXXXXXXX
Seiten-URL: XXXXXXXXXXXX
PHP-Version: 4.4.4
Register globals: 1
Lokale Serverzeit: 2006-10-29 09:52:17
MySQL: 4.0.27-standard-log
Regionale Einstellungen: de_DE.UTF-8
Server: Apache/1.3.33 (Unix)
PHP Server API: cgi
RFC-2616-Header:
Betriebssystem des Servers: Linux 2.4
Aktive Plugins: ajw_clean_feed-0.2, mcw_templates-0.2, rss_admin_db_manager-4.1

Voruntersuchung:
————————————
Test für saubere URLs fehlgeschlagen.
————————————

Inhalt der .htaccess-Datei:
————————————
AuthType Basic
AuthName “Access for /XXXXXXXXXXXX”
AuthUserFile /kunden/homepages/XXXXXXXXXXXX
require user XXXXXXXXXXXX

  1. DirectoryIndex index.php index.html
  2. Options +FollowSymLinks
    RewriteBase /spk/

<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^(.+) – [PT,L]

RewriteRule ^(.*) index.php </IfModule>

————————————

Charset (default/config): german1/
character_set: german1
character_sets: latin1 big5 czech euc_kr gb2312 gbk latin1_de sjis tis620 ujis dec8 dos german1 hp8 koi8_ru latin2 swe7 usa7 cp1251 danish hebrew win1251 estonia hungarian koi8_ukr win1251ukr greek win1250 croat cp1257 latin5
19 Tables: OK

PHP-Erweiterungen: xslt, xml, wddx, tokenizer/0.1, standard/4.4.4, shmop, session, posix, overload, mysql, mhash, mcrypt, mbstring, imap, idn, iconv, gettext, gd, ftp, exif/1.4 $Id: exif.c,v 1.118.2.37.2.4 2006/01/01 13:46:52 sniper Exp $, domxml/20020815, dbase, dba, db, curl, ctype, calendar, bz2, bcmath, zlib/1.1, pcre, openssl
/include/txp_category.php: r1879 (aee777474b2f67ca07fc25756ba25c15)
/include/txp_plugin.php: r1917 (74184c0d8ed8608f840707a255178617)
/include/txp_auth.php: r1879 (b1dd4072b7daf4e997c6ff65ce3d1b2d)
/include/txp_form.php: r1913 (16ec600b41438b4cca10d2c8a19b2db8)
/include/txp_section.php: r1891 (2959593586ba3e97bc602f369c32e738)
/include/txp_tag.php: r1915 (3b4a7f73d92f9bbbe09985c5aa830d29)
/include/txp_list.php: r1892 (41f4d32fd070234b78f94adefebd5234)
/include/txp_page.php: r1913 (34331a5468bbb18dd9f6a282f3aa11e8)
/include/txp_discuss.php: r1909 (9b9ee934a30f52cd7a4d8cb45c8380ab)
/include/txp_prefs.php: r1946 (05615b6275d8927a2a0d51918d70a896)
/include/txp_log.php: r1919 (ed54d02e865319f2506c642a6bde768b)
/include/txp_preview.php: r1238 (5a4ae3ff0d68f4cb573d6d62a00ce9e8)
/include/txp_image.php: r1955 (20be975e67fa7c4aa9a1a3e51bfaf379)
/include/txp_article.php: r1889 (7749f699c03d0c57e04fafe17dbfa94c)
/include/txp_css.php: r1897 (f5cf1c20badb96a063c7c180e9020359)
/include/txp_admin.php: r1879 (d36dac010d21df7bcf9cf5e242b34d58)
/include/txp_link.php: r1879 (0652287df8bb32c66cfa1b939402404a)
/include/txp_diag.php: r1902 (96697ade63048e517177f4129d47de76)
/include/txp_file.php: r1895 (6ed67b094522e51b028dc88baa07444c)
/include/txp_import.php: r1238 (634e75d1b61958875ff275e3130f23ad)
/lib/admin_config.php: r1747 (1563fcbaffe25b3272b0d85ff9d5571d)
/lib/txplib_misc.php: r1956 (182c50b86195f1abe9dbe15728df3cae)
/lib/taglib.php: r1535 (04806ef864d5b0d2974e0e5f6397a2d7)
/lib/txplib_head.php: r1887 (b110efd071e9a5bb395beea66ced128a)
/lib/classTextile.php: r1943 (2c559991e34738eef1990dc079bd91c4)
/lib/txplib_html.php: r1937 (c206ca9cb9a54a7a95f3355b77fd0fa2)
/lib/txplib_db.php: r1879 (d68b6ea69950e405c4fec23b8641d9c2)
/lib/IXRClass.php: r765 (cbe59b59246dce060a4b4a52b4d448d8)
/lib/txplib_forms.php: r1887 (0049a228dc8eb346f8603478a7c1b2e2)
/lib/class.thumb.php: r1955 (12961180eee3add5096e69e0a154284e)
/lib/constants.php: unknown (0e40251c717c52b2b7fe992b62a3e97a)
/lib/txplib_update.php: r1239 (757f8189fcc53a795d7c807f17b2e788)
/lib/txplib_wrapper.php: unknown (584448787b4a3488200722672c0eee0d)
/publish/taghandlers.php: r1949 (3fa1b9ded18e6074b2495a3f4e3c33b5)
/publish/atom.php: r1864 (50602e2f1c443819a0a60f14f39d3093)
/publish/log.php: r1637 (a4a772567079f18101a1752446f3f6d4)
/publish/comment.php: r1951 (a3f803d744fea80808eb27a3f6b28674)
/publish/search.php: r1748 (b0182abc287055fe0932c263b2a5266d)
/publish/rss.php: r1864 (ae43eaa9ebe6b00e63810ae60ca7c6b6)
/publish.php: r1945 (abff727405efc6c4ec8b1cb403290063)
/index.php: r1948 (adf86f44861797f4969373c708ef48fb)
/css.php: r944 (763fa7658fc19ad23a5b2126fcdf366c)

Last edited by saccade (2006-10-29 08:55:19)

Offline

#11 2006-10-29 09:05:25

saccade
Plugin Author
From: Neubeuern, Germany
Registered: 2004-11-05
Posts: 521

Re: run TXP in a SSL-secured domain/subdirectory?

To me there seems to be no content shown on the page that comes from an unsecured place.

There is no image (only the favicon, but this has been transferred to the root of th page now).

Of course there are some external links, but I think they shouldn’t be the problem – or do they?

EDIT
The stylesheet is referred relatively as common in txp-template.
Sorry, deeper research showed that the stylesheet ist referred with the css-tag <txp:css />
and this tag produces the following:
href="http://XXXXXXXXXXXXXXX/textpattern/css.php?s=diskussion"

So I think here is the origin for a lack of security?

I checked the attributes but there seems to be no way to switch to https this way.

Hardcoding with https solved it but that seems to be no good solution to me for I loose the section-style-connection (am I right?)

Last edited by saccade (2006-10-29 09:17:33)

Offline

Pages: 1 2

  1. Index
  2. » Archives
  3. » run TXP in a SSL-secured domain/subdirectory?

Board footer

Powered by FluxBB