Enable HTTPS / SSL for Login module

[PV]

Hi there,

I've setup my webserver so it can use SSL. I can now reach my site at:
- http://www.mysite.com
- https://www.mysite.com

This is working just fine, now I would like to use the option in de login module (and maybe modules) to use https instead of http. I've enabled "Encrypt Login Form" (YES) and I have my login module published on the front-page. But when I log-in I don't see https?

So does anyone have experience setting up https/SSL for Joomla! 1.5? Any help / tips are apreciated!

Thnx!
Raymon

[PV]

Hi there,

This issue is solved! Wel to be quit honest, there was no issue. The login module sent the form via https! So when I looked at the source of the homepage (login module published), I saw that the form action was correct!

Code: Select all

<form action="https://www.mysite.com/index.php" method="post" name="login" id="form-login">

The fact that the site was still http didn't mean the form itself was sent over http!

Grtz,
Raymon

[ilektrojohn]

In my setup login over ssl doesn't seem to work. The server is ssl ready and i've checked the encrypted login. But the source code still is <form action="index.php" ....
Anyone has a suggestion?

[PV]

Hi John,

Make sure you check:
1. Is your site available via https? For example https://www.yoursite.com
2. Do you have the "Encrypt Login Form" enabled? Check Extensions -> Module Manager -> Login [ Parameters ]
3. Don't forget to hit CTRL + F5 in you browser.

If you stil don't get the "<form action="https://www.yoursite.com ..." maybe you could check if the login module doesn't have a seperate display file in your active template module directory (html).

Good luck!

[ilektrojohn]

Thanks for the reply PV , i solved it a few hours after posting it. It was the last thing you mention, the template had a different login module in the html folder. I hadn't seen that one before in joomla 1.0.x

[April_Floyd]

Hi,

I would like to do the opposite my Joomla site goes to https://www.site.com/index.php instead of http://www.site.com/index.php

How can I fix this?

[PV]

Please be more specific about your configuration... What is your .htaccess config

Grtz,
Raymon

[dreamsurfer]

Dear PV,

Just a check with your on your postings.

What do you mean by the site is available through https??
I am having a login problem whereby my users cannot login after activation.
When the user clicked login, it has the same form action as yours https://www.site.com/index.php. But it showed a page 404 as page not found.

I have also check the login module. There is no login module under the html of the template.
Newbie here.....

Any solutions?? Thanks.

[PV]

Hi there,

Sounds like you do not have SSL installed or configured. If you want to use the HTTPS option in Joomla!, you have to have SSL working already. In other words wheather or not you configured it in Joomla! you should be able to surf to your site using: https://www.mysite.com

If you can't reach your site using the URL, then you should either google on how to setup SSL for your site or ask your hosting provider to "activate" it.

Hopes this helps a bit,

PV

[ecomian]

Hi.
I am on a host that has a shared ssl cert and I can use my url https//myusername.servername.com for for secure access. This is differant to my site url http//mysite.com I have Joomla on the public.html directory of my host server. Can I use Joomla on the shared ssl cert url? Do I have to install Joomla on some other area of the server, if so how ? Can I use ssl on just certain modules or sections so I can have a secure area for a specific group of vistor that only have acess to the secure section by loging in.

Thanks

Ian

[Pason]

I also have the same problem than April_Floyd. When I click on Home, in the main menu or in the path, I am redirected to an https://mywebsite.com. I don't have an SSl at all. I need help.
The JTS-Post Assistant information is like this:


Información de Diagnóstico
Joomla! Versión: Joomla! 1.5.7 Production/Stable [ Wovusani ] 9-September-2008 23:00 GMT
configuration.php: Escribible (Modo: 666 ) | RG_EMULATION: N/A
Architectura/Platforma: Windows NT 6.0 ( i586) | Web Servidor: Apache/2.2.4 (Win32) PHP/5.2.3 ( 80.59.24.98 ) | PHP Versión: 5.2.3
PHP Requirimientos: register_globals: Desabilitado | magic_quotes_gpc: Habilitado | safe_mode: Desabilitado | MySQL Soporte: Si | XML Soporte: Si | zlib Soporte: Si
mbstring Soporte (1.5): Si | iconv Soporte (1.5): Si | save.session_path: Escribible | Max.Execution Time: 120 segundos | File Uploads: Habilitado
MySQL Versión: 5.0.45-community-nt-log ( localhost via TCP/IP )

Información Extendida:
SEF: Habilitado (Sin Reescribir) | FTP Layer: Desabilitado | htaccess: No Implementado
PHP/suExec: Las cuentas de usuario y servidor web no son las mismas. (PHP/suExec probablemente no instalado)
PHP Entorno: API: apache2handler | MySQLi: Si | Max. Memory: 9M | Max. Upload Size: 2M | Max. Post Size: 8M | Max. Input Time: 120 | Zend Versión: 2.2.0
Desabilitado Funciones:
MySQL Cliente: 5.0.37 ( latin1 )


Thanks to all of you.

[Pason]

Well: I've found the error. It was my mistake:
In the "main menu", option "Home", in "System Parameters", in "Enable SSL", I chose "Enabled" instead of "Disabled".

Thanks.

[Chris B]

This thread has generated loads of interest, goes to show that there needs to be more clarity and documentation on SSL issues, many people dont really understand how it works

[jptkts]

Before I failed to realize there was a Login Module & Logn Component (in com_user). The login module worked fine when I required SSL, however the login component would not use SSL (even if I set it to use it in the menu item parameters).

The problem is this line of code in /components/com_user/views/login/default_login for the form action

Code: Select all

action="<?php echo JRoute::_( 'index.php', true, $params->get('usesecure')); ?>"

It turns out that that $params->get is always blank no matter what I change the settings to. If you put in 1 however for that parameter it works fine.

Should this be reported as a bug I assume?

[vcastro]

An Https related question:

I'm using a module for donations. The initial action starts with a "component" where the user enters an amount. The form looks like this:
<form method="post" action="https://tujenge.org/index.php" name="jd_module" id="jd_module">

A form where the user enters the payment info displays. The problem is the confirmation page. If I point to: <form method="post" name="jd_form" id="jd_form" action="index.php"> my confirmation form displays all the user info.

However, if I point to <form method="post" name="jd_form" id="jd_form" action="https://tujenge.org/index.php">, as it should be, the user info values are empty.

It would seem that under https the path is not found?? Does anyone have any ideas?

[randy270]

Can someone tell me why clicking the "Home" menu on my site, despite the fact that I have SSL specifically turned OFF still goes to https when coming from a secure page? And this ONLY happens on the home page. When I turn off SSL on the other menu links, SSL does indeed turn off.

See for yourself at http://www.ecs1870.org

Then click on the "Donate Now" link and then click back to the "Home" link.

What gives? Thanks!

[mandville]

my guess is that you arent releasing the SSL on the return.
The moderators have also decided tht SSL is an administration issue rather than a joomla/server security. so if its ok, can i move your post to a new topic within the administration section

[flakrat]

I'd also like to know how to use https only for login after which the site reverts back to http unless I specifically set up a link or menu item as https (like a Paypal link).

For example, if I go to my site using http it works fine.

Once I login ever link I click on the menu is now https. If I manually change the current address to http and reload unencrypted browsing of the site works fine.

Any suggestions?

[mwenz]

http://forum.joomla.org/viewtopic.php?p ... 1#p1836391

Gives a solution. When I tried it I got an error so I am probably not understanding the given solution well.

A variant is to make a new menu. Add an item that is an external link with the http://your_website as the url for the link. Then deselect all the menu assignment for the Main Menu module (choose "None"). Move the new menu module up below the Main Menu module so it is on top of any other menus or menu items you have.

If needed/wanted, I can take a few screen shots to illustrate what I did...but I suspect y'all are smarter than me anyway.

BTW, this is a know issue with Joomla!--as I discovered tonight being new to the environment and searching through the forum. There are a few related entries in the bug repository.

I *think* this work-around, well, works.

Take care, Mike

[Dan_ny]

I have found the solution for the problem that after login the site goes from a http:// to a https:// url with an 404-error.

The solution is quite simple: In de module mod_login set the encrypt login form parameter of module parameters to 'no'. This simple action should do the job.

[paulfxx]

Had the problem where login would NOT honour SSL regardless of if the encryption option was turned on.

Problem was with our template (ja_purity_ii) which is hard coded to NOT use SSL.

To fix, edit file templates/ja_purity_ii/html/mod_login/default.php

Look for this line:

Code: Select all

<form action="index.php" method="post" name="form-login" id="form-login" >

Replace with:

Code: Select all

<form action="<?php echo JRoute::_( 'index.php', true, $params->get('usesecure')); ?>" method="post" name="login" class="form-login">

[Loralai]

I have a problem when Enabpling Encrypted login. My users are getting the following error:

404 - Component not found

You may not be able to visit this page because of:

an out-of-date bookmark/favourite
a search engine that has an out-of-date listing for this site
a mistyped address
you have no access to this page
The requested resource was not found.
An error has occurred while processing your request.

Please try one of the following pages:

Home Page

If difficulties persist, please contact the System Administrator of this site and report the error below..

Not sure how to fix that I have SSL enabled, the component should be in my httpsdocs directory and in httpdocs, and I have my SSL set up but still get that error

[omikhael]

I have an issue, seems like I have enabled the SSL and I didn't set a username nor password therefore when I try to access my administrator account to login a dialog popsup to enter a username and password.

Now I cant' access my administrator account to undo anything, is there a way to fix it? please advice.

Thanks !!

[Per Yngve Berg]

Edit configuration.php with a text editor.

[omikhael]

what exactly should I edit in the Configuration.php? cause I did have a look at it but not sure what to edit!!

Please advice, thank you!

[omikhael]

I did edit the SSL in the config. txt editor and the problem was fixed for two days, then the logging in message is back again FOR NO REASON... I didn't activate the SSL and I donno how to stop it.

Please advice ASAP!!

Thanks

[nhuanctu]

open file configuration.php

var $force_ssl = '1';
to
1->0

[heather graham]

I would like to secure my site for Administrator login. My host has installed the SSL certificate, and my site is available at the https//...etc. URL.

I thought I needed to change "Force SSL" to "Administrator Only" in Global Configuration/Server under Server Settings (see screenshot). Unfortunately, last time I tried this I couldn't log in to my site, and I had to revert to a backed up copy. What needs to be done?

Any help will be greatly appreciated!

[heather graham]

If you stil don't get the "<form action="https://www.yoursite.com ..." maybe you could check if the login module doesn't have a seperate display file in your active template module directory (html).

I have done steps 1 -3, but I don't see https. Could you explain what I quoted above? The template might be involved?

[adrweb]

Can someone explain to me what "check if the login module doesn't have a seperate display file in your active template module directory (html)." means.

I've accessed "www/mysite.com/templates/my_template/html/mod_login" but I don't know what I am looking for in the terms of a separate display file.