3.2.4 to 3.3 -> login problems (ssl)

Need help upgrading your Joomla! website or converting to Joomla! 3.x?

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
kedanli
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Jun 01, 2014 2:42 pm

3.2.4 to 3.3 -> login problems (ssl)

Post by kedanli » Sun Jun 01, 2014 3:21 pm

Hi,

I´m using joomla a few years now and already did some updating in the past.
This time I run in an issue I could not fix myself.

After updating to joomla 3.3 (from 3.2.x) I got an error message after login on the frontend.

Firefox says: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party. Are you sure you want to continue sending this information?"

If you continue login it just reload the index page again (login doesn't work).

I figured out, that the Problem is related to the login form which is direkted to "http://.www.mysite.com" (using 3.3). But it should be direkted to "httpS://..." because the whole site is ssl encrypted. In Version 3.2.x it works just the way it should but after the update to 3.3 it suddenly changes to "http://" causing the security warning and login fail.

I already deleted browser and joomla cache. It doesn't help at all.
The "$live_site" in the configuration file is empty as well.
PHP Version is: 5.5.3

The Problem seems to be 3.3 related.
Until now I had to stay with 3.2.X because there are no problems.

PS: I use ajax register but the problem occurs with the joomla system login plug as well.

Any ideas how to fix this?

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 19435
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by leolam » Mon Jun 02, 2014 3:12 pm

It is not Joomla 3.3.x related. It is related to the fact that you have somewhere a direct link in your extensions to http://yoursite.com" which throws the error since you have than non-secured items on your page....

Find the redirect probably in the login module set or so or in a menu item where you have entered the entire url instead of the link generated by Joomla and change than you will be ok

Leo 8)
Joomla's #1 Professional Support Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
Member Joomla Bug Squad & Joomla CMS Release Team

kedanli
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sun Jun 01, 2014 2:42 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by kedanli » Mon Jun 02, 2014 5:09 pm

Hi Leolam,

thanks for the reply.
Problem is: How can I change the url in the standard joomla login form? I simply don't know how to do it, since there are no options to set the url.

I still think it is 3.3 related because using the joomla login version 3.2.4 and then checking the website source code the login form url starts with "https" (as it should). Switching to 3.3.x suddenly change it to "http" with no reason.

alarbiere
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Feb 13, 2006 12:54 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by alarbiere » Mon Jun 16, 2014 9:57 am

I did run into the same issue with joomla 3.3.1

I was able to track it down to JRoute::_() not returning an https:// url in any case (whatever the value of the $ssl parameter).

Then I had a look at the source code of JRoute (./libraries/joomla/application/route.php).
And then at line 85, I found the following line that appears to be the culprit:

Code: Select all

$uri->setScheme(($ssl === 1 || $uri->isSSL()) ? 'https' : 'http');
The conditional expression $ssl === 1 requires $ssl to be integer value 1 for the condition to be true. But it appears that mod_login passes in a string. There are thus two possible fixes:
  • Modify mod_login to convert the string to an integer
  • Modify route.php to just test for simple equality ($ssl == 1)
I chose the latter option (although I really don't like fiddling around with core joomla code). The point is that mod_login is also standard joomla code, and there are other third party login modules that run into the same issue. (But for testing this, I moved back to all standard joomla)

So, my route.php line 85 now looks as follows

Code: Select all

$uri->setScheme(($ssl == 1 || $uri->isSSL()) ? 'https' : 'http');
and everything works as it should
(you may need to empty the joomla cache and the browser cache)

Andre

Grimbly
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sun May 10, 2009 7:51 am

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by Grimbly » Fri Jul 25, 2014 6:50 pm

Thanks alarbiere that fixed my problem. I've been trying for a day and a half to get the admin area to use https and all it was doing was reloading the login page over and over whenever $force_ssl was enabled. I've looked through at least 50 forum threads about this and tried everything in them along with a ton of other things to try and fix this and nothing worked. This fixed it. I really appreciate this helpful tip.

alarbiere
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Mon Feb 13, 2006 12:54 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by alarbiere » Sat Jul 26, 2014 1:57 pm

Thanks for confirming, Grimbly
I just upgraded to 3.3.3, and the same issue is still present. Curious... is nobody using this feature ???

YeeP
Joomla! Intern
Joomla! Intern
Posts: 54
Joined: Thu Sep 18, 2008 7:07 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by YeeP » Mon Jul 28, 2014 8:56 pm

I am so excited that I found this thread.

I have been arguing with multiple "places" on the web that this is a Joomla issue. I still have the problem, but will be "fixing" it as soon as I get home from work.

@alarbiere - Thank you!


I have spent HOURS trying to find something that I set up incorrectly, like what was suggested above. I have also had multiple professional extension creators look at the site to see if they could find my mistake.

Two things:
1) Why are only some of us having this problem?
2) Joomla! please fix!

On my side of things, I have found that only firefox and Safari will give the user this message. IE and Chrome just continue on, although the login is truely showing in an http: code versus the https it should be.

gcostes
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Fri Sep 17, 2010 12:19 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by gcostes » Wed Jul 30, 2014 8:47 am

alarbiere wrote:Thanks for confirming, Grimbly
I just upgraded to 3.3.3, and the same issue is still present. Curious... is nobody using this feature ???
Same here - just upgraded to 3.3.3 and same problem persists ?!
(You are not alone using https with J3.3.3 ;) )

But your workaround still works :) - exact same line number in same file.

Thanks!

tims31
Joomla! Apprentice
Joomla! Apprentice
Posts: 9
Joined: Tue Jul 08, 2008 12:09 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by tims31 » Mon Sep 08, 2014 5:22 pm

YeeP wrote:I am so excited that I found this thread.

@alarbiere - Thank you!


I have spent HOURS trying to find something that I set up incorrectly, like what was suggested above. I have also had multiple professional extension creators look at the site to see if they could find my mistake.

Two things:
1) Why are only some of us having this problem?
2) Joomla! please fix!

On my side of things, I have found that only firefox and Safari will give the user this message. IE and Chrome just continue on, although the login is truely showing in an http: code versus the https it should be.
@alarbiere - Thank you too.

I have been trying for weeks to sort this exact issue and also thought it was a redirect issue but your fix has worked for me too. FF and Chrome gave me the warning where as IE just flashed and went back to the same screen with no warning or error. What I did find was though that if I logged in incorrectly it then used the login form on a different position on the main page and I could then login...strange.

Anyhow, thank you for the fix, lets hope the next update sorts this issue. ;D

gcostes
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Fri Sep 17, 2010 12:19 pm

Re: 3.2.4 to 3.3 -> login problems (ssl)

Post by gcostes » Tue Sep 23, 2014 5:58 pm

Problem solved with the upgrade to 3.3.4

https://github.com/joomla/joomla-cms/co ... .3...3.3.4

So no need to change core file anymore :)


Locked

Return to “Migrating and Upgrading to Joomla! 3.x”