|
: https for My Account Pop Up : shape5login November 15, 2007, 03:14:40 AM Hi,
The "My Account" Pop Up on the toolbar is a nice little feature but can you tell me how can to make it secure so my users are always logging on using HTTPS? At the moment it defaults to the protocol in use on the current page. Thanks John : Re: https for My Account Pop Up : mikek November 15, 2007, 07:43:42 AM John,
https is controlled on your host end not through Joomla. You would need to contact them about buying an ssl cert, this is a pretty common sale with hosting providers. Hope that helps! : Re: https for My Account Pop Up : shape5login November 16, 2007, 06:00:31 AM Mike,
Understand. SSL is already installed for the domain and functioning fine. What I'm trying to do is force https for transmission of the user name and password entered in the My Account form. At the moment if you call "My Account" from a page being displayed over https then the login is processed over SSL so no problem. I haven't put an analyser on it but it appears if that if you call "My Account" from a http page it sends the user name and password in the clear. I've had a bit of a dig around in the javascript but couldn't see where I could hard code this. Thanks, John : Re: https for My Account Pop Up : jonahh November 16, 2007, 12:13:45 PM John,
The My account tab is just another module position that is wrapped with a hidden div. I've never heard of making a specific DIV or Table on a website use an SSL. I would think you'd have to edit the actual login module that comes with Joomla. This module should have a <form> tab in it with a action field where you could prefix with https, no idea if this would work but maybe :) Regards, : Re: https for My Account Pop Up : shape5login November 17, 2007, 03:16:41 AM Jonah,
Thanks for the tip. I made a couple of minor changes to mod_login.php to replace the http string in the form action with https. This seems to work OK and still returns the user back to the protocol they were running before they logged in. In case anyone is interested: // Login output // ie HTML when not logged in and trying to login // used for spoof hardening $validate = josSpoofValue(1); //Start Mod $login_url=sefRelToAbs( 'index.php' ); $is_secure = strpos($login_url, "https://"); if ( $is_secure !== 0 ) { //Then the form isn't using SSL $login_url=substr_replace($login_url, "https", 0, 4); //Replace http with https } ?> <form action="<?php echo $login_url; ?>" method="post" name="login" > //End mod <?php echo $pretext; ?> Cheers John |