Force SSL on login page

Permalink
I have installed an SSL cert on my Concrete5 site. I had setup my base url to default to https. However I would like to setup my login page to default to SSL and possile one other page.

I have tried the Force SSL addon. But I could not get it installed correctly on my site. I imagine this is due to running Concrete5 site on an IIS server.

I have searched the forums as well.

Could anyone tell me what I would need to add to my webconfig, or htaccess file to force my login page to default to https.

Thanks,

SteadyIT
View Replies:
digitmaster replied on at Permalink Reply
digitmaster
Hi,
search in the forum for "https login"
There are a lot of results.

http://www.concrete5.org/community/forums/-/view/?sort=relevance&am...

good luck.
Frank
SteadyIT replied on at Permalink Reply
SteadyIT
Hello,

After reading the forums I have tried adding the following into my site.php:

if(strpos($_SERVER['PATH_INFO'], '/login') === 0) {
define('BASE_URL', 'https://' . $_SERVER['HTTP_HOST']);
} else {
define('BASE_URL', 'http://' . $_SERVER['HTTP_HOST']);
}

I do have a http base url define in my site.php.

I don't have anything currently in my htaccess file.

If anyone could go into further details on what I may be doing wrong it would be greatly appreciated.

Thanks,
SteadyIT replied on at Permalink Reply
SteadyIT
If anyone could assist with getting this setup it would be great. I could then toss it into a how to. I just not sure where to go with the above listed string.
SteadyIT replied on at Permalink Reply
SteadyIT
I have been actively trying to figure this one out in the forums. I just don't have any php experience yet to do this one on my own.
I am trying to force my login page to https and all other pages to http. I have purchased an SSL cert and it is installed.

I found the following advice in another forum:

http://www.concrete5.org/community/forums/customizing_c5/ssl-on-spe...

<?php 
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'db_username');
define('DB_PASSWORD', 'db_password');
define('DB_DATABASE', 'db_database');
define('BASE_URL', 'https://domainname.com');
define('DIR_REL', '');
define('PASSWORD_SALT', 'J7zxKgpStqX6lYTc1RaB8MkWe4unfUrmZjE9IhynG2osVvfLA');
define('PERMISSIONS_MODEL', 'advanced'); 
?><?php  define('REDIRECT_TO_BASE_URL', true); ?>


Could someone explain what this line does:

<?php define('REDIRECT_TO_BASE_URL', true); ?>

If my BASE URL is was set to https, I am trying to understand how this would revert that rest of my site to http.

Rather than just throw it in my config.php I would like to understand it a bit better.

Thanks,
SteadyIT replied on at Permalink Reply
SteadyIT
Their is alot of good information on the forums for forcing SSL on the login page only. After doing quite a lot of reading, I am still unable to get this working.

I have tried the various snippets of code found in the forums, but I have not been successful.

I imagine their is something basic I am missing.

For example: "Is my base url set to http or https when setting this up?

I know that the Concrete5 experts in these forums asks that one puts alot of research into thier questions. I can assure you I have done that.

Any help would be greatly appreciated!
PatrickHenry replied on at Permalink Reply
PatrickHenry
Hey SteadyIT,
Just ran across your post and wanted to see if you ever got it sorted out.
I find the "Force SSL" add-on particularly useful and simplifies the whole process.
Note that I did start having an issue where it forced me to login twice. Very annoying.
Turned out it was b/c my domain name. As the site progressed through development stages, the domain name changed a few time. Last time it changed, I forgot to go to Dashboard/SystemSettings/Environment/Force SSL and change the domain there. That solved everything.