Jump to content
thepoppershop

force backoffice over SSL

Recommended Posts

is there an easy way to force all pages in the backoffice over SSL? (besides hitting the link directly?)

not sure if this is a feature or if I should just have the webserver require the content to be required via SSL

Share this post


Link to post
Share on other sites

Change line 118 of init.php from:

$protocol_link = (Configuration::get('PS_SSL_ENABLED') OR (isset($_SERVER['HTTPS']) AND strtolower($_SERVER['HTTPS']) == 'on')) ? $protocol_ssl : $protocol;



to:

$protocol_link = /*(Configuration::get('PS_SSL_ENABLED') OR (isset($_SERVER['HTTPS']) AND strtolower($_SERVER['HTTPS']) == 'on')) ? */$protocol_ssl/* : $protocol*/;

Share this post


Link to post
Share on other sites
Change line 118 of init.php from:

$protocol_link = (Configuration::get('PS_SSL_ENABLED') OR (isset($_SERVER['HTTPS']) AND strtolower($_SERVER['HTTPS']) == 'on')) ? $protocol_ssl : $protocol;



to:

$protocol_link = /*(Configuration::get('PS_SSL_ENABLED') OR (isset($_SERVER['HTTPS']) AND strtolower($_SERVER['HTTPS']) == 'on')) ? */$protocol_ssl/* : $protocol*/;



This didn't seem to do anything for me. The Back Office login is still going over HTTP and not HTTPS. Do we need to change something in init.php within the admin folder as well?

I've added

$useSSL = true; 



to the top of login.php and that seems to have secure the BO login, although I'm not sure if this is the correct way to go about it or not. Any thoughts, rocky?

Share this post


Link to post
Share on other sites

Did you change line 47 of admin/init.php? The file init.php affects the Front Office and admin/init.php affects the Back Office.

Share this post


Link to post
Share on other sites
Did you change line 47 of admin/init.php? The file init.php affects the Front Office and admin/init.php affects the Back Office.


Yes. I copied that line of code to line 118 of init.php and line 47 of admin/init.php, yet the BO logon is still insecure.

Share this post


Link to post
Share on other sites

Did you ever resolve this issue of the BO being Unsecure?

If you did could you let me know how you did it please?

Share this post


Link to post
Share on other sites

For those like me looking for a solution with PS 1.5

In :

/var/www/controllers/admin/AdminLoginController.php

there is :

 

// You can uncomment these lines if you want to force https even from localhost and automatically redirect

// header('HTTP/1.1 301 Moved Permanently');

// header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);

// exit();

 

that you simply have to uncomment to :

 

// You can uncomment these lines if you want to force https even from localhost and automatically redirect

header('HTTP/1.1 301 Moved Permanently');

header('Location: '.Tools::getShopDomainSsl(true).$_SERVER['REQUEST_URI']);

exit();

 

and the backoffice login will be forced in ssl mode

It won't force all the backoffice.. But at least you shall be in https as long as you don't remove the s manually

 

Mike

  • Like 1

Share this post


Link to post
Share on other sites

Many thanks Mike, really great. :)

 

Too me I use vaporizers, so I hope too meet you on some vaporizer forum. ;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More