My code snippet should work but the assumption is your admins *start* in
https. Once in https, my code snippet below will keep them in https
mode permanently. It's won't work the why you quite described it but it
should keep your admins in https mode. If you want to add another layer
of security to force them into https mode you can modify the
auth.inc.php to redirect them to https if the SERVER_PROTOCOL is http.
--Tony
Ted Roby wrote:
On Feb 2, 2004, at 9:56 AM, Tony Bibbs wrote:
Assuming you are using a fairly recent version of PHP you could do
this in lib-common.php *after* the include of config.php:
if (stristr($_SERVER["SERVER_PROTOCOL"],'https')) {
$_CONF['site_url'] = 'https://mydomain';
} else {
$_CONF['site_url'] = 'http://mydomain';
}
This assumes that your admins login using some page that is SSL'd and
from that point on the snippet above should keep them in SSL.
--Tony
Is version 4.3.3 recent enough?
If it is, this snippet did not fix the problem. Let me try to explain
how it happens.
You go to the page on http.
You click on a function located in /admin.
This causes you to be redirected to https.
You are then prompted for the login to access /admin.
You remain in https while you navigate around.
You will continue to be in https until you click on a link that
specifically calls http.
You make a change. (Let's say you enable a block.)
When you click save, you do not get the message that says your changes
have been saved.
Instead, you are back at the Block Manager.
Nothing reflects that anything has been changed.
_______________________________________________
geeklog-users mailing list
[EMAIL PROTECTED]
http://lists.geeklog.net/listinfo/geeklog-users
