Forcing SSL connection for authentication forms in SMF 2.0.2

ACA_web · October 31, 2012, 02:24:19 PM

I need the authentication forms in SMF 2.0.2 to be under SSL. I used to use the following plugin to handle this, http://custom.simplemachines.org/mods/index.php?mod=880, but it has never been updated for the latest release.

I see comments on the forum where people mention putting the entire forum under SSL, which is not desirable, but is better than not securing the login form. How exactly are people forcing the entire forum to be under ssl? Is there any other ways to secure the login process? This seems like it has been asked for by many, but I still can't find a solution for this issue.

Arantor · October 31, 2012, 02:29:07 PM

Well, forcing the whole forum under SSL is not that hard, you basically just update all the URLs in the admin panel to reference https rather than http, and make sure that secure cookies are set in the admin panel.

As far as that mod goes, it will require very little work to make it work on current SMF versions, just the author hasn't had time to do so.

ACA_web · October 31, 2012, 02:46:05 PM

Quote from: Arantor on October 31, 2012, 02:29:07 PM
Well, forcing the whole forum under SSL is not that hard, you basically just update all the URLs in the admin panel to reference https rather than http, and make sure that secure cookies are set in the admin panel.

As far as that mod goes, it will require very little work to make it work on current SMF versions, just the author hasn't had time to do so.

Thanks, I updated the URL's in my admin panel and that will have to do for now. I tried updating the mod, and was able to get it to install and it did convert the login form that is returned when you enter your credentials wrong the first time, but it was still not using a secure URL for the inline authentication form at the top of the site. Might try to look into it further when more time is available.

Arantor · October 31, 2012, 02:49:16 PM

That would imply you didn't add the code to your custom theme, the mod can only work on the themes it knows about.

ACA_web · October 31, 2012, 02:55:02 PM

Quote from: Arantor on October 31, 2012, 02:49:16 PM
That would imply you didn't add the code to your custom theme, the mod can only work on the themes it knows about.

Thanks, will look into that further.

Kindred · October 31, 2012, 02:55:52 PM

also, as another user/admin just discovered... you may need to do some (if not ALOT) of manual edits, depending on what other mods you have installed....

Arantor · October 31, 2012, 02:57:52 PM

Then the mods are badly written. There is no reason for any mod to be guessing; it should always be working off the variables provided by SMF.

Kindred · October 31, 2012, 02:59:38 PM

well, as I said, experience with this other user has proven differently. lots of scripts and other things appear to be using hardcoded links, which causes error messages when the rest of the forum is https.

http://www.simplemachines.org/community/index.php?topic=489512.0
http://www.simplemachines.org/community/index.php?topic=489455.0

News:

Forcing SSL connection for authentication forms in SMF 2.0.2