Results 1 to 7 of 7

Thread: https, and phpbb

  1. #1
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729

    https, and phpbb

    hey everyone!

    figured I would ask this here first being I know and trust the people here.

    I have a website, and I run it through https. I have forums on the site.. although sometimes while browsing through the forums you are transfered from https to http...

    I want the connection to remain encrypted the entire time, so I was wondering if I could write a program that would transfer you to the encrypted https standard and keep you there through the entire session.

    so you connect to the site, and at that point you are moved to an encrypted connection. From there, you are encrypted until you leave the site or end your session.

    If so, could I do this in PHP, that is a language I know the most.


    my site is https://blockthis.org

    If you have any questions or are confused please ask me, I know that probably isn't the best description of my problem

    thanks for your time guys!
    work it harder, make it better, do it faster, makes us stronger

  2. #2
    Junior Member nvzsc's Avatar
    Join Date
    Mar 2007
    Posts
    12
    mod_rewrite?

  3. #3
    Shadow Programmer mmelby's Avatar
    Join Date
    Jul 2002
    Location
    Ft. Myers, FL
    Posts
    291
    I am not very familiar with PHP but in ASP once you are in secure mode (by specifying https://...) you will stay in secure mode as long as you do not go to a link that starts with http://....

    I just tested this in ASP on a 2K3 box with IIS6.
    Work... Some days it's just not worth chewing through the restraints...

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    You should set up a separate virtual host on the HTTP site, and simply configure it with a redirect to the HTTPS site.

    For example, if you were using Apache,

    Code:
    <VirtualHost *:80>
      ServerName your.server.dns.name
      Redirect permanent / https://your.server.dns.name/
    </VirtualHost>
    
    <VirtualHost whatever:443>
      # Some SSL directives...
      DocumentRoot /wherever
    </VirtualHost>
    You get the drift?

    Mark

  5. #5
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    As mmelby says, there's probably a link somewhere pointing to http:// instead of https://
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  6. #6
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    i know there is SirDice, thats what I want to change

    say for instance you post a message.. you were logged in via https... well when it redirects you back to the thread you just started, you are now in http... no longer secure

    I was looking for a way to either make phpbb secure every step of the way, or run php through a session, and that session be secure the entire time
    work it harder, make it better, do it faster, makes us stronger

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Grep through the source, it's there somewhere. Take care of the problem not circumvent the symptoms.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •