Registration page not submitted securely.

11 years 1 week ago #151248 by SirBowring
Registration page not submitted securely. was created by SirBowring
We're having a problem with CB registration, where the registration page is not submitted over https.

We've set the option for "HTTPS for login, register and lost password" to use HTTPS. The login credentials are then submitted over https. And the registration page uses https when displayed. But the registration form on the registration page, when submitted, go to a regular http URL. This makes the browser complain, and seems legitimately problematic since both username and password are going to be sent in the clear.

The same problem comes up with the "lost password" and "edit profile" pages. We see the same results whether we use the "use https then same" and "use https for login and after login" settings.

Pertinent info:
  • Site: en.wikilinguist.com
  • Joomla version: 1.5.22
  • CB Version: 1.3.1
  • SEO: sh404sef version 2.1.9.787

Please Log in to join the conversation.

11 years 1 week ago #151270 by krileon
Replied by krileon on topic Re: Registration page not submitted securely.
Please ensure within the CB Login module parameters you have HTTPS (encrypted) login, register and lost password configured to use https (encrypted) for login and after login otherwise the switch from HTTPS to HTTP will raise a browser warning. Once gone into HTTPS you can not return to HTTP without a warning unless I believe a redirect is used; even then that'll probably prompt a warning.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

11 years 1 week ago #151282 by SirBowring
Replied by SirBowring on topic Re: Registration page not submitted securely.
Thanks for your response. We do have that parameter set as you suggested. This causes the registration page to load as https, but the submit of the information is not. Looking at the <form> on the page, the "action" field has an http prefix and, indeed, that's what happens when you press the Register button. The same is true for the "forgot password" and "edit profile" actions - loads as https but submits as http.

Please Log in to join the conversation.

11 years 6 days ago - 11 years 6 days ago #151399 by krileon
Replied by krileon on topic Re: Registration page not submitted securely.

SEO: sh404sef version 2.1.9.787

I see, could you please try disabling all SEO and see if the form is now HTTPS? Locally was able to confirm that HTTPS is inside the post url of the registration, login, and forgot login forms. Please also check that $live_site within configuration.php is '' (blank). Seams like some sort of URL rewriting is happening. If issue persists after trying the above please PM backend login credentials and would be happy to take a look.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

11 years 6 days ago #151406 by SirBowring
Replied by SirBowring on topic Re: Registration page not submitted securely.
Clearing the $live_site variable did the trick, thanks for this tip. However, the sh404 documentation recommends that this be set to the URL for the site; is this going to be a conflict with them?

Please Log in to join the conversation.

11 years 6 days ago #151419 by krileon
Replied by krileon on topic Re: Registration page not submitted securely.

is this going to be a conflict with them?

Yes, the $live_site should always be blank. Anything otherwise would conflict as you're overriding the auto-generation of $live_site. If you specify $live_site you'll need to do so with HTTPS, but all usages of $live_site would then be HTTPS and no longer HTTP.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in to join the conversation.

Moderators: beatnantkrileon
Time to create page: 0.191 seconds

Facebook Twitter LinkedIn