Home General support

install on https server

gwalton Member
in General support
Trying to install on an SSL server and found that many header() calls had "Location: http://" hardcoded in. This obviously breaks https urls to access zenphoto.

I hate to run admin login over non-ssl session so...

I modified the header() calls to use a new define "WEBPROT" and defined WEBPROT in the same spot WEBPATH gets defined in functions.php.
Also modified the email notification to include the proper http/https url.

works for me :) (so far)

oh yeah, i added a bit to setcookie() to prevent sending cookie over non-ssl connection. seems more proper to allow controlling that in config.php, but for now it's simply determined by the http/https method used which caused "functions.php" to get included.

http://12.46.84.47/files/zp1.0.1_https.patch

Comments

  • gwalton Member
    Oops!. I made a mistake on the setcookie() change. I didnt' check the number of parameters present for the setcookie() call I didnt' realize the "domain" paramter wasn't present. Since i just added a boolean arg for secure parameter onto the end of the parameter list, it got interpreted as the domain paramter instead.

    Ijust modified the previous patch since it's a trivial fix to auth_zp.php

    from:
    setcookie("zenphoto_auth", sha1($user.$pass), time()+5184000, WEBPATH, SECLOGIN);

    to:
    setcookie("zenphoto_auth", sha1($user.$pass), time()+5184000, WEBPATH, "", SECLOGIN);

    sorry!
  • trisweb Administrator
    I believe its possible to auto-detect that based on the request, I just never thought of it before. I'll see if I can for upcoming releases.
  • gwalton Member
    that's how i did it... $_SERVER['HTTPS']

    from php.net:
    'HTTPS'

    Set to a non-empty value if the script was queried through the HTTPS protocol.
  • MACscr Member
    was this not already corrected as i still have the problem with the 1.0.3 beta
  • trisweb Administrator
    You are correct, there are still hardcoded http://'s in the 1.0.3 version.

    1.0.4 will be released this week for bugfixes and performance improvements in this interim before subalbums are finished, and it has this fix in it.

    Actually, I just went through all the header()s and made sure they have the protocol parameter, which some of them did not! Thanks for the update. I'll release it soon, if you can't wait, grab the latest /branches/subalbums from SVN. It will be moved to /trunk before the release.
  • trisweb Administrator
    Fixed in the 1.0.4 release, now out.
Sign In or Register to comment.