install on https server - Printable Version

install on https server - Printable Version

+- ZenphotoCMS Forum (https://forum.zenphoto.org)
+-- Forum: Support (https://forum.zenphoto.org/forum-1.html)
+--- Forum: General support (https://forum.zenphoto.org/forum-4.html)
+--- Thread: install on https server (/thread-365.html)

install on https server - gwalton - 13-03-2006

Trying to install on an SSL server and found that many header() calls had "Location: http://" hardcoded in. This obviously breaks https urls to access zenphoto.

I hate to run admin login over non-ssl session so...

I modified the header() calls to use a new define "WEBPROT" and defined WEBPROT in the same spot WEBPATH gets defined in functions.php.
Also modified the email notification to include the proper http/https url.

works for me (so far)

oh yeah, i added a bit to setcookie() to prevent sending cookie over non-ssl connection. seems more proper to allow controlling that in config.php, but for now it's simply determined by the http/https method used which caused "functions.php" to get included.

http://12.46.84.47/files/zp1.0.1_https.patch

install on https server - gwalton - 13-03-2006

Oops!. I made a mistake on the setcookie() change. I didnt' check the number of parameters present for the setcookie() call I didnt' realize the "domain" paramter wasn't present. Since i just added a boolean arg for secure parameter onto the end of the parameter list, it got interpreted as the domain paramter instead.

Ijust modified the previous patch since it's a trivial fix to auth_zp.php

from:
setcookie("zenphoto_auth", sha1($user.$pass), time()+5184000, WEBPATH, SECLOGIN);

to:
setcookie("zenphoto_auth", sha1($user.$pass), time()+5184000, WEBPATH, "", SECLOGIN);

sorry!

install on https server - trisweb - 13-03-2006

I believe its possible to auto-detect that based on the request, I just never thought of it before. I'll see if I can for upcoming releases.

install on https server - gwalton - 14-03-2006

that's how i did it... $_SERVER['HTTPS']

from php.net:
'HTTPS'

Set to a non-empty value if the script was queried through the HTTPS protocol.

install on https server - MACscr - 26-11-2006

was this not already corrected as i still have the problem with the 1.0.3 beta

install on https server - trisweb - 26-11-2006

You are correct, there are still hardcoded http://'s in the 1.0.3 version.

1.0.4 will be released this week for bugfixes and performance improvements in this interim before subalbums are finished, and it has this fix in it.

Actually, I just went through all the header()s and made sure they have the protocol parameter, which some of them did not! Thanks for the update. I'll release it soon, if you can't wait, grab the latest /branches/subalbums from SVN. It will be moved to /trunk before the release.

install on https server - trisweb - 08-12-2006

Fixed in the 1.0.4 release, now out.