Post by devguy » Fri Dec 09, 2016 8:35 pm

I have defined HTTPS in my config for both frontend and admin.

Everything seems fine apart from the admin login form. Its action is pointed to the HTTP instead of HTTPS.

If I enable HTTP admin to login then switch to HTTPS everything is fine but when I define HTTPS everywhere the login form still points to HTTP so I can't log in due to mixed content.

What constant is used to determine the action URL of the login form?

Newbie

Posts

Joined
Fri Nov 18, 2016 9:10 am

Post by thekrotek » Fri Dec 09, 2016 9:01 pm

Check your .htaccess - it might have HTTP redirection defined. Also check config.php and make sure, it points to HTTPS everywhere.

Professional OpenCart extensions, support and custom work.
Contact me via email or Skype by support@thekrotek.com


User avatar
Active Member

Posts

Joined
Sun Jul 03, 2016 12:24 am


Post by devguy » Fri Dec 09, 2016 9:13 pm

The issue is the forms target is "http://domain.com/admin/index.php?route=common/login".

.htaccess rules are applied by apache on requests, as far as I am aware it doesn't rewrite the actual HTML. All the config.php constant values point to HTTPS.

That is:

//HTTP
define('HTTP_SERVER', 'https://domain.com/admin/');
define('HTTP_CATALOG', 'https://domain.com/');
define('HTTP_IMAGE', 'https://domain.com/image/');
define('HTTP_ADMIN', 'https://domain.com/admin/');

// HTTPS
define('HTTPS_SERVER', 'https://domain.com/admin/');
define('HTTPS_CATALOG', 'https://domain.com/');
define('HTTPS_IMAGE', 'https://domain.com/image/');
define('HTTPS_ADMIN', 'https://domain.com/admin/');

Did I miss any? I added this to admin config.php also.

I looked in the files that generate the form and it is populated by a variable "$action" so somewhere in the page lifecycle it is being set incorrectly. I think it is done by starter/router.php but I am not sure.

Everything else works fine. I could in theory hard code my sites link into the form but I would prefer to understand and fix the issue properly.

Newbie

Posts

Joined
Fri Nov 18, 2016 9:10 am

Post by devguy » Sat Dec 10, 2016 12:01 am

I ran debugging session. On controller there is a value:

$this->url->ssl->false

Anyone know the correct place to set it to true?

Newbie

Posts

Joined
Fri Nov 18, 2016 9:10 am

Post by devguy » Sat Dec 10, 2016 12:50 am

I changed system/config/default.php and system/config/admin.php to site_ssl = true and now it works.

I find it weird that this is undocumented and couldn't find anything on this by googling but it seems to have done the trick.

Newbie

Posts

Joined
Fri Nov 18, 2016 9:10 am

Post by IP_CAM » Fri Feb 10, 2017 9:13 am

I created a Listing, containing several VqMod/OcMod-Extensions, for different OC-Versions,
related to this - sometimes 'internally' not linked to HTTPS - Matter. They are untested, and
they come as they are, I cannot support anybody, because I don't use https yet! ::)
Good Luck ! ;)
Ernie

Some HTTPS Helper Mod's for different OC Versions


For Sale: Top URL's, including an OpenCart V-Pro Shop!
A wide range of matching Designs can be seen here: http://www.opencart.li
For Information on URL's offered, please contact me at: jti@jacob.ch
Hundreds of Mods in 380+ Repositories for OC v.1.5.x - v.2.3.x
to be found on my Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: No registered users and 9 guests