Support Forum
Support Forum
Offline
Good news: I have SSL working again on a test site
Bad news: I can recreate the situation in some cases (you might say good news!)
so will have to figure out the path where it breaks down... and figure out a potential fix as that may be problematic given what wp is doing...
But what does always work:
1) disable SSL
2) update forum permalink
3) turn on SSL
4) admin will be in SSL but front page will be in http
This being a holiday time in States, time may be limited... but can hopefully get a fix identified before we release 5.5.2 in conjunction with WP 4.1...
btw, I am testing with wp 4.1....
Visit Cruise Talk Central and Mr Papa's World
Offline
Thanks, it's nice to know the problem can be recreated and I'm not going mad.
Yes you are right as a kind of fix I have found the method you've said remains http, as a note if you keep admin area as SSL and turn the plugin off and on it initially sets the permalink as http as well. But as you say if you click update permalink it changes to https.
The reason this has been such an issue is when the forum permalink changes to https but the front of site thinks it is http, the customer has adverts down a sidebar on their forum page and these all still load http giving us a security warning to users of mixed content, also the share this buttons and embeded youtube videos don't load becuase they are all confissed if it is an http or https connection.
If you do figure out a fix please can you post it or email it to me as updating simplepress is really difficult on our setup and it would be easier just to make code amendments or update a file than update everything.
Thanks for investigating.
Offline
turns out wp core has some issues with this too (tickets open)... grabbing the permalink of a post or attachment or anything for front end while on an admin page, returns scheme for admin...
anyways, think I have a quick fix for this, if you want to try it...
in sp-site-support-functions.php, around line 326 (remember I am using dev version) find
sp_update_option('sfpage', $page->ID);
$perm = get_permalink($page->ID);
if (get_option('page_on_front') == $page->ID && get_option('show_on_front') == 'page') {with
sp_update_option('sfpage', $page->ID);
$perm = get_permalink($page->ID);
$scheme = parse_url(get_option('siteurl'), PHP_URL_SCHEME); # get front end scheme
$perm = set_url_scheme($perm, $scheme); # update permalink with proper front end scheme
if (get_option('page_on_front') == $page->ID && get_option('show_on_front') == 'page') {and see if that resolves it...
I will still have to dig a lot deeper for any side effects of that wp behavior, but think that gets you going...
Visit Cruise Talk Central and Mr Papa's World
Offline
On test site worked perfectly. Just got to change on live site.
Thanks for working on it, especially during your holiday.
Offline
Everything working well, going through all areas to test everything and found a small issue (I hope)
The forum front is all http now due to the permalink being right but when in the front and go to a users profile it changes to https again which due to adverts down the sidebar then gives us a mixed content warning again.
I thought this may be due to the ability to change the users account settings and password in this area so using the profile tabs feature stopped that one from displaying... still https though.
Any ideas?
Thanks
Offline
and here in lies the wp acknowledged problem about selective ssl on front end pages... something they hope to fix in the future...
you seem to have the login ssl option set... if so, we are forced, to use ssl on the profile since the account menu has the ability for a user to change their password... we cannot selectively use it on only some profile tabs/menus since most of the profile is ajax... so its globally on for profile...
can we check if account menu active before forcing ssl? perhaps... will investigate...
Visit Cruise Talk Central and Mr Papa's World
Offline
still playing with this (almost time for some football!)... but something you can try for me...
in sp-api-profile.php, at the bottom, add these:
/**
* This function checks if tab is active
*/
# Version: 5.5.3
function sp_profile_tab_active($tabslug) {
# get the current tabs
$tabs = sp_profile_get_tabs();
if (empty($tabs)) return false;
# find the requested tab
foreach ($tabs as &$thisTab) {
if ($thisTab['slug'] == $tabslug) return $thisTab['display'];
}
return false;
}
/**
* This function checks if menu is active
*/
# Version: 5.5.3
function sp_profile_menu_active($menuslug) {
# get the current tabs
$tabs = sp_profile_get_tabs();
if (empty($tabs)) return false;
# find the requested tab
foreach ($tabs as &$thisTab) {
if (!empty($thisTab['menus'])) {
foreach ($thisTab['menus'] as $thisMenu) {
if ($thisMenu['slug'] == $menuslug) return $thisMenu['display'];
}
}
}
return false;
}and then in sp-forum-support-functions.php, around line 373, find these lines:
# profile via ssl if doing ssl logins
if (($pageview == 'profileedit' || $pageview == 'profileshow') && force_ssl_login() && !is_ssl()) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
} else {
wp_redirect('https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
}change to
# profile via ssl if doing ssl logins
if ($pageview == 'profileedit' && force_ssl_admin() && !is_ssl()) {
if (sp_profile_tab_active('profile') && sp_profile_menu_active('account-settings')) {
if (0 === strpos($_SERVER['REQUEST_URI'], 'http')) {
wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
exit();
} else {
wp_redirect('https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
exit();
}
}
}as discussed, if you want only force admin ssl, you would need to disable the account setting menu..
Visit Cruise Talk Central and Mr Papa's World
Offline
Still testing but made the change last night and all seems to be working well, profile page no longer https.
I will turn on the account form for you to see if it then turns it back to https for your other users.
Offline
Yes works if the Account settings tab is turned on then the profile page goes back to https, turn it off and http again.
Thanks again for your quick response.
Offline
cool. thanks for the confirmation... think a few other minor things at work... plus WP has made a few changes in 4.0.1 and 4.1 on ssl stuff (minor)...
Visit Cruise Talk Central and Mr Papa's World
All RSS1 Guest(s)