We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

Need member:login_form to redirect to HTTPS so that I don't get the Safari "non-secure form" warning.

January 08, 2012 10:33pm

Subscribe [3]

  • #1 / Jan 08, 2012 10:33pm

    sherrills

    26 posts

    I have a website that uses EE v 1.6.7 -  The issue that I’m running into happens when site users try to purchase something using the Safari browser and receives the following message from the browser:

    This is a non-secure form.  This form will be sent in a way that is not secure.  Are you sure you want to send it?

    Here is the URL for that page:

    https://www.activemelody.com/premium_guitar_lessons/checkout_login

    The user now has 2 choices, they can either 1) login with their existing account, or 2) sign up for a new account, either way, they are redirected to the same checkout page which is also secure (https).

    The issue is that when someone tries to log in to their existing account, they get the “This is a non-secure form” warning from the Safari browser.  The functionality of the site works, in that I can correctly redirect the user where they need to go, but as an ecommerce site.. i hate having a warning like that because it frightens people away.  I currently have the following code to allow the user to login and redirect them to the checkout page:

    {exp:member:login_form return="https://www.activemelody.com/premium_guitar_lessons/checkout_payment"}

    I tried adding a custom action (hacking the mod.member.php file) via the instructions at the bottom of this page but that didn’t seem to work. 

    Is there something super easy / obvious that I’m overlooking here, surely this is possible?

    Thanks for any insight / direction!

  • #2 / Jan 09, 2012 11:45pm

    John Henry Donovan

    12339 posts

    hi sherrills,

    It’s the action action parameter of the form that you need to intercept there as opposed to the return URL. The action parameter value is http://www.activemelody.com/ hence the warning.

    While I can’t suggest a core hack here for you as we won’t be able to support it I would say stick with the method in the comments. Did you add the action= parameter after making the core hack?

  • #3 / Mar 26, 2012 7:07pm

    ryal001

    42 posts

    I’m guessing you want to modify the built in EE member login form? 

    The core hack you referred to works with the “login form tag” which you can use in your regular templates.  To modify the default member login form, you need to add the following line:

    $data['action'] = 'https://www.yourdomain.com';

    Somewhere before the last line (“return $this->.....”) in the function “profile_login_form()” which starts at around line 40 of the mod.member_auth.php file.

    Of course, this will force all logins to redirect back to whatever address you enter.  Maybe there’s a better way, but this works.

  • #4 / Mar 29, 2012 4:24pm

    Shane Eckert

    7174 posts

    Hey ryal001,

    Thanks for the tip.

    I am going to close down this thread as it’s getting a bit old.

    sherrills if you need anything else, please let us know in a new thread.

    Cheers!

.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register