We use cookies to help make our site work properly and to analyze how our site is used. Some are optional, but none contain your personal information, and we don't use any for ads. You can view our cookies policy, manage your cookie preferences, or consent and dismiss this banner by clicking agree:

Agree
ExpressionEngine CMS
Open, Free, Amazing

Thread

This is an archived forum and the content is probably no longer relevant, but is provided here for posterity.

The active forums are here.

SSL with login, registration, email form, update password, etc.

July 25, 2011 4:40pm

Subscribe [3]

  • #1 / Jul 25, 2011 4:40pm

    FaithBuilders

    42 posts

    Hello,

    I’m having a lot of trouble securing the following member pages:

    Login, Contact Us, Member Registration, and Update Password

    There is an SSL installed in my EngineHosting hosting account, and I am accessing the pages via https, and I am also using the

    {exp:cartthrob:https_redirect}

    tag on each of the pages listed above.

    The code I’m using for each of the pages:

    Contact Us

    {exp:email:contact_form user_recipients="false" recipients="[email protected]" redirect="2" charset="utf-8" return="https://www.faithbuilders.com/cart/secure_redirect"} 
    
    username and password fields are here

<input id="contact-submit" type="submit" value="Submit" class="submit"/>
            {/exp:email:contact_form}

    Login

    {exp:member:login_form return="https://www.faithbuilders.com/cart/secure_redirect/"}
username and password fields are here
{/exp:member:login_form}

    Member Profile Outer Enclosure (for Registration and Edit Password)

    {exp:cartthrob:https_redirect}

{include:html_header}

<div id="container">

{if show_headings}
    {include:page_header}
    {include:page_subheader}
{/if}

<div id="main">
<div id="body">

<div id="content">
{include:member_manager}
</div>

</div>
</div>            

{embed="cart/secure_footer"}

    Username and Password Form

    <form method="post" action="{path:update_username_password}">
password fields are here
</form>

    Secure_Redirect

    {exp:cartthrob:https_redirect}
<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.faithbuilders.com/">

    After submitting any of these forms in FireFox I receive this message:

    Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

    Are you sure you want to continue sending this information?

    After submitting the form, the User Message always displays, with http, saying, “Thank you for logging in”, etc. Is the unsecured user message the reason these forms give me the message that they are being sent over unencrypted connections?

    What can I do to ensure that these form are submitted securely?

    Thanks for the help, as I’m fairly new to using SSL in websites.

    ~Sarah
    Moved to Community Help forum by Moderator

  • #2 / Jul 26, 2011 10:42am

    Sue Crocker

    26054 posts

    Hi, Sarah.

    You’ll need to contact the Cartthrob guys for support in using their add-on. In the meantime, moving to the Community Help forum for additional community support.

  • #3 / Jul 26, 2011 3:11pm

    FaithBuilders

    42 posts

    The pages display in https just fine with the CartThrob tag.

    More specifically, my question is why the connection is unencrypted and whether or not the user message has anything to do with it.

    Any advice at all is most appreciated.

    ~Sarah

  • #4 / Jul 29, 2011 6:48am

    John Henry Donovan

    12339 posts

    Sarah,

    following up on your other thread here

    I have used Cartthrob and adding the following to the top of your pages

    {exp:cartthrob:https_redirect}

    Causes the behaviour of the encrypted warning.

    Can you test by setting your site URL as a https one in your General Config and remove the CT tag and see what happens with your testing

  • #5 / Jul 29, 2011 8:48am

    FaithBuilders

    42 posts

    Hi John,

    Thanks for responding! I set the site url to https using the following:

    $config['base_url']    = 'https://www.faithbuilders.com';

    I removed the CartThrob redirect tag, which I found out is no longer supported by CartThrob.

    And I accessed the login page using https.

    FireFox continues to give me the “unencrypted connection” message, while IE8 and Google Chrome do not.

    Here is the code for the login form:

    {exp:member:login_form return="/"}

    <label>Username</label>


    <input type="text" name="username" value=""  maxlength="32" class="input" size="25" /></p>

        <label>Password</label>


    <input type="password" name="password" value="" maxlength="32" class="input" size="25" /></p>

    {if auto_login}

    <input class='checkbox' type='checkbox' name='auto_login' value='1'  /> Auto-login on future visits

    {/if}

    <input type="submit" name="submit" value="Submit" class="submit" /></p>

    <a href="https://www.faithbuilders.com/member/forgot_password">Forgot your password?</a>
    <a href="https://www.faithbuilders.com/member/register">Member Registration</a>

{/exp:member:login_form}

    The same message appears in FireFox for the password update form, registration form, contact form, forgot password form, etc.

  • #6 / Jul 29, 2011 10:24am

    FaithBuilders

    42 posts

    I checked the source code of the login page as it appears in FireFox, and this is how the login box appears:

    <form method="post" action="http://www.faithbuilders.com/"  >
<div class='hiddenFields'>
<input type="hidden" name="XID" value="ee07515b3e272000958f42d311859b1ab49fca2d" />
<input type="hidden" name="ACT" value="19" />
<input type="hidden" name="RET" value="/" />
<input type="hidden" name="site_id" value="1" />
</div>

    <label>Username</label>


    <input type="text" name="username" value=""  maxlength="32" class="input" size="25" /></p>

        <label>Password</label>


    <input type="password" name="password" value="" maxlength="32" class="input" size="25" /></p>

    <input class='checkbox' type='checkbox' name='auto_login' value='1'  /> Auto-login on future visits

    <input type="submit" name="submit" value="Submit" class="submit" /></p>

    <a href="https://www.faithbuilders.com/member/forgot_password">Forgot your password?</a>
    <a href="https://www.faithbuilders.com/member/register">Member Registration</a>

</form>
           </div>

    How do I change the post action to https when I use the exp:member:login tag pair?

  • #7 / Jul 29, 2011 10:36am

    FaithBuilders

    42 posts

    The same goes for the registration page:

    <form id="register_member_form" method="post" action="http://www.faithbuilders.com/"  >

    The update username and password page:

    <form method="post" action="http://www.faithbuilders.com/member/update_userpass">

    The contact form:

    <form id="contact_form" method="post" action="http://www.faithbuilders.com/"  >

    The forgot password form:

    <form id="forgot_password_form" method="post" action="http://www.faithbuilders.com/"  >
.(JavaScript must be enabled to view this email address)

ExpressionEngine News!

#eecms, #events, #releases

© Packet Tide, All Rights Reserved. Legal Notices

Username

Password

Forgot password?
or Register