Redirect to secure login pages

Report · Mar 17, 2017

A number of our clients have been complaining about seeing non-secure page warnings when logging into their site. It should be a very simple thing to redirect all the old login pages to their secure worldsecuresystems counterparts.

We're trying to mitigate our clients losing faith in the security of the platform.

Report · Mar 19, 2017

Hi Jeffery

I've posted the following code several times, and most times it gets lost in translation as to the purpose and complex nature of the code, however this code does the following:

Ensures that customer is on a secure page.
Determines if the website is in production mode or still in development mode. VERY important because we need to determine if http://www.sample.com or http://sample.businesscatalyst.com
Logs customer into both HTTP and HTTPS versions of the website. (the DEV or LIVE url) from #2

I have a collection="settings" array that comes from a "Settings" Web App with information such as the BC system name, is the website LIVE or still still in DEV mode so I know how to redirect back to http://sample.businesscatalyst.com or to http://www.sample.com along with many other configuration settings.

And when linking to your sign-in page do the following:
<a class="no-escape" href="{module_secureurl,true,false}/account/sign-in">Sign In</a>

Everything BOLD below you can change to your own variables, or hardcode yourself, or use BC modules to get the URLs.

<body data-pageaddress='{module_pageaddress collection="pageaddress"}'>
     // however you choose, we need access to {module_pageaddress} as a collection so we can determine of HTTP or HTTPS
{% assign targetSecureURL = "https://" | append: settings.system_name | append: ".worldsecuresystems.com" -%}
     // has to be this complex because the built in modules don't return HTTPS along with worldsecuresystems.com url. Unless you replace the http with https youself. This method works for us.
{% if pageaddress.pageUrl contains targetSecureURL -%} // now we know we are in a secure URL.
{% if Settings.Website_Live == 1 -%} // Are we live or dev?
     {% assign redirectHTTP = "" -%}
     {% assign redirectDOMAIN = settings.site_url -%}
     {% assign redirectEXTEND = "" -%}
{% else -%}
     {% assign redirectHTTP = "http%3a%2f%2f" -%}
     {% assign redirectDOMAIN = settings.system_name -%}
     {% assign redirectEXTEND = ".fueldesign.co.nz" -%}
{% endif -%}
{% capture redirectURL -%}{{ redirectHTTP }}{{ redirectDOMAIN }}{{ redirectEXTEND }}{% endcapture -%}
     <form class="form escapeWorldSecureSystems" method="post" action="https://{{ settings.system_name }}.worldsecuresystems.com/FormProcessv2.aspx?WebFormID=XXX&OID={module_oid}&OTYPE={module_otype}&EID={module_eid}&CID={module_cid}&CC={module_urlcountrycode}&Referrer={{ redirectURL }}" onsubmit="return checkWholeFormXXX(this)" enctype="multipart/form-data">
     </form>
{% else -%}
<section class="section">
    <h1>This page is not secure.<br><small>Suppressing content</small></h1>
</section>
<section class="section">
    <p><a class="button warning" href="{{ currentPage }}{{ globals.get.ID }}" title="Manually visit secure page">... Redirecting to secure page ...</a></a></p>
</section>
<meta http-equiv="refresh" content="0;url={{ currentPage }}{{ globals.get.ID }}">{% comment -%}Automatically redirect to secure version of this URL {% endcomment -%}
{% endif -%}

Hope this gives you ideas and that people build upon it, refine it, simplify it etc.

This works for us.

Report · Apr 19, 2017

Hi Stephen,

This is a bit late, but I wanted to say thank you for your response. We've been caught up working on other projects for the time being.

Thanks for the code! I'll see if this is something we can implement.

Jeff

Adobe Community

Redirect to secure login pages