6 Replies Latest reply on Feb 19, 2008 1:58 PM by (sceaton)

    SSL login redirect

      I placed a bit of php on my login page to redirect using https:, however once a user is logged in, I want them to be redirected to a NON secure page. (http:)

      A post in the interaktonline.com forum indicated you can enter full url's in the redirect fields of the email settings | user-levels tab

      http://www.interaktonline.com/Products/Bundles/MXKollection/Product-Forum/Details/70652/Se cure+https+in+login.html

      This doesn't work for me ... instead it redirects to (ignore spaces):
      https://www.domain.com/http: //www.domain.com/

      basically appending whatever you put in the redirect fields to the end of your hostname.

      Is there a way around this? I don't want to have every page OTHER than my login check to see if it's https, and then redirect back ... that seems too messy.

      Thanks!

      ~shawn
        • 1. Re: SSL login redirect
          Level 1
          Shawn,

          I just finished creating an ADDT form page that uses the full url in the redirect to navigate away from an https credit card trasaction page.

          Can you post the full code for that redirect line...

          $ins_myform->registerTrigger("END", "Trigger_Default_Redirect", 99, "http://www.mysite.com/confirm.php");

          Shane
          • 2. Re: SSL login redirect
            Level 1
            Hi Shane!

            I guess I need to find where the {kt_login_redirect} gets set; it needs to recognize if the redirect value is absolute or relative and create the redirect path appropriately. Currently, it's assuming the value in the login settings to be a relative path and so it's pre-pending that value with the hostname.

            Here's the redirect trigger on my login page:

            $loginTransaction->registerTrigger("END", "Trigger_Default_Redirect", 99, "{kt_login_redirect}");

            The redirect path is set under the login settings and stored in the includes/tNG/tNG_config.inc.php file.

            I'll keep hunting ... :)
            • 3. Re: SSL login redirect
              Level 1
              So after a couple of hours hunting, here's what I found:

              In the file includes/tng/triggers/tNG_defTrigg.inc.php :

              Line 233 tries to take care of the "relative/absolute" path decision:

              $relPath = '';
              if (isset($tNG->dispatcher) && isset($tNG->dispatcher->relPath)) {
              $relPath = KT_makeIncludedURL($tNG->dispatcher->relPath);
              }

              (Actually this "decision" is made by KT_makeIncludedURL() in the /includes/common/KT_functions.inc.php file on line 475)

              It turns out all of this depends on the dispatcher:

              // Make a transaction dispatcher instance
              $tNGs = new tNG_dispatcher("../");

              If the dispatcher is relative, it will make the redirect relative. IF THE DISPATCHER IS ABSOLUTE, THE REDIRECTS WILL BE AS WELL.

              Actually I didn't even need to change the paths in the login settings, I just changed the dispatcher to an absolute URL, like this:

              // Make a transaction dispatcher instance
              $tNGs = new tNG_dispatcher("http://www.domain.com/");

              and everything's gravy!

              Cheers!

              PS, in case you're interested in the PHP to force SSL for a particular page, you can find it here: http://rackerhacker.com/2007/03/21/forcing-https-with-php/
              • 4. Re: SSL login redirect
                Level 1
                Not Quite.

                So the problem with changing the dispatcher is that the javascript paths that get automagically included get changed too.

                This would be okay, but since I'm on a secure page, it's now calling the scripts via an absolute url over a non SSL connection, so the browser tells me "some" of the page isn't encrypted.

                Hrm.
                • 5. Re: SSL login redirect
                  Level 1
                  Shawn,

                  I haven't used https for the ADDT login forms before. Now I see that with the login redirect it depends on the settings in the ADDT Control Panel for it's redirect pages. {kt_login_redirect} is swaped with whatever is set in the Login Settings. So I assume you put the full url into the User Levels tab in the Login Settings section of the ADDT control panel and that was not working.

                  Here is a possible work around. Code your page that a successful login goes to with something like this:

                  <?php

                  header('Location: http://www.mydomain.com/login_redirect.php');
                  exit;

                  ?>

                  So basically you need to have an extra page. Your Login Settings would redirect to login_successful.php and that page would have the above code that would redirect to your http page http://www.mydomain.com/login_redirect.php and put you back into http mode.

                  That's all you need and it should redirect you to the http page correctly.

                  Hope this helps.

                  Shane
                  • 6. Re: SSL login redirect
                    Level 1
                    Thats a good idea! I'll have to figure out how to get it to work with my different login levels, but it has promise.

                    Cheers!

                    ~shawn