Author Topic: Secure Login  (Read 463 times)

Pokun

  • Full Member
  • ***
  • Posts: 153
Secure Login
« on: November 26, 2017, 01:19:35 AM »
If you log in to the forum using HTTPS the theme graphics and images disappears, and if you don't you will get a warning that the connection isn't secure for sending passwords.

Is this something that is looked into? People trying to register to the forum have said that they couldn't register to the forum because the theme graphics are missing.

ClodBuster

  • Hero Member
  • *****
  • Posts: 2242
  • A real powerhouse!
    • Cumonreprocarts.com
Re: Secure Login
« Reply #1 on: November 26, 2017, 06:27:00 PM »
I think this is something that SHOULD be looked into. :-k

They tried to make me do a recap
I said no, no, no

Necromancer

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 21366
Re: Secure Login
« Reply #2 on: November 27, 2017, 07:57:00 AM »
I can't do anything about missing theme graphics.  That's something Nightwolve or Aaron would have to handle.

I never use a secure connection, but maybe I should?  Other than the missing graphics looking goofy and making some buttons invisible, the site still seems to be fully functional under https; I tested logging in, reading a few threads (responding in this one), and creating a new test account successfully.
U.S. Collection: 97% complete    155/159 titles

NightWolve

  • Hero Member
  • *****
  • Posts: 5277
Re: Secure Login
« Reply #3 on: May 04, 2018, 12:10:37 PM »
Thanks, looks like it was Apache .htaccess code to prevent hotlinking by other sites if the referrer domain is not pcenginefx.com, but the "http:" condition didn't allow for "https:". I also had to remove any hardcoded "https://www.pcenginefx.com" references in the forum settings.

Old:
Code: [Select]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

New/Correct:
Code: [Select]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?pcenginefx.com [NC]
RewriteRule \.(gif|jpg|jpeg|png|js|css)$ - [F]

I'm updating all my bookmarks to "https:" as I'd rather my connection be encrypted upon login when the cookie password info is used to restore a session.
« Last Edit: May 04, 2018, 12:56:58 PM by NightWolve »