Problem: Vanilla 1.1.10 default installation settings

brian_k

I'm pleasantly surprised to have come across this forum implementation.

However, there's a rather fundamental issue with the default installation routine that should probably be changed or risk having some users throw up their hands when it doesn't work the first time and search for another forum package.

The default installation creates a login form ("form id="frmSignIn") that defaults to an HTTPS protocol. I couldn't figure out why I couldn't login after the wicked simple implementation and it took about 10 minutes to figure out the obvious. I'm sure you'd agree that default installation shouldn't do this.

Stash

Hmm, neither of my local copies have the form defaulted to https and I don't remember specifically changing them... I'll try a fresh download and install and see what happens.

Stash

No https for me. I wonder why you go it?

This is the source for the login page I get right after installing:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml&quot; xml:lang="en-ca">
	<head>
		<title>temp - Sign In</title>
		<link rel="shortcut icon" href="/temp/themes/vanilla/styles/default/favicon.ico" />
				<link rel="stylesheet" type="text/css" href="/temp/themes/vanilla/styles/default/people.css" media="screen" />
				<script type="text/javascript" src="/temp/js/global.js"></script></head>
	<body  onload="Focus('txtUsername');">
	<div id="SiteContainer"><div class="SiteContainer SignIn">

	<h1>temp</h1><div id="Form" class="SignInForm">
	<fieldset><form id="frmSignIn" method="post" action="http://dev.lan/temp/people.php"><div><input type="hidden" name="PostBackAction" value="SignIn" />
				<input type="hidden" name="ReturnUrl" value="" />
				</div><ul>
	<li>
		<label for="txtUsername">Username</label>
		<input id="txtUsername" type="text" name="Username" value="" class="Input" maxlength="20" />
	</li>

	<li>
		<label for="txtPassword">Password</label>
		<input id="txtPassword" type="password" name="Password" value="" class="Input" />
	</li>
	<li id="RememberMe">
		<label for="RememberMeID"><input type="checkbox" name="RememberMe" value="1"   id="RememberMeID" /> Remember me</label>
	</li>

</ul>
<div class="Submit"><input type="submit" name="btnSignIn" value="Proceed" class="Button" /></div>
</form>
</fieldset>
<ul class="MembershipOptionLinks">
	<li class="ForgotPasswordLink"><a href="http://dev.lan/temp/people.php?PostBackAction=PasswordRequestForm">Forgot your password?</a></li>
	<li class="ApplyForMembershipLink"><a href="http://dev.lan/temp/people.php?PostBackAction=ApplyForm">Apply for membership</a></li>
</ul>
</div></div></div>
<div class="Foot SignIn"><a href="http://lussumo.com">Lussumo Vanilla, Swell, and People</a> Copyright &copy; 2001-2009</div></body>

</html>

brian_k

Just to be sure it wasn't something on my end, I removed the installation and the database, rebooted the server, and tried it from scratch again. It did, in fact, set the "action" in the login form to HTTPS. Now... I *do* have an SSL cert installed on this machine and for my domain so I wonder if that could have something to do with it.

Dinoboff

I think someone reported a similare bug, but I haven't been able to reproduce it...

Dinoboff

What does conf/settings.php looks like?

brian_k

Before I changed it, it was HTTPS everywhere.

Dinoboff

The secure url is set there:
http://code.google.com/p/lussumo-vanilla/source/browse/tags/Vanilla-1.1.10/src/setup/installer.php#114

with:

$IsSecure = @$_SERVER["HTTPS"] || @$_SERVER['SERVER_PORT'] == 443;