Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

SSL lussumo

edited March 2007 in Vanilla 1.0 Help
I would like to know how you can SSL the lussumo BBS. I have been having problem with this... login page is SSLed but after loggin in, its goes back to non SSL. elvin


  • Actually, this could be really useful if People were going to be used in anything more secure than a forum or blog.
  • MarkMark Vanilla Staff
    Hmmm. That's interesting. Most of the paths are written relatively, but I bet the problem is that the Configuration parameter for DOMAIN is set to an http instead of an https. Check out the settings in the "Application Settings" form on the "Settings" tab.
  • I did check on the Application Settings... but in the description it says not to put http:// Any other idea? elvin
  • lechlech Chicagoland
    I think that what mark means is that the forum defaults to building a http://... request instead of one that starts with https:// which is at the moment hard-coded into vanilla. Don't quote me on that but I think that's the way it's set up. Mark?
  • MarkMark Vanilla Staff
    In it is, yeah. And that's a big pain to change, sadly. If you have the cahones, you can use 0.9.3 which (I'm 99% sure) allows you to specify the BASEURL configuration variable complete with http or https. If it doesn't, I'd consider that a bug and change it for final release.
  • Hmmm I guess i will try the 0.9.3 beta... Will be good to have optional https for the bbs Elvin
  • I was only interested in SSL'ing my signin.php page, so put the following snippet at the very top of the signin.php in my Vanilla ( root. if ($_SERVER['HTTPS']!= 'on') { // Redirect user to secure page header("Location:"); exit; }
  • I've just set up a vanilla forum with ssl. almost worked perfectly first time, but it was a small fix. When I logged into, there was a redirecturl in the URL string which had an http instead of an https, and it didn't pay any attention to the $Configuration['BASE_URL'] or the $Configuration['FORWARD_VALIDATED_USER_URL'] in the conf/config.php file. this meant that when a user logged in they were redirected to the non-ssl page, producing an error, instead of the forum. there is a function in 'library/framework/framework.functions.php' called 'GetRequestUri' This automatically prepends the URL with http://, i changed that to https:// and it all works beautifully. can I just add that the simplicity of the checkbox to secure the whole forum from unregistered users is a thing of beauty. I hadn't been able to work out how to do that in phpbb at all. If I've misunderstood or stated the obvious, forgive me. Brian
  • I'd call that a bug...
  • No offence, and I may be wrong but if your using an earlier version why not just upgrade to 1? It would probably save you any trouble?
  • edited July 2006
    If he has a library/Framework/Framework.Functions.php file, it must be version 1. And I agree with bergamot.
  • I'm also running Vanilla on an SSL only server. In addition to Bridawg's fix above. I also had to add the 's' here in order to get certain extensions to work: library/Framework/Framework.Functions.php: if (strpos($PathToConcatenate, 'https://') !== false) return $PathToConcatenate; There also appears to be another URL function somewhere that needs to be updated. I'm using the Account Pictures extension to allow users to upload account images, which works fine. However, when someone updates their profile. Vanilla prepends the image location with http://, which results in a url like http://
  • Sorry for the double post. I should have looked a little harder. While not elegant, I simply changed these lines preventing the http:// string from being forced into the url. This may cause issues. If someone who knows php better than I (99.9% of php coders) knows how to write this function to allow urls beginning with http:// or https://, I'd like to see it. library/People/People.Class.User.php: $this->Icon = PrependString('', ForceIncomingString('Icon','')); library/People/People.Class.User.php: $this->Picture = PrependString('', ForceIncomingString('Picture',''));
  • I would like to know if you have SSL is available for this new version of lussumo.
  • MarkMark Vanilla Staff
    Thanks for bringing this to my attention.

    I've added a new configuration setting called HTTP_METHOD to the subversion repository that will allow you to change to https.
  • Is it possible to use https-URIs when the user already comes from a secure site and use plain http-URIs when not? I would like to offer my forum both secure and as plain HTTP and not force the user to any of the two. So when the user accesses a page via HTTPS, all links on that page should redirect to https, but when the forum is reached via plain HTTP, all page links should lead to http again. This could be done with relative addresses, but are they officially supported? (The Settings Panel says: "The web-path to Vanilla should be a complete path to Vanilla just as you would type it into a web browser.") And another question: Is there an "official" way to force a user to login securely? Post #8 above provides this by hacking signin.php, but how can it be done in recent versions of Vanilla? (people.php?)
  • No ideas on this? Unfortunately, HTTP_METHOD doesn't solve the problem as it forces every page address to be of the specified method.
  • MarkMark Vanilla Staff
    Hmmm. The easiest might be to add the required code to your conf/settings.php file (rather than as an extension).

    Use php to see what the request method is and make the HTTP_METHOD configuration setting the same as that.
  • Some thread necro to just post what I found to work so far. As mentioned I just inserted php code into settings.php
    if($_SERVER['HTTPS']) {
    $Configuration['BASE_URL'] = 'https://***********/';
    $Configuration['HTTP_METHOD'] = 'https';
    $Configuration['FORWARD_VALIDATED_USER_URL'] = 'https://***********/';
    } else {
    $Configuration['BASE_URL'] = 'http://***************/';
    $Configuration['HTTP_METHOD'] = 'http';
    $Configuration['FORWARD_VALIDATED_USER_URL'] = 'http://*************/';
    I'm not sure how vanilla will handle these changes if someone then modifies some configuration settings via the admin panel though so your mileage may vary.
  • edited May 2010
    Actually, this may be enough:
    $Configuration['BASE_URL'] = '//***************/'; $Configuration['HTTP_METHOD'] = ''; $Configuration['FORWARD_VALIDATED_USER_URL'] = '//*************/';
    Not sure though on how Garden reacts on the empty string. But it's valid to omit the protocol in a href, it takes the one of the referrer.


    Did some testing, Garden doesn't like it and prepends http:// to the base url.
Sign In or Register to comment.