Insecure link on log in page - Printable Version

Insecure link on log in page - Printable Version

+- webERP Forum (http://www.weberp.org/forum)
+-- Forum: webERP Discussion (http://www.weberp.org/forum/forumdisplay.php?fid=1)
+--- Forum: Problems / Bugs? (http://www.weberp.org/forum/forumdisplay.php?fid=8)
+---- Forum: RESOLVED - Bugs/Problems (http://www.weberp.org/forum/forumdisplay.php?fid=15)
+---- Thread: Insecure link on log in page (/showthread.php?tid=305)

Insecure link on log in page - revrora - 08-19-2012

Hi,
I have just installed the latest version of weberp, but the login page is now insecure due to an insecure link. http://sflogo.sourceforge.net/sflogo.php?group_id=70949&type=8 directing to http://sourceforge.net/projects/web-erp/

What's the best way to get round this?

Keep up the good work!

Trevor

RE: Insecure link on log in page - revrora - 08-20-2012

(08-19-2012, 07:22 AM)revrora Wrote: Hi,
I have just installed the latest version of weberp, but the login page is now insecure due to an insecure link. http://sflogo.sourceforge.net/sflogo.php?group_id=70949&type=8 directing to http://sourceforge.net/projects/web-erp/

What's the best way to get round this?

Keep up the good work!

Trevor

I've sorted it myself now. Navigated to "weberp/includes/footer.inc" and changed the urls in the following string from http to https.

<div style="text-align:center"><a href="https://sourceforge.net/projects/web-erp"><img src="https://sflogo.sourceforge.net/sflogo.php

RE: Insecure link on log in page - samudaya - 08-20-2012

Hi,
//////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////
<?php

if($_SERVER["HTTPS"] != "on")
{
$newpage = "https://". $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header("Location: $newpage");
exit();
}

?>
//////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////

Put this php script in top of the index.php.

Best Regards
Samu

RE: Insecure link on log in page - revrora - 08-22-2012

Hi Samu,
That's an elegant solution, however for me, login will always be encrypted as I have a perminant redirect from http to https. Therefore I think just changing the offending url is enough.
Kind Regards
Trevor

RE: Insecure link on log in page - phil - 08-27-2012

changed in svn to https