SSL & Dolphin?

I am really struggling to get SSL to work on Dolphin with a shared certificate.

1) Is this at all possible?

I purchased a Store mod that integrates really nicely with Dolphin except when I try use SSL. Even tried replacing the URL in header.inc.php with the Secure server url (that would probably encrypt the whole site)  no luck.

dolphin install directory is : www.mysite.com/new

if I use https://secure-server.com/mysite.com/ (address supplied by hosting company) as the URL browser tries to open https://www.secure-server.com/new (it loses mysite.com/ and returns page not found error). This occurs when I try to use the "Force SSL" option from within the store settings as well so it would seem there is a problem within Dolphin somewhere either because Dolphin cant be used on a shared cert or something else???

Further down in the header.inc.php file is a reference to the root directory

$dir['root']               = "/home/sites/mysite.com/public_html//new/";

do I need to change this value to reflect the secure server too? and if yes, what would the correct entry be?

There may be other changes to make, pray tell where these are too puleeez

Further, I can get both zencart and oscommerce to work using the same shared cert without a problem.

Thank

nope , that didnt do it either :(

This actually is fairly easy to accomplish. (As I posted in another thread.)

You simply add the following code to the top of the scripts/functions.php file for the skin you are using.

for example, if you are using the default uni skin, you would add the code to the /templates/tmpl_uni/scripts/functions.php

if ($_SERVER['HTTPS'] && ($_SERVER['HTTPS'] != 'off'))
{
// Replace Global Site values
foreach($GLOBALS['site'] as $szTempKey => $szTempVal)
{
$GLOBALS['site'][$szTempKey] = str_replace('http://', 'https://', $szTempVal);
}
$GLOBALS['page']['extra_js'] = str_replace('http://', 'https://', $GLOBALS['page']['extra_js']);
$GLOBALS['page']['extra_css'] = str_replace('http://', 'https://', $GLOBALS['page']['extra_css']);
$GLOBALS['sHomeUrl'] = str_replace('http://', 'https://', $GLOBALS['sHomeUrl']);
$GLOBALS['sGlobalPath'] =str_replace('http://', 'https://', $GLOBALS['sGlobalPath']);
$GLOBALS['sGlobalUrl'] =str_replace('http://', 'https://', $GLOBALS['sGlobalUrl']);
$GLOBALS['sDataPath'] = str_replace('http://', 'https://', $GLOBALS['sDataPath']);

// Replace Template Config values
foreach($GLOBALS['oTemplConfig'] as $szTempKey => $szTempVal)
{
if (is_string($szTempVal))
$GLOBALS['oTemplConfig']->$szTempKey = str_replace('http://', 'https://', $szTempVal);
}
// Replace Template Site values
foreach($GLOBALS['oTemplConfig']->aSite as $szTempKey => $szTempVal)
{
if (is_string($szTempVal))
$GLOBALS['oTemplConfig']->aSite[$szTempKey] = str_replace('http://', 'https://', $szTempVal);
}
}

This will replace all of the http:// with https:// in the relevant links in the skin. It is important to place this code right after the copyright comments, and before any function declarations. the great thing about this, is that if you are using a custom skin (like I am) the changes take effect without modifying any of Dolphin's core code, and the code will not be affected by upgrades.

Additionally, you can add the following code to the .htaccess file (if you are running apache with mod_rewrite enabled) to access only turn on SSL for specific pages. (the pedit.php and join.php pages in this example, but other can be added.)

This code will move to SSL for just pedit.php and join.php and will move out when another page is visited. (This is a slightly modified version of a trick off of the Apache Website.)

RewriteRule "^(pedit.php)$" - [env=whwSecure:https]
RewriteRule "^(join.php.*)$" - [env=whwSecure:https]

#Redirect to normal site.
RewriteCond %{HTTPS} on
RewriteCond %{env:whwSecure} !https
RewriteCond %{REQUEST_URI} !^.*simg.php
RewriteCond %{REQUEST_URI} ^.+.php [OR]
RewriteCond %{REQUEST_URI} ^.+/$
RewriteRule "^(.*)$" "http://%{HTTP_HOST}/community/$1" [R=301,L]

#Redirect to Secure site
RewriteCond %{HTTPS} off
RewriteCond %{env:whwSecure} https
RewriteRule "^(.*)$" "https://%{HTTP_HOST}/community/$1" [R=301,L]

-Jason

This is good information.  Thanks Draxxon!

Draxxon,

I implemented your SSL code on both the functions.php and .htaccess files and it works great. I applied the SSL to only a few select pages on my site.

The only issue is when I go from a secure https page to /orca for some reasons it changes to https all over Orca.  Orca forum doesn't show https when accessing it from http pages... ?

Any insight?

-micliz-

LDS Singles

Solteros SUD Mormon

Any idea where do to this for Dolphin 7?

It's a little strange that this isn't core functionality.. given we are all so keen on security etc

Will this work on Dolphin 7.0.2 ?  I don't really want every page on the site to be protected by SSL

I tried placing this at the bottom of my .htacess file but it didn't do anything.

RewriteRule "^(pedit.php)$" - [env=whwSecure:https]
RewriteRule "^(join.php.*)$" - [env=whwSecure:https]

#Redirect to normal site.
RewriteCond %{HTTPS} on
RewriteCond %{env:whwSecure} !https
RewriteCond %{REQUEST_URI} !^.*simg.php
RewriteCond %{REQUEST_URI} ^.+.php [OR]
RewriteCond %{REQUEST_URI} ^.+/$ 
RewriteRule "^(.*)$" "http://%{HTTP_HOST}/community/$1" [R=301,L]

#Redirect to Secure site
RewriteCond %{HTTPS} off
RewriteCond %{env:whwSecure} https
RewriteRule "^(.*)$" "https://%{HTTP_HOST}/community/$1" [R=301,L]

Is there an updated approach for this?  I installed my SSL and went in to the pages section of Admin thinking I'd find a checkbox with an option 'secure this page', but nope.

The information given here is out of date.

This thread has more info: http://www.boonex.com/unity/forums/#topic/SSL-on-Dolphin-7-0-2.htm

Thanks - that helped a TON.

I would think SSL support would be day 1 of the deisign for portal software.  I'm making so many tweaks I don't want to imagine an upgrade. 

Just a note, but after doing this the confirmation email for new accounts does not work.  I posted to support to see how to fix it.

For those following these instructions for SSL, you also need to add this page to the code and rewrite:

profile_activate.php

There is an easy way to include the ssl certificate on all pages of the site?

With the help of AntonLV I successfully added https to pedit, join etc, but one thing I cannot find a solution for and this is most important.

Which pathes do i have to add to the code in .htaccess and inc/header.inc.php if i want to secure the payment modules pages? Anybody knows?

like /m/payment and /m/payment/cart ?