- πΊπ¦Ukraine AstonVictor
I'm closing it because the issue was created a long time ago without any further steps.
if you still need it then raise a new one.
thanks
The securepages module has a hook_form_alter() hook to encrypt the login form, because it could appear on any page and not just a secure page.
However, it only seems to work for the user_login_block login form. On our site we built our own custom login form whose form_id is redirected to user_login_block via hook_forms(). In this case, I can get our form to submit to HTTPS the first time by simply setting $form['#https'] = TRUE. However, if the form is invalid (wrong username/password), the securepages module will reset it back to HTTP on the second submission.
function securepages_form_alter(&$form, &$form_state, $form_id) {
// ..
// When already in secure mode and submitting a login form to an arbitrary page, this will take it out of secure mode
elseif ($page_match === 0 && securepages_is_secure() && variable_get('securepages_switch', FALSE)) {
$url['https'] = FALSE;
$url['absolute'] = TRUE;
$form['#action'] = url($url['path'], $url);
}
}
// If the user/login block matches, also secure the login block.
if (securepages_match('user/login') && $form_id == 'user_login_block' && !securepages_is_secure()) {
$form['#https'] = TRUE;
}
}
It seems that an easy way to fix this would be to simply check for $form['#https'] and not take the form out of secure mode in this case. So, line 85 becomes:
elseif (empty($form['#https']) && $page_match === 0 && securepages_is_secure() && variable_get('securepages_switch', FALSE)) {
On the other hand, submitting an unsecure form on a secure page throws a browser warning. Wouldn't it be better to always submit forms on secure pages in secure mode, and then redirect to insecure mode, if necessary, when the form is redirected after submission?
Closed: outdated
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
I'm closing it because the issue was created a long time ago without any further steps.
if you still need it then raise a new one.
thanks