Closed kkayacan closed 6 years ago
Have you accidentally activated it inside .htaccess
?
This is .htaccess under /php4dvd folder:
That looks good, regarding https.
If you wan't to use SEO urls you need to change RewriteBase /
into RewriteBase /php4dvd/
.
If you delete that file (.htaccess) entirely and remove the following lines: https://github.com/jreklund/php4dvd/blob/master/common.inc.php#L56
// Force the use of HTTPS
if(
isset($settings["url"]["HTTPS"]) && $settings["url"]["HTTPS"] &&
(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')
) {
header('Location: https://'. $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], true, 301);
exit();
}
Then you have removed all redirect functions regarding https from php4dvd. If it still redirects you it's your webbserver* that's the problem.
OK, redirection seems to be gone right now. Thanks for the tip.
But links (and resource file urls like css) still start with https and site is a little broken. I think that is because installation is done with https base url. Shall I start over the installation with removing those?
Ok, could you add .htaccess file again and then the php code. Too see what actually triggers your redirect.
If you delete this, it ignores the servers HTTPS settings for url generation. Base url are only the last part /php4dvd/ https://github.com/jreklund/php4dvd/blob/master/common.inc.php#L74
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
$protocol = "https";
}
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']) {
$protocol = "https";
}
Can you post some information about your server software and custom settings. This should't even happen. The redirect can't even activate if you have $settings["url"]["HTTPS"] = false;
.
I restored .htaccess and added PHP code. No redirection..
I am on Byethost shared hosting free plan so I don't have any custom configuration.
Here is server info: censored link
That's indeed strange... will create a free account later and see if I can replicate this. Do you get http:// links now for CSS or is that still a problem?
Links are still https. I'll try starting over installation with the php code removed.
Okey, keep me posted on what you find. It was I who deleted your phpinfo links. Those type of information should't be made public. I have saved it.
Unfortunately, base url is still https.
Ok, I have now created a free account. Apparently Bytehost utilizes a load balance and sets $_SERVER['HTTP_X_FORWARDED_PROTO']
as http
. There are currently no checks in the current version for a true https
string, so it's just assume you want an encrypted connection.
Change row 77-79 in common.inc.php into this: (Leave out all other modifications discuses earlier)
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$protocol = "https";
}
Row 44-46 in lib/util.inc.php
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$protocol = "https";
}
If it's works out for you too, I will release a new version with this fix.
Works great. Thank you very much.
force http setting is false in configuration but site is redirected to https starting from install. What might be the problem?