jreklund
commented
6 years ago Have you accidentally activated it inside .htaccess?
Closed kkayacan closed 6 years ago
jreklund
commented
6 years ago Have you accidentally activated it inside .htaccess?
kkayacan
commented
6 years ago This is .htaccess under /php4dvd folder:
jreklund
commented
6 years ago That looks good, regarding https.
If you wan't to use SEO urls you need to change RewriteBase / into RewriteBase /php4dvd/.
If you delete that file (.htaccess) entirely and remove the following lines: https://github.com/jreklund/php4dvd/blob/master/common.inc.php#L56
// Force the use of HTTPS
if(
isset($settings["url"]["HTTPS"]) && $settings["url"]["HTTPS"] &&
(!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')
) {
header('Location: https://'. $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"], true, 301);
exit();
}Then you have removed all redirect functions regarding https from php4dvd. If it still redirects you it's your webbserver* that's the problem.
kkayacan
commented
6 years ago OK, redirection seems to be gone right now. Thanks for the tip.
But links (and resource file urls like css) still start with https and site is a little broken. I think that is because installation is done with https base url. Shall I start over the installation with removing those?
jreklund
commented
6 years ago Ok, could you add .htaccess file again and then the php code. Too see what actually triggers your redirect.
If you delete this, it ignores the servers HTTPS settings for url generation. Base url are only the last part /php4dvd/ https://github.com/jreklund/php4dvd/blob/master/common.inc.php#L74
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']) {
$protocol = "https";
}
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']) {
$protocol = "https";
}Can you post some information about your server software and custom settings. This should't even happen. The redirect can't even activate if you have $settings["url"]["HTTPS"] = false;.
kkayacan
commented
6 years ago I restored .htaccess and added PHP code. No redirection..
I am on Byethost shared hosting free plan so I don't have any custom configuration.
Here is server info: censored link
jreklund
commented
6 years ago That's indeed strange... will create a free account later and see if I can replicate this. Do you get http:// links now for CSS or is that still a problem?
kkayacan
commented
6 years ago Links are still https. I'll try starting over installation with the php code removed.
jreklund
commented
6 years ago Okey, keep me posted on what you find. It was I who deleted your phpinfo links. Those type of information should't be made public. I have saved it.
kkayacan
commented
6 years ago 
Unfortunately, base url is still https.
jreklund
commented
6 years ago Ok, I have now created a free account. Apparently Bytehost utilizes a load balance and sets $_SERVER['HTTP_X_FORWARDED_PROTO'] as http. There are currently no checks in the current version for a true https string, so it's just assume you want an encrypted connection.
Change row 77-79 in common.inc.php into this: (Leave out all other modifications discuses earlier)
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$protocol = "https";
}Row 44-46 in lib/util.inc.php
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$protocol = "https";
}If it's works out for you too, I will release a new version with this fix.
kkayacan
commented
6 years ago Works great. Thank you very much.
force http setting is false in configuration but site is redirected to https starting from install. What might be the problem?