Re: How to force DebugKit to use HTTPS for its requests?
If you set the `App.fullBaseUrl` value in Configure, debug kit should respect that and generate links accordingly. This will also force the rest of the URLs generated in your app to use that base url prefix which can be handy. -Mark On Tuesday, 29 December 2015 05:46:32 UTC-5, Ethan Pooley wrote: > > Apps running on Heroku can be requested via HTTPS even though the app and > Web server don't know anything about it. Apps behind CloudFlare have a > similar option. > > In this environment, DebugKit may be blocked as "mixed content" because > the request for it happens via HTTP. My browser (Firefox 43) says this: > > Blocked loading mixed active content " >> http://myappname.herokuapp.com/debug_kit/toolbar/27dac57d-6616-4450-8926-ee75512bde70; >> >> toolbar.js:53:2 >> > > What would be the preferred method of forcing DebugKit to use HTTPS in its > base URL? When I look at the page source, I find this element: > > data-url="<a rel="nofollow" href="http://myappname.herokuapp.com/"">http://myappname.herokuapp.com/"</a>; src="/debug_kit/js/toolbar.js" > > > > It seems I either need to force the protocol in the "data-url" attribute, > or else configure it to ignore the base URL and to try loading the path > from "src" relative to the browser's notion of the base URL. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at https://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
How to force DebugKit to use HTTPS for its requests?
Apps running on Heroku can be requested via HTTPS even though the app and Web server don't know anything about it. Apps behind CloudFlare have a similar option. In this environment, DebugKit may be blocked as "mixed content" because the request for it happens via HTTP. My browser (Firefox 43) says this: Blocked loading mixed active content > "http://myappname.herokuapp.com/debug_kit/toolbar/27dac57d-6616-4450-8926-ee75512bde70; > > toolbar.js:53:2 > What would be the preferred method of forcing DebugKit to use HTTPS in its base URL? When I look at the page source, I find this element: http://myappname.herokuapp.com/"</a>; src="/debug_kit/js/toolbar.js" > It seems I either need to force the protocol in the "data-url" attribute, or else configure it to ignore the base URL and to try loading the path from "src" relative to the browser's notion of the base URL. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at https://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
Re: Redirect everything except start page to https
Τη Τετάρτη, 29 Απριλίου 2015 - 1:09:45 μ.μ. UTC+3, ο χρήστης Sven Mäurer έγραψε: In my config file I have created two VirtualHosts. Below is the config that redirects to 443 where everything is configured and working. Now I want to make the startpage reachable without ssl but not the other pages. How can I achieve that? RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://.. Back in the days of CakePHP 1.3, I did something similar by adding the following code in my controllers beforeFilter() function. I believe this will also work with CakePHP 2 as well. // make sure that we are using ssl protocol if (!isset($_SERVER['HTTPS'])) $this-redirect('https://' . $_SERVER['SERVER_NAME'] . $this-here); HTH Athanassios -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
Redirect everything except start page to https
In my config file I have created two VirtualHosts. Below is the config that redirects to 443 where everything is configured and working. Now I want to make the startpage reachable without ssl but not the other pages. How can I achieve that? RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://.. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/d/optout.
https + 2.4 + Iframe + Auth + Not Logging in
I Tried to find on docs, forum search and everything else. I have an aplication that the user logs with a email and a access key. It works nice and clean. BUT, another version of my app was demanded to run inside a Iframe: https inside a https. Its was a sales demand, not my decison. Now i have a problem. Some users, of some different networks, could not login. They render the login screen, and after submit they return to the login page. Without error, without anything. I already detected that the users of same companies (probably same browsers and same proxy) having this problem. My Session Confs: Configure::write('Session', array( 'defaults' = 'php', 'autoRegenerate' = false, 'checkAgent' = true)); -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: Starnge redirect from http to https on login
This log does not look to show a redirect changing protocols. it shows, what looks like, two parallel/subsequent requests to /users on https and http. the last request shown doesn't originate from the request before it and has no referer. If relevant, check what is stored in the session in Auth.redirect; if the original request was for http - it's quite possible you're being redirected back to http since that's where you were before logging in. AD On Thursday, 21 November 2013 22:03:58 UTC+1, dtemes wrote: We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs: xxx.xxx.com:443http://www.google.com/url?q=http%3A%2F%2Fxxx.xxx.com%3A443sa=Dsntz=1usg=AFQjCNH-cIxUd0HJUR4j8i_f1JqgpSmUuQ192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] POST /users/login HTTP/1.1 302 596 https://xxx.xxx.com/users/loginhttps://www.google.com/url?q=https%3A%2F%2Fxxx.xxx.com%2Fusers%2Floginsa=Dsntz=1usg=AFQjCNHLOWqoqK3JEhHkeVMbRjtUgNLOfQ Moz illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:443http://www.google.com/url?q=http%3A%2F%2Fxxx.xxx.com%3A443sa=Dsntz=1usg=AFQjCNH-cIxUd0HJUR4j8i_f1JqgpSmUuQ192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 468 https://xxx.xxx.com/users/loginhttps://www.google.com/url?q=https%3A%2F%2Fxxx.xxx.com%2Fusers%2Floginsa=Dsntz=1usg=AFQjCNHLOWqoqK3JEhHkeVMbRjtUgNLOfQ Mozilla/5. 0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:80http://www.google.com/url?q=http%3A%2F%2Fxxx.xxx.com%3A80sa=Dsntz=1usg=AFQjCNHUoTqur5PpY93mdReZ5OabIsz6jA192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 368 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G ecko/20100101 Firefox/25.0 This is the auth config: $this-Auth-authorize = 'Controller'; $this-Auth-authenticate = array('Form' = array('fields' = array('username' = 'email', 'password' = 'password'))); $this-Auth-loginRedirect = array('controller' = 'users', 'action' = 'index'); $this-Auth-autoRedirect = false; We are currently running cake 2.4.0 -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: Starnge redirect from http to https on login
We have found the solution, after sending user credentials the login action was redirecting to users/index, that first redirect keeps the https protocol, but then in the index action we have some business logic to check the type of user and based on that redirecting to the index action of controller A or controller B. We have included the logic directly in the login action, without redirecting to /users/index, and then the https protocol is not lost. To summarize: before: 1. user posts login data 2. Redirect to /users/index 3. Based on user role redirect to controllerA/index or controllerB/index, here there was an extra redirect to /users/index that was using http and not https (???) We don't know where this second redirect to users/index comes from. David El jueves, 21 de noviembre de 2013 22:03:58 UTC+1, dtemes escribió: We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs: xxx.xxx.com:443http://www.google.com/url?q=http%3A%2F%2Fxxx.xxx.com%3A443sa=Dsntz=1usg=AFQjCNH-cIxUd0HJUR4j8i_f1JqgpSmUuQ192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] POST /users/login HTTP/1.1 302 596 https://xxx.xxx.com/users/loginhttps://www.google.com/url?q=https%3A%2F%2Fxxx.xxx.com%2Fusers%2Floginsa=Dsntz=1usg=AFQjCNHLOWqoqK3JEhHkeVMbRjtUgNLOfQ Moz illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:443http://www.google.com/url?q=http%3A%2F%2Fxxx.xxx.com%3A443sa=Dsntz=1usg=AFQjCNH-cIxUd0HJUR4j8i_f1JqgpSmUuQ192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 468 https://xxx.xxx.com/users/loginhttps://www.google.com/url?q=https%3A%2F%2Fxxx.xxx.com%2Fusers%2Floginsa=Dsntz=1usg=AFQjCNHLOWqoqK3JEhHkeVMbRjtUgNLOfQ Mozilla/5. 0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:80http://www.google.com/url?q=http%3A%2F%2Fxxx.xxx.com%3A80sa=Dsntz=1usg=AFQjCNHUoTqur5PpY93mdReZ5OabIsz6jA192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 368 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G ecko/20100101 Firefox/25.0 This is the auth config: $this-Auth-authorize = 'Controller'; $this-Auth-authenticate = array('Form' = array('fields' = array('username' = 'email', 'password' = 'password'))); $this-Auth-loginRedirect = array('controller' = 'users', 'action' = 'index'); $this-Auth-autoRedirect = false; We are currently running cake 2.4.0 -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Re: Starnge redirect from http to https on login
maybe add $this-Auth-loginAction = array('controller' = 'users', 'action' = 'login'); Andras Kende http://www.kede.com On Nov 21, 2013, at 1:03 PM, dtemes dte...@gmail.com wrote: We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs: xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] POST /users/login HTTP/1.1 302 596 https://xxx.xxx.com/users/login; Moz illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 468 https://xxx.xxx.com/users/login; Mozilla/5. 0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 368 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G ecko/20100101 Firefox/25.0 This is the auth config: $this-Auth-authorize = 'Controller'; $this-Auth-authenticate = array('Form' = array('fields' = array('username' = 'email', 'password' = 'password'))); $this-Auth-loginRedirect = array('controller' = 'users', 'action' = 'index'); $this-Auth-autoRedirect = false; We are currently running cake 2.4.0 -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
Starnge redirect from http to https on login
We have just installed a self signed ssl cert on the apache server and doing some tests with our app running over https. The very first issue is that after login we are being redirected to http, and not https, here are some apache logs: xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] POST /users/login HTTP/1.1 302 596 https://xxx.xxx.com/users/login; Moz illa/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:443 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 468 https://xxx.xxx.com/users/login; Mozilla/5. 0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 xxx.xxx.com:80 192.168.1.3 - - [21/Nov/2013:12:45:24 -0800] GET /users HTTP/1.1 302 368 - Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) G ecko/20100101 Firefox/25.0 This is the auth config: $this-Auth-authorize = 'Controller'; $this-Auth-authenticate = array('Form' = array('fields' = array('username' = 'email', 'password' = 'password'))); $this-Auth-loginRedirect = array('controller' = 'users', 'action' = 'index'); $this-Auth-autoRedirect = false; We are currently running cake 2.4.0 -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
While redirecting from http to https , session expired
Hi , I have implemented ssl on my local and on the server , the problem that i am facing is redirection from http to https works fine on my local machine , but when i deploy it on the server and tried to redirect , the session expires and again asking to loigin , please reply asap is anybody knows the solution . Thanks in advance. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
Re: While redirecting from http to https , session expired
Take a look at this: http://book.cakephp.org/2.0/en/development/sessions.html#session-configuration Jeremy Burns Class Outfit http://www.classoutfit.com On 29 Nov 2012, at 10:57, sagar shirsath sagar.shirsath2...@gmail.com wrote: Hi , I have implemented ssl on my local and on the server , the problem that i am facing is redirection from http to https works fine on my local machine , but when i deploy it on the server and tried to redirect , the session expires and again asking to loigin , please reply asap is anybody knows the solution . Thanks in advance. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en. -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php?hl=en.
How to use HTTPS in cakephp
Hello everyone, i want to use https in cakephp how can i use that? do i need to use some security component? or do i need to change the route.php?? Thanks in advance. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: How to use HTTPS in cakephp
for starters the protocol (http or https) doesnt necessarily have to do with cake. your application will run with both versions - you can switch easily between them. you should first consult on how to install and setup the certificates, how to make your apache route the https connection. if that all works, your cake app will work without any configuration at all. Am Dienstag, 10. April 2012 23:37:29 UTC+2 schrieb Josh: Hello everyone, i want to use https in cakephp how can i use that? do i need to use some security component? or do i need to change the route.php?? Thanks in advance. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: How to use HTTPS in cakephp
Thanks.. i will see about the certificates. On Tuesday, April 10, 2012 3:41:25 PM UTC-6, euromark wrote: for starters the protocol (http or https) doesnt necessarily have to do with cake. your application will run with both versions - you can switch easily between them. you should first consult on how to install and setup the certificates, how to make your apache route the https connection. if that all works, your cake app will work without any configuration at all. Am Dienstag, 10. April 2012 23:37:29 UTC+2 schrieb Josh: Hello everyone, i want to use https in cakephp how can i use that? do i need to use some security component? or do i need to change the route.php?? Thanks in advance. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: HttpSocket won't use 443 port for https request automatically
could be you can open a ticket at cakephp.lighthouseapp.com/projects/42648/tickets/ if you feel like this should be addressed but dont forget to mention the cake version you are using this time (as you did here^^) On 31 Jan., 04:38, Perry perry...@gmail.com wrote: when I pass a https url to HttpSocket::get, it won't use 443 port automatically, and return nothing but when i specify the port in url, likehttps://example.com:443/, it works fine is this a bug? -- Perry | 彭琪http://pengqi.me -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: HttpSocket won't use 443 port for https request automatically
i'm using cake 2.0.5 On Tue, Jan 31, 2012 at 10:58 PM, euromark dereurom...@googlemail.comwrote: could be you can open a ticket at cakephp.lighthouseapp.com/projects/42648/tickets/ if you feel like this should be addressed but dont forget to mention the cake version you are using this time (as you did here^^) On 31 Jan., 04:38, Perry perry...@gmail.com wrote: when I pass a https url to HttpSocket::get, it won't use 443 port automatically, and return nothing but when i specify the port in url, likehttps://example.com:443/, it works fine is this a bug? -- Perry | 彭琪http://pengqi.me -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Perry | 彭琪 http://pengqi.me -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
HttpSocket won't use 443 port for https request automatically
when I pass a https url to HttpSocket::get, it won't use 443 port automatically, and return nothing but when i specify the port in url, like https://example.com:443/, it works fine is this a bug? -- Perry | 彭琪 http://pengqi.me -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
HTTPS and HTTP on same app
Hi all, I have just added to a fully working site based on CakePHP 2.0 and Apache 2.2.16 a wildcard SSL certificate. Created virtual hosts pointing HTTPS to the same HTTP app. But when I load the HTTPS version, the certificate is ok but lots of errors: first thing [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP Notice: Constant CAKE_CORE_INCLUDE_PATH already defined in /srv/www/xxx2/public_html/ app/webroot/index.php on line 59 [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP Stack trace: [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP 1. {main}() /srv/ www/xxx2/public_html/index.php:0 [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP 2. require() / srv/www/xxx2/public_html/index.php:40 [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP 3. define() /srv/ www/xxx2/public_html/app/webroot/index.php:59 If I comment out the CAKE_CORE_INCLUDE_PATH definition in /srv/www/ xxx2/public_html/index the site is loading but all the depending files are not, example GET https://test1.xxx2.com/css/additional.css 404 (Not Found) I am sure there is quite simple explanation for the issue, but I can't find it external help... Any idea? P.S. Just to give a bit of additional context, I am in this because I need (as per Facebook request) to provide also an HTTPS version of a Facebook app -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: HTTPS and HTTP on same app
Just solved, as suggested by some nice guys on #cakephp on irc.freenode.net, it was a matter of setting the DocumentRoot as indicated in http://book.cakephp.org/2.0/en/installation.html#production, that is at /cake_install/app/webroot. On Dec 19, 7:11 pm, Mario mario.calli...@gmail.com wrote: Hi all, I have just added to a fully working site based on CakePHP 2.0 and Apache 2.2.16 a wildcard SSL certificate. Created virtual hosts pointing HTTPS to the same HTTP app. But when I load the HTTPS version, the certificate is ok but lots of errors: first thing [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP Notice: Constant CAKE_CORE_INCLUDE_PATH already defined in /srv/www/xxx2/public_html/ app/webroot/index.php on line 59 [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP Stack trace: [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP 1. {main}() /srv/ www/xxx2/public_html/index.php:0 [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP 2. require() / srv/www/xxx2/public_html/index.php:40 [Mon Dec 19 16:34:57 2011] [error] [client ...] PHP 3. define() /srv/ www/xxx2/public_html/app/webroot/index.php:59 If I comment out the CAKE_CORE_INCLUDE_PATH definition in /srv/www/ xxx2/public_html/index the site is loading but all the depending files are not, example GEThttps://test1.xxx2.com/css/additional.css404 (Not Found) I am sure there is quite simple explanation for the issue, but I can't find it external help... Any idea? P.S. Just to give a bit of additional context, I am in this because I need (as per Facebook request) to provide also an HTTPS version of a Facebook app -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: landing page not working after payment on https
I think its going to be difficult for anyone to give you specific help. Without knowing the exact details of yours and the payment system involved. I think being on HTTPS can affect the way sessions are handled. One issue I know of is that, dependant on settings, a cookie set by HTTPS, must only be read over HTTPS. So maybe if you are moving between https/ http when the user is logged in, this can cause an issue. Also, from my experience, a callback from a payment provider will be treated entirely seperatly from the user of the website (obviously, as it is a differnt computer calling the page entirely). So any controller/actions that the callback calls directly, can not require a user to be logged in. If you need specific data to be remember between the site, the payment page and then the callback, it needs to be passed along in the POST/GET data. I have a payment provider integrated fine into my cakePHP app. I keep everything over HTTPS after the user is logged in, my callback is a cake controller/action that dosn't require login, and the last page servered as part of the payment provider pages redirects the user back to the site, and they remain logged in. On Jun 22, 12:31 pm, Ritesh R Aryal iamriteshar...@gmail.com wrote: Still looking for your valued response. Lets brainstorm to have right solution. Is this a Session issues ? but it is working fine when the site is worked onhttp://sitename.com. But it gives problem when i get response back from payment page. cheers -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
landing page not working after payment on https
Hi Everybody, I'm at the end of the development of a client based site which allows clients to make online payment. The site is working fine with HTTP://sitename.com while receiving response back from payment gateway. (I mean it is returning back to the system [landing-page] properly) However, it is not working with HTTPS://sitename.com. Once the payment is done, then, instead of going back to the payment confirmation page it is directly bouncing back to the login page. What could be the error / issues right here ? Is it the issue of handing HTTP and HTTPS on cakephp ? your early response will be highly appreciated. regards -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: landing page not working after payment on https
Still looking for your valued response. Lets brainstorm to have right solution. Is this a Session issues ? but it is working fine when the site is worked on http://sitename.com. But it gives problem when i get response back from payment page. cheers -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: .htaccess for https site
The line RewriteCond %{SERVER_PORT} !^80$ seems to indicate that your RewriteRule's are only applied if the incoming request is NOT coming in from port 80 (port 80 is usually the http:// port, while port 443 is usually the https:// port). The ! negates the pattern, so I think you will get into a loop if the visitor is actually using https (443 != 80, so the first matching RewriteRule is applied, which redirects to https, which uses port 443, which is != 80, etc.) until the webserver fails about too many redirects. Try changing the condition, using ONLY ONE of the following: - removing the exclamation point so that the condition matches when using port 80 - changing the 80 to a 443 so that the condition matches when NOT using port 443 - use the %{HTTPS} variable instead of %{SERVER_PORT}; and matching the pattern ^off$. This should provide more flexibility in your server configuration (for example using port 8080 instead of 80 for your http: port ... For additional details on using mod_rewrite (RewriteCond, RewriteRule, etc.) you can check http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html (Note: this is for Apache HTTP Server version 2.2; if your Apache version is different, try changing the 2.2 in the URL to match your version, such as 1.3 or 2.0). As an alternative to drowning in the .htaccess file, you can use the Security component. There is an example in the Cookbook (http:// book.cakephp.org/view/1308/Usage) showing how to force all admin access to require secure SSL requests. If you need it for all actions, it should be a trivial change from the example. -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
.htaccess for https site
Hi, Noob user here. Can anyone guide me to an example of .htaccess setting for htts site? this is the default that cake have provided RewriteRule^$ app/webroot/[L] RewriteRule(.*) app/webroot/$1 [L] search some site and tgis group and find this recomendation RewriteCond %{SERVER_PORT} !^80$ RewriteRule^$ https://localhost/sticker/app/webroot/[L] RewriteRule(.*) https://localhost/sticker/app/webroot/$1 [L] but the rewrite seems not working. Thanks -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: .htaccess for https site
The default .htaccess works fine for https site What re ou trying to do ? Andras Kende http://www.kende.com On Jan 23, 2011, at 3:22 PM, heh wrote: Hi, Noob user here. Can anyone guide me to an example of .htaccess setting for htts site? this is the default that cake have provided RewriteRule^$ app/webroot/[L] RewriteRule(.*) app/webroot/$1 [L] search some site and tgis group and find this recomendation RewriteCond %{SERVER_PORT} !^80$ RewriteRule^$ https://localhost/sticker/app/webroot/[L] RewriteRule(.*) https://localhost/sticker/app/webroot/$1 [L] but the rewrite seems not working. Thanks -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: .htaccess for https site
It sounds like what he's trying to do (or at least, what the snippet of rewrite rule he posted is supposed to do) is require the site be accessed only via https; if the site is accessed via http it would redirect to the corresponding https URL. On Jan 23, 2011, at 17:58, Andras Kende wrote: The default .htaccess works fine for https site What re ou trying to do ? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
Re: Sessions and http/https
Thats another option, and by doing that you don't have to touch the core code, I will take a look at it before upgrading to 1.3.5... On 24 oct, 14:23, odd fihr87364hjkfhdjf6374hfz7z3h7...@trash- mail.com wrote: dtemes schrieb: I tryed with a custom save handler, but then i moved to database driver sessions, so finally I decided to touch the cake core code and set session.cookie_secure to 0, I am not really fond of this kind of solutions and would prefer a way to set it up from a config file without having to change the framework code. Not sure what you mean, when using a custom save handler you can simply copy the core code in there, and add the ini_set call that sets cookie_secure to 0. So when using database sessions copy the code in database switch case (cake_session.php, line 503) /// if (empty($_SESSION)) { if (Configure::read('Session.model') === null) { trigger_error(__(You must set the all Configure::write('Session.*') in core.php to use database storage), E_USER_WARNING); $this-_stop(); } if ($iniSet) { ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', ''); ini_set('session.save_handler', 'user'); ini_set('session.serialize_handler', 'php'); ini_set('session.use_cookies', 1); ini_set('session.name', Configure::read('Session.cookie')); ini_set('session.cookie_lifetime', $this-cookieLifeTime); ini_set('session.cookie_path', $this-path); ini_set('session.auto_start', 0); }} session_set_save_handler( array('CakeSession','__open'), array('CakeSession', '__close'), array('CakeSession', '__read'), array('CakeSession', '__write'), array('CakeSession', '__destroy'), array('CakeSession', '__gc') ); ini_set('session.cookie_secure', 0); /// Regards Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Sessions and http/https
dtemes schrieb: I tryed with a custom save handler, but then i moved to database driver sessions, so finally I decided to touch the cake core code and set session.cookie_secure to 0, I am not really fond of this kind of solutions and would prefer a way to set it up from a config file without having to change the framework code. Not sure what you mean, when using a custom save handler you can simply copy the core code in there, and add the ini_set call that sets cookie_secure to 0. So when using database sessions copy the code in database switch case (cake_session.php, line 503) /// if (empty($_SESSION)) { if (Configure::read('Session.model') === null) { trigger_error(__(You must set the all Configure::write('Session.*') in core.php to use database storage), E_USER_WARNING); $this-_stop(); } if ($iniSet) { ini_set('session.use_trans_sid', 0); ini_set('url_rewriter.tags', ''); ini_set('session.save_handler', 'user'); ini_set('session.serialize_handler', 'php'); ini_set('session.use_cookies', 1); ini_set('session.name', Configure::read('Session.cookie')); ini_set('session.cookie_lifetime', $this-cookieLifeTime); ini_set('session.cookie_path', $this-path); ini_set('session.auto_start', 0); } } session_set_save_handler( array('CakeSession','__open'), array('CakeSession', '__close'), array('CakeSession', '__read'), array('CakeSession', '__write'), array('CakeSession', '__destroy'), array('CakeSession', '__gc') ); ini_set('session.cookie_secure', 0); /// Regards Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Sessions and http/https
Maybe the session.cookie_secure option is set to true/1 by default in your PHP configuration (see php.ini), so uncommenting that line in cakes session class wont have any effect. Or maybe you have some PHP extension installed that automatically chooses to secure the cookie. Instead of uncommenting that line, try changing it to set the option to 0 and see if it makes any difference. If it works you'd probably better do that using a custom session save handler. Regards Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Sessions and http/https
I tryed with a custom save handler, but then i moved to database driver sessions, so finally I decided to touch the cake core code and set session.cookie_secure to 0, I am not really fond of this kind of solutions and would prefer a way to set it up from a config file without having to change the framework code. On 23 oct, 12:03, odd fihr87364hjkfhdjf6374hfz7z3h7...@trash- mail.com wrote: Maybe the session.cookie_secure option is set to true/1 by default in your PHP configuration (see php.ini), so uncommenting that line in cakes session class wont have any effect. Or maybe you have some PHP extension installed that automatically chooses to secure the cookie. Instead of uncommenting that line, try changing it to set the option to 0 and see if it makes any difference. If it works you'd probably better do that using a custom session save handler. Regards Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Sessions and http/https
I can see lots of activity on this subject, but no clear working answer; so excuse me if it's a broken record. My users log in via an https page. They are logged in and the Auth session variable is set. If they now go to an http page I would expect them to still be logged in, but they are not. I have this line: Configure::write('Session.cookie_secure', false); ...in /app/config/core.php, but it doesn't change anything. I have seen references to commenting out this line: ini_set('session.cookie_secure', 1); ...in cake/libs/cake_session.php, but equally this has no effect. What's clearly happening is that the session is secured and is only available from within https pages. How do I get a session that is accessible on both http and https pages? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
http routes ok, https alsways redirects to pages/home at first call...
Hey, in one of my apps I have a route to an action in controller 'admins' which is called 'signup'. As you probably already get what this action is doing, the normal route would be: http://myapp/admins/signup so I made a route for this in my routes.php and the route is now: http://myapp/signup which works really nice. When I click a link in an email or so the route just works fine, calls the correct action and so on... But when using SSL encryption on my production server, the route becomes this: https://myapp/signup This should not be a problem, BUT from this point on, every call to this route will be redirected to my login page (e.g. pages/home) and only when clicking a link or calling the route by browser again I can go to the signup page... Does anyone have any idea WHY this is happening? Is this a problem with SSL or do I have to add sth to my htaccess files or so? I tested this very often, only when using https every link will be redirected to the login-page before I call it another time. The second time I call a route or click a link I get to the correct page, but at first time, I always get redirected... :( Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: https links not working
Lorenzo Bettini wrote: Hi I'd like to access my cakephp based web site also using https, but I always get an error saying that the requested url is not found on the server. Note that apache is configured to serve also https requests and it works with other pages... is there anything to set somewhere? thanks in advance Lorenzo I found the solution (it was due to a misconfigured apache ssl site); I documented it here: http://tronprog.blogspot.com/2010/03/cakephp-and-ssl-connections-https.html hope it helps Lorenzo -- Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Httpsocket - from https to https
Hi, having a strange problem with the server config it would appear. (My code works fine on another host, but unfortunalty I need to make this work where it is now!) I am using cakePHP Httpsocket class. The app is on https:// and the URL I am POST'ing to is also https://. If I use the same code to POST to an non-SSL domain, i.e just http://somewhere, I get a response just fine. However any attempt to POST to https:// has no result whatsover. I have moved the app to another server and it works as you would expect with both http and https. I dont really know where to start with the server config (as it is obviosully the host begin the issue here). Please help! Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
I've only just got around to trying this - and it fits the bill really nicely thanks. Jeremy Burns On 18 Feb 2010, at 09:29, jperras wrote: http://github.com/plank/secured -jperras. On Feb 17, 12:54 am, Jeremy Burns jeremybu...@me.com wrote: Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Apply https for a particular module
Hello all I am using Cakephp 1.1 for my webapp and I want to use https when the user logs in his user account. For guest users I want the simple http connection to be used. Can this be done by using some setting in cakephp or should it be set it in Apache configuration? Thanks and Regards ShiVik Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: Apply https for a particular module
This should get you started: http://book.cakephp.org/view/268/Usage This works in 1.2 and 1.3 - I can't confirm that the same for 1.1 though. Jeremy Burns On 1 Mar 2010, at 04:28, SeeVik wrote: Hello all I am using Cakephp 1.1 for my webapp and I want to use https when the user logs in his user account. For guest users I want the simple http connection to be used. Can this be done by using some setting in cakephp or should it be set it in Apache configuration? Thanks and Regards ShiVik Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
http://github.com/plank/secured -jperras. On Feb 17, 12:54 am, Jeremy Burns jeremybu...@me.com wrote: Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
I like it! Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
Hi Jeremy, Take a look at the issue in this thread: http://groups.google.com/group/cake-php/browse_thread/thread/1c6b4727066173cf/19cf7202211f930d#19cf7202211f930d There I see the same solution as yours, but with some additional information. Maybe it will help you on the way .. or maybe discuss it with the original poster! Enjoy, John On Feb 17, 7:54 am, Jeremy Burns jeremybu...@me.com wrote: Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
Thanks John - I'll read, experiment and post back. Jeremy Burns jeremybu...@me.com On 17 Feb 2010, at 08:48, John Andersen wrote: Hi Jeremy, Take a look at the issue in this thread: http://groups.google.com/group/cake-php/browse_thread/thread/1c6b4727066173cf/19cf7202211f930d#19cf7202211f930d There I see the same solution as yours, but with some additional information. Maybe it will help you on the way .. or maybe discuss it with the original poster! Enjoy, John On Feb 17, 7:54 am, Jeremy Burns jeremybu...@me.com wrote: Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
When I've done this, I usually set specific controllers/actions as $useSSL=true; and force everything else back to non-SSL code app_controller.php:beforeFilter ... $this-ishttps = $this-set('ishttps',((isset($_SERVER['HTTPS']) $_SERVER['HTTPS']=='on') || (isset($_SERVER['SERVER_PORT']) $_SERVER['SERVER_PORT']==443))); ... app_controller.php:beforeRender ... if (!$this-ishttps isset($this-shouldBeHTTPS) $this- shouldBeHTTPS !in_array('return',$this-params)) { return $this-redirect('https://'.$_SERVER['HTTP_HOST']. $_SERVER['REQUEST_URI']); } elseif ($this-ishttps (!isset($this-shouldBeHTTPS) || !$this- shouldBeHTTPS) !in_array('return',$this-params)) { return $this-redirect('http://'.$_SERVER['HTTP_HOST']. $_SERVER['REQUEST_URI']); } ... /code That way, for any controller you can specify: code var $shouldBeHTTPS = true; //false /code or within an action you can change: code var $this-shouldBeHTTPS = true; //false /code thanks, -alan- On Feb 17, 3:50 am, Jeremy Burns jeremybu...@me.com wrote: Thanks John - I'll read, experiment and post back. Jeremy Burns jeremybu...@me.com On 17 Feb 2010, at 08:48, John Andersen wrote: Hi Jeremy, Take a look at the issue in this thread: http://groups.google.com/group/cake-php/browse_thread/thread/1c6b4727... There I see the same solution as yours, but with some additional information. Maybe it will help you on the way .. or maybe discuss it with the original poster! Enjoy, John On Feb 17, 7:54 am, Jeremy Burns jeremybu...@me.com wrote: Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions sitehttp://cakeqs.organdhelp others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions sitehttp://cakeqs.organd help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group athttp://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: SSL and https
Any takers on this please? Jeremy Burns jeremybu...@me.com On 12 Feb 2010, at 05:00, Jeremy Burns wrote: I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
https links not working
Hi I'd like to access my cakephp based web site also using https, but I always get an error saying that the requested url is not found on the server. Note that apache is configured to serve also https requests and it works with other pages... is there anything to set somewhere? thanks in advance Lorenzo -- Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
SSL and https
I am using the security component from app_controller. In some controllers I have this in my beforeFilter: if (in_array($this-params['action'], $action)): $this-Security-blackHoleCallback = 'forceSSL'; $this-Security-requireSecure(); else: $this-Security-blackHoleCallback = 'unforceSSL'; endif; I have these two functions in app_controller: function forceSSL() { $this-redirect('https://' . env('SERVER_NAME') . $this-here); } function unforceSSL() { $this-redirect('http://' . env('SERVER_NAME') . $this-here); } This is working in the sense that the right actions in the right controllers are being redirected to https. But once I am in https, I stay there. My question is: how do I get the site to go back to http for those controller actions that do not require https? Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
https links not working
Hi I'd like to access my cakephp based web site also using https, but I always get an error saying that the requested url is not found on the server. Note that apache is configured to serve also https requests and it works with other pages... is there anything to set somewhere? thanks in advance Lorenzo -- Lorenzo Bettini, PhD in Computer Science, DI, Univ. Torino HOME: http://www.lorenzobettini.it MUSIC: http://www.purplesucker.com BLOGS: http://tronprog.blogspot.com http://longlivemusic.blogspot.com Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
Re: about https
Find a certificate authority you like (price vs trust). They all have tutorials and detailed information on how to install their certificates. Or google for senf-signed certificates. (and non of it has anything to do with CakePHP...) On Oct 8, 5:45 am, wiky wqsha...@gmail.com wrote: Hi i am working on Solaris 10 with apcahe and php is configured. I have my website placed at /var/apache/htdocs/index.html as document root. and i access it on local apache server. Now i want to shift it on https to secure it from other systems on LAN. what steps i should take to implement. Urgent help is needed. Thanks -Waqas --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
about https
Hi i am working on Solaris 10 with apcahe and php is configured. I have my website placed at /var/apache/htdocs/index.html as document root. and i access it on local apache server. Now i want to shift it on https to secure it from other systems on LAN. what steps i should take to implement. Urgent help is needed. Thanks -Waqas --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Loosing SESSION When Transitioning from https to http Using Session Component
I have a User Edit page that submits data over https /user/edit. The controller saves data and redirects via http to /user/view. In the process I use php session to read/write some data. If I access session data using Cake Session component, I loose my session. As a result I get redirected to a login page. This is not a problem when I access $_SESSION in my code directly. I tracked http requests using FF Live Http Headers plugin and noticed that in addition to setting a cookie like so: Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; path=/ Cake also writes out Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; expires=Fri, 21 Aug 2009 19:30:23 GMT; path=/; secure (which is why the browser drops the cookie I suppose). I assume Edit secure data / save / redirect to be a pretty standard case. Does anyone else looses their session? How can I fix it? I prefer to always access session using Cake's component. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Loosing SESSION When Transitioning from https to http Using Session Component
Use https for the redirect, also. Either that, or redesign your app so you don't require the session vars in the other view. Are you doing this to save doing a find() in the view view? On Mon, Aug 17, 2009 at 10:22 AM, vb13val.brod...@gmail.com wrote: I have a User Edit page that submits data over https /user/edit. The controller saves data and redirects via http to /user/view. In the process I use php session to read/write some data. If I access session data using Cake Session component, I loose my session. As a result I get redirected to a login page. This is not a problem when I access $_SESSION in my code directly. I tracked http requests using FF Live Http Headers plugin and noticed that in addition to setting a cookie like so: Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; path=/ Cake also writes out Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; expires=Fri, 21 Aug 2009 19:30:23 GMT; path=/; secure (which is why the browser drops the cookie I suppose). I assume Edit secure data / save / redirect to be a pretty standard case. Does anyone else looses their session? How can I fix it? I prefer to always access session using Cake's component. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Loosing SESSION When Transitioning from https to http Using Session Component
Yes, I am doing this to save a find in a view. You are good Brian :). Except that the find is not a database call, it calls Salesforce via an API so I want to save a couple of seconds of a user's time. Still do not understand why Cake does this while I can use $_SESSION directly and everything works. Is this some kind of a security thing? Val On Aug 17, 12:12 pm, brian bally.z...@gmail.com wrote: Use https for the redirect, also. Either that, or redesign your app so you don't require the session vars in the other view. Are you doing this to save doing a find() in the view view? On Mon, Aug 17, 2009 at 10:22 AM, vb13val.brod...@gmail.com wrote: I have a User Edit page that submits data over https /user/edit. The controller saves data and redirects via http to /user/view. In the process I use php session to read/write some data. If I access session data using Cake Session component, I loose my session. As a result I get redirected to a login page. This is not a problem when I access $_SESSION in my code directly. I tracked http requests using FF Live Http Headers plugin and noticed that in addition to setting a cookie like so: Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; path=/ Cake also writes out Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; expires=Fri, 21 Aug 2009 19:30:23 GMT; path=/; secure (which is why the browser drops the cookie I suppose). I assume Edit secure data / save / redirect to be a pretty standard case. Does anyone else looses their session? How can I fix it? I prefer to always access session using Cake's component. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Loosing SESSION When Transitioning from https to http Using Session Component
I am having the same problem and here is the fix that I used: http://stackoverflow.com/questions/308659/session-not-saving-when-moving-from-ssl-to-non-ssl Hope that helps you. On Aug 17, 11:49 am, vb13 val.brod...@gmail.com wrote: Yes, I am doing this to save a find in a view. You are good Brian :). Except that the find is not a database call, it calls Salesforce via an API so I want to save a couple of seconds of a user's time. Still do not understand why Cake does this while I can use $_SESSION directly and everything works. Is this some kind of a security thing? Val On Aug 17, 12:12 pm, brian bally.z...@gmail.com wrote: Use https for the redirect, also. Either that, or redesign your app so you don't require thesessionvars in the other view. Are you doing this to save doing a find() in the view view? On Mon, Aug 17, 2009 at 10:22 AM, vb13val.brod...@gmail.com wrote: I have a User Edit page that submits data over https /user/edit. The controller saves data and redirects via http to /user/view. In the process I use phpsessionto read/write some data. If I access sessiondata using CakeSessioncomponent, I loose mysession. As a result I get redirected to a login page. This is not aproblemwhen I access $_SESSION in my code directly. I tracked http requests using FF Live Http Headers plugin and noticed that in addition to setting a cookie like so: Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; path=/ Cake also writes out Set-Cookie: TMCONSOLE=h4790sptdlflu4cenumitm8ga0; expires=Fri, 21 Aug 2009 19:30:23 GMT; path=/; secure (which is why the browser drops the cookie I suppose). I assume Edit secure data / save / redirect to be a pretty standard case. Does anyone else looses theirsession? How can I fix it? I prefer to always accesssessionusing Cake's component. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
https
hican anyone explain me how to use https in cakephp as i m having a problem in my project --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https
There is no code you need to change to get ssl working with cakephp. Make sure you have ssl setup on the site correctly with just static files first. Cheers, Adam - Original Message - From: rakesh singh rcky.ni...@gmail.com To: CakePHP cake-php@googlegroups.com Sent: Wednesday, June 17, 2009 8:43 PM Subject: https hican anyone explain me how to use https in cakephp as i m having a problem in my project --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Error with HTTPS
Hello everyone, This morning a system guy just configured apache2 to work with https. I hoped that everty URL of my cakephp application would work also with https protocol but ... http://192.168.1.242/pacex/alta-pacientes works perfectly and https://192.168.1.242/pacex/alta-pacientes returns 404 Not Found The requested URL /pacex/alta-pacientes was not found on this server. This happens for all the urls excepts for the home of the application https://192.168.1.242/pacex/ Did anybody see this before? Any clue? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Error with HTTPS
On Jun 1, 7:30 pm, Pablo pespinos...@gmail.com wrote: Did anybody see this before? Any clue? Using HTTP or HTTPS should be the same to Cake. There must be a difference between the configurations on the server. It could look like your .htaccess file is not interpreted with the HTTPS-settings. Regards Jonathan --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session lost when switching from http to https, vice versa, in cakephp rc3
Just wanted to say thanks, as I ran into this problem and this led me to the fix. For any one else, here is a bit more information: http://stackoverflow.com/questions/308659/session-not-saving-when-moving-from-ssl-to-non-ssl On Dec 4, 10:13 am, Mathew [EMAIL PROTECTED] wrote: Hi Robert, I've never done what you have done, but I'm sure it's possible because most people do shopping carts this way. The problem might be that Cake is switching to secure cookies when it finds the current URL is using HTTPS. The cookie is used to store the session ID and when the switch to secure cookies happens maybe Cake can't find the insecure cookie and starts a new session. I'm not sure if Cake supports this? You might have come across a bug. You might have to pass the session ID in the URL when switching from HTTP to the HTTPS and then use that ID in the HTTPS session to recover the old session. Here are the methods for getting and setting the session ID. $session-id() will return the current session ID. $session-id($id) will set the session ID. The other work around is to comment out the code in Cake that switches to secure cookies. if ($ini_set env('HTTPS')) { ini_set('session.cookie_secure', 1); } I only recommend this if you know for sure you don't need secure cookies. I also don't know if this is a wise security thing to do. Let me know if that helps? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Adding https in $html-url
i want to get ishttps://mycart/carts/authorize/, what i have to do for it Hi Jipson, Most likely you'll need to include the full path to the secure URL, like this: ?php echo $html-url('https://mycart/carts/authorize/); ? in order to force the HTTPS protocol. Out of curiosity, why are you using $html-url instead of $html-link? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Adding https in $html-url
Hi I am using $html-url instead of $html-link because, I have to link to an image... On Dec 4, 6:30 pm, Lance Willett [EMAIL PROTECTED] wrote: i want to get ishttps://mycart/carts/authorize/, what i have to do for it Hi Jipson, Most likely you'll need to include the full path to the secure URL, like this: ?php echo $html-url('https://mycart/carts/authorize/);? in order to force the HTTPS protocol. Out of curiosity, why are you using $html-url instead of $html-link? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Adding https in $html-url
Hi Jipson, I'm not sure exactly but I think you can define the protocol to the router in cake like this. ?=$html-url(array('base'='https://','url'='/carts/authorize'));? You can also do this with cake controllers. ?=$html-url(array ('base'='https://','controller'='carts','action'=authorize'))? I think base just tells the router that string should be at the start of the URL. So you could also make it anything like base=/ beta which would return /beta/carts/authorize. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: session lost when switching from http to https, vice versa, in cakephp rc3
Hi Robert, I've never done what you have done, but I'm sure it's possible because most people do shopping carts this way. The problem might be that Cake is switching to secure cookies when it finds the current URL is using HTTPS. The cookie is used to store the session ID and when the switch to secure cookies happens maybe Cake can't find the insecure cookie and starts a new session. I'm not sure if Cake supports this? You might have come across a bug. You might have to pass the session ID in the URL when switching from HTTP to the HTTPS and then use that ID in the HTTPS session to recover the old session. Here are the methods for getting and setting the session ID. $session-id() will return the current session ID. $session-id($id) will set the session ID. The other work around is to comment out the code in Cake that switches to secure cookies. if ($ini_set env('HTTPS')) { ini_set('session.cookie_secure', 1); } I only recommend this if you know for sure you don't need secure cookies. I also don't know if this is a wise security thing to do. Let me know if that helps? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Adding https in $html-url
Hi Friends, In my project i am giving the links to payment page view as follows. ?php echo $html-url('/carts/authorize/); ? now i am getting the output url as http://mycart/carts/authorize/ what i want to get is https://mycart/carts/authorize/ , what i have to do for it, anybody please help me. Thanks in Advance, Jipson --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
session lost when switching from http to https, vice versa, in cakephp rc3
hi, I am using cakephp rc3 I will lose my cakephp session whenever i swtich http to https: or https to http anyone knows how to solve this problem, reason being, the user was adding to the shopping cart, but when the protocol changes from http to https for checkout:, the shopping cart session is empty the same thing happens, when the use switch from https to http in the checkout to shopping cart, the shopping cart session will be missing --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Force SSL (HTTPS) Component, Finalization Help
Hello All, I managed to get my component working but would like to call cake's native 'redirect' instead of header('location..., if it is possible... Does anyone know how this can be done? ~/app/app_controller.php: ?php ... function beforeRender(){ /* * $this-SSL-reset=false;//requests continue in https if false, default = true * $this-SSL-force('controller','action'); * $this-SSL-force('controller');//all actions forced. * $array = array('controller.actionA','controller2.actionB','controller3'); * $this-SSL-force($array); */ $this-SSL-force('users'); $this-SSL-force('messages','add'); $this-SSL-check(); } ... ? ~/app/controllers/components/s_s_l.php: ?php class SSLComponent extends Object{ var $_aryParams = array(); var $reset = true; function initialize($controller){ $this-_config('controller', $controller-params['controller']); $this-_config('action',$controller-params['action']); $this-_config('host', $_SERVER['SERVER_NAME']); $this-_config('cakeUrl', $controller-params['url']['url']); $this-_config('forceSSL', array()); if(strlen(trim($this-_getConfig('cakeUrl'))) 0 $this- _getConfig('cakeUrl') '/'){ $this-_config('cakeUrl','/'.$this-_getConfig('cakeUrl')); } $this-_config('path',$this-_getConfig('cakeUrl')); } function startup($controller){ $this-_config('resetPath','://'.$this-_getConfig('host').$this- _getConfig('path')); } function shutdown($controller){ unset($this-_aryParams); } function _config($strParam,$objValue,$bolGet=false){ if(!$bolGet){ $this-_aryParams[$strParam] = $objValue; }else{ return $this-_aryParams[$strParam]; } } function _getConfig($strParam){ return $this-_config($strParam,null,true); } function force($arySSL=null,$strAction=null){ if(is_array($arySSL)){ foreach($arySSL as $strSSL){ if(count(split('\.',$strSSL,2)) 2){ $strSSL .= '.*'; } list($strController,$strAction) = split('\.',$strSSL,2); $this-_config('forceSSL',array_merge($this- _getConfig('forceSSL'),array(array('controller'= $strController,'action'=$strAction; } }elseif($arySSL null){ if($strAction == null){ $strAction = '*'; } $this-_config('forceSSL',array_merge($this- _getConfig('forceSSL'),array(array('controller'=$arySSL,'action'= $strAction; } } function check(){ $this-_config('bolReset', $this-reset); $bolForced = false; foreach($this-_getConfig('forceSSL') as $arySSL){ if($arySSL['controller'] == $this-_getConfig('controller') $arySSL['action'] == $this-_getConfig('action')){ $bolForced = true; }elseif($arySSL['controller'] == $this-_getConfig('controller') $arySSL['action'] == '*'){ $bolForced = true; } } if(!env('HTTPS') $bolForced){ header('location:'.'https'.$this-_getConfig('resetPath')); }elseif($this-_getConfig('bolReset')){ if(!$bolForced env('HTTPS')){ header('location:'.'http'.$this-_getConfig('resetPath')); } } } } ? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Force SSL (HTTPS) Component, Finalization Help
Hi Daniel, I managed to get my component working but would like to call cake's native 'redirect' instead of header('location..., if it is possible... Does anyone know how this can be done? Store a reference of the controller (which is automatically passed as parameter to the initialize() and startup() methods) and call the redirect method. -- Daniel Hofstetter http://cakebaker.42dh.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Force SSL (HTTPS) Component, Finalization Help
~/app/controllers/components/s_s_l.php: ?php class SSLComponent extends Object{ var $_aryParams = array(); var $reset = true; function initialize($controller){ $this-_config('objController', $controller); $this-_config('controller', $controller-params['controller']); $this-_config('action', $controller-params['action']); $this-_config('host', $_SERVER['SERVER_NAME']); $this-_config('cakeUrl', $controller-params['url']['url']); $this-_config('forceSSL', array()); if(strlen(trim($this-_getConfig('cakeUrl'))) 0 $this- _getConfig('cakeUrl') '/'){ $this-_config('cakeUrl','/'.$this-_getConfig('cakeUrl')); } $this-_config('path', $this-_getConfig('cakeUrl')); $this-_config('redirectPath', '://'.$this-_getConfig('host').$this- _getConfig('path')); } function shutdown($controller){ unset($this-_aryParams); } function _config($strParam,$objValue,$bolGet=false){ if(!$bolGet){ $this-_aryParams[$strParam] = $objValue; }else{ return $this-_aryParams[$strParam]; } } function _getConfig($strParam){ return $this-_config($strParam,null,true); } function force($arySSL=null,$strAction=null){ if(is_array($arySSL)){ foreach($arySSL as $strSSL){ if(count(split('\.',$strSSL,2)) 2){ $strSSL .= '.*'; } list($strController,$strAction) = split('\.',$strSSL,2); $this-_config('forceSSL',array_merge($this- _getConfig('forceSSL'),array(array('controller'= $strController,'action'=$strAction; } }elseif($arySSL null){ if($strAction == null){ $strAction = '*'; } $this-_config('forceSSL',array_merge($this- _getConfig('forceSSL'),array(array('controller'=$arySSL,'action'= $strAction; } } function check(){ $this-_config('bolReset',$this-reset); $bolForced = false; foreach($this-_getConfig('forceSSL') as $arySSL){ if($arySSL['controller'] == $this-_getConfig('controller') $arySSL['action'] == $this-_getConfig('action')){ $bolForced = true; }elseif($arySSL['controller'] == $this-_getConfig('controller') $arySSL['action'] == '*'){ $bolForced = true; } } $objController = $this-_getConfig('objController'); if(!env('HTTPS') $bolForced){ $objController-redirect('https'.$this- _getConfig('redirectPath')); }elseif($this-_getConfig('bolReset')){ if(!$bolForced env('HTTPS')){ $objController-redirect('http'.$this- _getConfig('redirectPath')); } } } } ? On Jun 30, 11:21 pm, Daniel E. [EMAIL PROTECTED] wrote: Hello All, I managed to get my component working but would like to call cake's native 'redirect' instead of header('location..., if it is possible... Does anyone know how this can be done? ~/app/app_controller.php: ?php ... function beforeRender(){ /* * $this-SSL-reset=false;//requests continue in https if false, default = true * $this-SSL-force('controller','action'); * $this-SSL-force('controller');//all actions forced. * $array = array('controller.actionA','controller2.actionB','controller3'); * $this-SSL-force($array); */ $this-SSL-force('users'); $this-SSL-force('messages','add'); $this-SSL-check();} ... ? ~/app/controllers/components/s_s_l.php: ?php class SSLComponent extends Object{ var $_aryParams = array(); var $reset = true; function initialize($controller){ $this-_config('controller', $controller-params['controller']); $this-_config('action', $controller-params['action']); $this-_config('host', $_SERVER['SERVER_NAME']); $this-_config('cakeUrl', $controller-params['url']['url']); $this-_config('forceSSL', array
Could HtmlHelper link generate an https url without including full URL?
What I would love to be able to do is something like this: $html-link('login', '/users/login', array('secure'=TRUE) ); Depending on which server I was on, this would generate either: https://www.cakephp.org/users/login OR https://cakephp.localhost/users/login Currently, the problem is that if I am in an http:// environment and want to generate a link with the https:// prefix, I have to do this: $html-link('login', 'https://'.$_SERVER['SERVER_NAME'].'/users/ login'); I feel like the first version is better, and avoids the ugliness of directly involving the $_SERVER array. Is there some fundamental issue preventing us from being able to specify a secure flag in the html-link function? Is there some easier way to handle this that doesn't involve using the $_SERVER array? Thanks! -Aran --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
how come session is gone when it is redirect to https
anyone knows why cakephp session is gone when it is redirect from http to https: Thank you www.generics.ws www.genericsmed.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: how come session is gone when it is redirect to https
On Sat, May 31, 2008 at 3:06 PM, robert123 [EMAIL PROTECTED] wrote: anyone knows why cakephp session is gone when it is redirect from http to https: This is not CakePHP specific - http https - will happen with anything PHP Tarique -- = Cheesecake-Photoblog: http://cheesecake-photoblog.org PHP for E-Biz: http://sanisoft.com = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: how come session is gone when it is redirect to https
hi, any suggestion on how to solve this problem. because whenever I redirect to a https connection for payment like from http://www.domain.com/checkout to https://www.domain.com/checkout the session is lost. Thank you On May 31, 5:38 pm, Dr. Tarique Sani [EMAIL PROTECTED] wrote: On Sat, May 31, 2008 at 3:06 PM, robert123 [EMAIL PROTECTED] wrote: anyone knows why cakephp session is gone when it is redirect from http to https: This is not CakePHP specific - http https - will happen with anything PHP Tarique -- = Cheesecake-Photoblog:http://cheesecake-photoblog.org PHP for E-Biz:http://sanisoft.com = --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups CakePHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
using htaccess to force HTTPS on /myaccount
cake1.1, apache1.3 Hi could anyone please shed any light on using htaccess to force a section of the site (ie myaccount) to use https. The problem is that ALL requests get redirected to HTTPS instead of just those to /myaccount/* My htaccess in root dir looks like: RewriteEngine On RewriteBase / # force myaccount urls to be HTTPS RewriteCond %{SERVER_PORT !^443$ RewriteRule myaccount https://%{HTTP_HOST}/$1 # standard cake htaccess below RewriteRule^$ /app/webroot/[L] RewriteRule(.*) /app/webroot/$1 [L] many thanks in advance chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: using htaccess to force HTTPS on /myaccount
You have to set a RewriteCond on myaccount after the rule on the HTTPS port. Check on Apache, I am sure there are plenty of sample to combine to condition for a rule. hth On Feb 13, 11:07 pm, Hoddy [EMAIL PROTECTED] wrote: cake1.1, apache1.3 Hi could anyone please shed any light on using htaccess to force a section of the site (ie myaccount) to use https. The problem is that ALL requests get redirected to HTTPS instead of just those to /myaccount/* My htaccess in root dir looks like: RewriteEngine On RewriteBase / # force myaccount urls to be HTTPS RewriteCond %{SERVER_PORT !^443$ RewriteRule myaccount https://%{HTTP_HOST}/$1 # standard cake htaccess below RewriteRule^$ /app/webroot/[L] RewriteRule(.*) /app/webroot/$1 [L] many thanks in advance chris --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Strategy for minimizing time in https/SSL
suggestions, anyone? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Strategy for minimizing time in https/SSL
Well, I did a commercial site with http/https switching a while ago, but it wasn't in Cake.. From my experience, even though the SSL does bring a slight overhead, it is actually unnoticeable. What we did was mod_overwrite redirection in apache, like this: RewriteRule (.*/secure/.*) https://yourhost.com$1 and RewriteRule (.*/public/.*) http://yourhost.com$1 ...of course you can add more stuff to the regex including the root of your site where necessary. I had no trouble with sessions whatsoever. I still wouldn't recommend SSL-ing the entire site. But perhaps bakers here know a better way to do all that with Cake, that's just my 2c. Hope that helps, dr. H. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Strategy for minimizing time in https/SSL
In my appController I plan to check if a secure controller/action is being referred to, and if so, redirect to https (assuming we are not already https). Similiarly, if a nonsecure controller/action is being referred to (excluding webroot), I plan to redirect to http (assuming we are not already http). This way I am in https for the minimum amount of time. Does this make sense? Or, is it better to just put the entire site in https? Does switching in and out of https incur any significant performance overhead? Will (cake) sessions survive from https to http and back? Can anyone forsee any gotchas with form submission, or other? Thanks. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
passing session from http to https
I have a cakephp 1.2 app that moves to https during credit card transactions. When it does all session data is gone. I have researched this issue with php and have found different answers as to session behavior when changing to an SSL url. Session work is new for me. I have read the cake session manual page, but did not recognize anything that could help. Is there a way to pass the session_id() and then call the session again from the secure(or non-secure) address? Thx, NSM --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https and mod_rewrite
It turned out to be a slightly corrupted installation of apache. I had compiled mod_rewrite into the apache ssl engine, but then had also loaded the mod_rewrite.so library. Getting rid of the latter fixed the problem Thanks for the help, Jay On Nov 27, 8:13 pm, Samuel DeVore [EMAIL PROTECTED] wrote: On Nov 27, 2007 5:35 PM, jaymon [EMAIL PROTECTED] wrote: Would the port mapping for the allow_override rule always live in the .htaccess file or is possible that it is somewhere else? With my problem it was in the httpd.conf files that the ports and allow override issues were taking place. -- (the old fart) the advice is free, the lack of crankiness will cost you - its a fine line between a real question and an idiot http://blog.samdevore.com/archives/2007/03/05/when-open-source-bugs-me/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https and mod_rewrite
Found a thread similar to your problem: http://www.webhostingtalk.com/archive/index.php/t-373698.html, they mention to run the easyapache or buildapache script... --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTPS
Is the apache DocumentRoot of HTTP the realy the same as for HTTPS? See httpd.conf and the ???ssl???.conf --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTPS
Your question needs a little more information to get any kind of useful answer. Is this css in a separate style sheet, or embedded directly in the view. Did you put the sytel sheet in the webroot/css directory or elsewhere? Are you using a helper? How are you referencing the filename. Etc. etc. On Nov 27, 12:12 am, wowwildcat [EMAIL PROTECTED] wrote: I try to run cake onhttps://localhost/cake/but the css didn't shows up. Any idea? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
https and mod_rewrite
I can't seem to get Cake to work over https. I have my project working fine over http so I know that the code is good. But when I try to run it from my https server it can't find /home (The requested URL / home/ was not found on this server.). Additionally when my server starts up it gives me a warning (Loaded DSO libexec/mod_rewrite.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI)), but php also gives this warning and it seems to be working fine. Any suggestions greatly appreciated, the client is getting hostile :- Jay --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Caching, way to globally disable on HTTPS detect?
Does anyone have a good example or concept of how someone might easily enable/disable caching based on if HTTPS is enabled/disabled? Another option in my mind might be an extension to the Caching mechanism that caches the HTTPS objects seperately from HTTP. The reason I need this is the links/images/includes need to have the properly associated urls. This is harder than normal for me as I use a seperate server instance to handle all of the static content. Thanks, - J -- View this message in context: http://www.nabble.com/Caching%2C-way-to-globally-disable-on-HTTPS-detect--tf4883029.html#a13974891 Sent from the CakePHP mailing list archive at Nabble.com. --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https and mod_rewrite
On Nov 27, 2007 11:45 AM, jaymon [EMAIL PROTECTED] wrote: I can't seem to get Cake to work over https. I have my project working fine over http so I know that the code is good. But when I try to run it from my https server it can't find /home (The requested URL / home/ was not found on this server.). Additionally when my server starts up it gives me a warning (Loaded DSO libexec/mod_rewrite.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI)), but php also gives this warning and it seems to be working fine. Any suggestions greatly appreciated, the client is getting hostile :- Well, sounds like it's really an Apache problem, not a Cake one. Warnings are never good, whether or not it's from Apache or PHP itself. -- Chris Hartjes My motto for 2007: Just build it, damnit! @TheKeyboard - http://www.littlehart.net/atthekeyboard --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https and mod_rewrite
I'vehad that problem when my allow override rule was tied to the port (80) and was not set for the https port (443) it was a funky apache issue for me. I have also had a server where two totally different instances of apache handled http and https and had different configs On Nov 27, 2007 10:05 AM, Chris Hartjes [EMAIL PROTECTED] wrote: On Nov 27, 2007 11:45 AM, jaymon [EMAIL PROTECTED] wrote: I can't seem to get Cake to work over https. I have my project working fine over http so I know that the code is good. But when I try to run it from my https server it can't find /home (The requested URL / home/ was not found on this server.). Additionally when my server starts up it gives me a warning (Loaded DSO libexec/mod_rewrite.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI)), but php also gives this warning and it seems to be working fine. Any suggestions greatly appreciated, the client is getting hostile :- Well, sounds like it's really an Apache problem, not a Cake one. Warnings are never good, whether or not it's from Apache or PHP itself. -- Chris Hartjes My motto for 2007: Just build it, damnit! @TheKeyboard - http://www.littlehart.net/atthekeyboard -- (the old fart) the advice is free, the lack of crankiness will cost you - its a fine line between a real question and an idiot http://blog.samdevore.com/archives/2007/03/05/when-open-source-bugs-me/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https and mod_rewrite
Would the port mapping for the allow_override rule always live in the .htaccess file or is possible that it is somewhere else? On Nov 27, 1:59 pm, Samuel DeVore [EMAIL PROTECTED] wrote: I'vehad that problem when my allow override rule was tied to the port (80) and was not set for thehttpsport (443) it was a funky apache issue for me. I have also had a server where two totally different instances of apache handled http andhttpsand had different configs On Nov 27, 2007 10:05 AM, Chris Hartjes [EMAIL PROTECTED] wrote: On Nov 27, 2007 11:45 AM, jaymon [EMAIL PROTECTED] wrote: I can't seem to get Cake to work overhttps. I have my project working fine over http so I know that the code is good. But when I try to run it from myhttpsserver it can't find /home (The requested URL / home/ was not found on this server.). Additionally when my server starts up it gives me a warning (Loaded DSO libexec/mod_rewrite.so uses plain Apache 1.3 API, this module might crash under EAPI! (please recompile it with -DEAPI)), but php also gives this warning and it seems to be working fine. Any suggestions greatly appreciated, the client is getting hostile :- Well, sounds like it's really an Apache problem, not a Cake one. Warnings are never good, whether or not it's from Apache or PHP itself. -- Chris Hartjes My motto for 2007: Just build it, damnit! @TheKeyboard -http://www.littlehart.net/atthekeyboard -- (the old fart) the advice is free, the lack of crankiness will cost you - its a fine line between a real question and an idiot http://blog.samdevore.com/archives/2007/03/05/when-open-source-bugs-me/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: https and mod_rewrite
On Nov 27, 2007 5:35 PM, jaymon [EMAIL PROTECTED] wrote: Would the port mapping for the allow_override rule always live in the .htaccess file or is possible that it is somewhere else? With my problem it was in the httpd.conf files that the ports and allow override issues were taking place. -- (the old fart) the advice is free, the lack of crankiness will cost you - its a fine line between a real question and an idiot http://blog.samdevore.com/archives/2007/03/05/when-open-source-bugs-me/ --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: HTTPS
I follows the instructions on the manual. Unzipped it and extract it w/ o any changes folder structure. I enabled mod_rewrite too. Then I view it thru browser. Under http it works perfect for the welcome message. I try http://localhost/cake/welcome or http://localhost/cake/index.php/welcome, they work well too. But when I view it using https, the the style of welcome message didn't show. When I try on https://localhost/cake/welcome I get Missing controller error message. It seems like mod_rewrite didn't working in secure connection. Anyone can give me some hint or help here? On Nov 27, 10:53 pm, maschoen [EMAIL PROTECTED] wrote: Your question needs a little more information to get any kind of useful answer. Is this css in a separate style sheet, or embedded directly in the view. Did you put the sytel sheet in the webroot/css directory or elsewhere? Are you using a helper? How are you referencing the filename. Etc. etc. On Nov 27, 12:12 am, wowwildcat [EMAIL PROTECTED] wrote: I try to run cake onhttps://localhost/cake/butthe css didn't shows up. Any idea? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Using redirect on https
My app runs on a server that only runs https no http. When i do a: $this-redirect('controller/action', null, true); The created url is: http://cake.devenvironment.local/controller/action/ The obvious error is that the 's' is missing on the url, what am i doing wrong here? Or what is Cake doing wrong and how can i fix it? I don't wan't to hardcode the path into the redirect since the application is running or different machines all of them https. cheers, safl --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Using redirect on https
I'm sry for spamming the list. The problem had nothing to do with CakePHP but it was a misconfiguration of Apache-SSL. Somehow i was browsing with https url and got the Accept the certificate popup but the actual traffic was http not https... very weird. Anyway some tingling with virtualhost configuration and it now works properly. cheers On Jun 20, 3:26 pm, safl [EMAIL PROTECTED] wrote: My app runs on a server that only runs https no http. When i do a: $this-redirect('controller/action', null, true); The created url is: http://cake.devenvironment.local/controller/action/ The obvious error is that the 's' is missing on the url, what am i doing wrong here? Or what is Cake doing wrong and how can i fix it? I don't wan't to hardcode the path into the redirect since the application is running or different machines all of them https. cheers, safl --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Silly HTTPS quesiton...
2007/4/20, Paul Webster [EMAIL PROTECTED]: Like I said, this may not be the best practice way to do it, but to me it did it good enough given the situation I was addressing. Criticism and feedback most welcome. With that solution, you might experience browser security warnings when posting forms to a URL that's being redirected. Martin -- Martin Schapendonk, [EMAIL PROTECTED] --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Silly HTTPS quesiton...
Most definitely, like I said not the best practice solution - and of course all secure submissions etc should of course be from a secure form which will just naturally posted to the current (HTTPS) path without a redirect. -Original Message- From: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of Martin Schapendonk Sent: Friday, 20 April 2007 10:19 p.m. To: cake-php@googlegroups.com Subject: Re: Silly HTTPS quesiton... 2007/4/20, Paul Webster [EMAIL PROTECTED]: Like I said, this may not be the best practice way to do it, but to me it did it good enough given the situation I was addressing. Criticism and feedback most welcome. With that solution, you might experience browser security warnings when posting forms to a URL that's being redirected. Martin -- Martin Schapendonk, [EMAIL PROTECTED] __ NOD32 2208 (20070421) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Silly HTTPS quesiton...
Upon login, I'd like to send a user to a HTTPS url for a secure connection. All subsequent links around the site need to maintain this. How is this accomplished in cake? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Silly HTTPS quesiton...
I did this some months ago: http://groups.google.com/group/cake-php/browse_thread/thread/f603fbcad492144 f But in your case if you are redirecting them to HTTPS then Cake will keep that since its links do not include http:// portion. -MI --- Remember, smart coders answer ten questions for every question they ask. So be smart, be cool, and share your knowledge. BAKE ON! blog: http://www.MarianoIglesias.com.ar -Mensaje original- De: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] En nombre de [EMAIL PROTECTED] Enviado el: Jueves, 19 de Abril de 2007 08:51 p.m. Para: Cake PHP Asunto: Silly HTTPS quesiton... Upon login, I'd like to send a user to a HTTPS url for a secure connection. All subsequent links around the site need to maintain this. How is this accomplished in cake? --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
RE: Silly HTTPS quesiton...
Jolly Good question that, one I have just these last few weeks had to tackle. I searched around a bit on the subject and came up with a few articles - none of which really did exactly what I wanted, and I figured it just had to be easy than this. So in my webroot htaccess I added the following two lines to do most of the magic for me (this is not complete but these are the lines that do it): RewriteRule ^secure/(.*)$ https://domain.com/$1 [QSA,L] RewriteRule ^ns/(.*)$ http://domain.com/$1 [QSA,L] When I want to go to a secure econnection I call my link http://domain.com/secure/controller/action and I get redirected to the HTTPS connection https://domain.com/controller/action and to get back to HTTP I call https://domain.com/ns/controller/action and I get redirected to the HTTP connection http://domain.com/controller/action then in my controller beforeFilter, actions or in my app_controller I can enforce this by doing: if (!env(HTTPS)) { $this-redirect('secure/controller/action'); } Like I said, this may not be the best practice way to do it, but to me it did it good enough given the situation I was addressing. Criticism and feedback most welcome. Hope its helpful to you. websta* -Original Message- From: cake-php@googlegroups.com [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, 20 April 2007 11:51 a.m. To: Cake PHP Subject: Silly HTTPS quesiton... Upon login, I'd like to send a user to a HTTPS url for a secure connection. All subsequent links around the site need to maintain this. How is this accomplished in cake? __ NOD32 2205 (20070419) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Getting Different Sessions for HTTPS and HTTP
I have a site where some sections are accessed via HTTPS ( login, payments ) while the rest is accesses via HTTP. Currently I have a problem where I get a different session data for each protocol. On my windows development environment everything works fine - when using either HTTPS or HTTP cake retrieves and stores the same session record from the cake_sessions table. However on the production system (linux) I get two session records created in the cake_sessions table - one for HTTP and one for HTTPS. I have updated to the latest cake_1.1.12.1797 and the result is the same Can someone suggest what may be the issue here and how to get just one session for both HTTPS and HTTP protocols. Thanks, Ian --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Getting Different Sessions for HTTPS and HTTP
I found the problem - some of my redirects ended up at domainname.com.au instead of WWW.domainname.com.au - so I ended up with one session for www.dmainname.com.au and another one for domainname.com.au On Apr 19, 11:50 am, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I have a site where some sections are accessed via HTTPS ( login, payments ) while the rest is accesses via HTTP. Currently I have a problem where I get a different session data for each protocol. On my windows development environment everything works fine - when using either HTTPS or HTTP cake retrieves and stores the same session record from the cake_sessions table. However on the production system (linux) I get two session records created in the cake_sessions table - one for HTTP and one for HTTPS. I have updated to the latest cake_1.1.12.1797 and the result is the same Can someone suggest what may be the issue here and how to get just one session for both HTTPS and HTTP protocols. Thanks, Ian --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~--~~~~--~~--~--~---
Re: Login through HTTPS on CakePHP
This is an auto-response so other people can find a possible method to solve this. The idea was to allow certain actions (such as any action within the Account controller) to *only* be accessed through SSL. First of all, I wanted to have an array of all actions that should only be accessed through HTTPS. So in boostrap.php I added: $GLOBALS['AppConfig'] = array( 'SSLActions' = array ( 'account/*' ) ); This means that any action within the account controler must be accessed through SSL. Then, I had to extend the Html helper. Now, I didn't want to make a copy of this helper and then modify, but I wanted to inherit from it and create my own html helper, so in the future new things could be added and if ever the html helper gets improved i wouldn't be loosing those improvements. So I created a new helper called SyHtml, with this code: require_once(CAKE_CORE_INCLUDE_PATH . DS . 'cake' . DS . 'libs' . DS . 'view' . DS . 'helpers' . DS . 'html.php'); class SyhtmlHelper extends HtmlHelper { function url($url = null, $return = false) { if (isset($GLOBALS['AppConfig']) isset($GLOBALS['AppConfig']['SSLActions']) isset($url) trim($url) != '') { $current_url = ($url{0} == '/' ? substr($url, 1): $url); $current_url_is_ssl = false; foreach($GLOBALS['AppConfig']['SSLActions'] as $current_ssl_action) { if (strpos($current_ssl_action, '*') !== false) { $current_pattern = $current_ssl_action; $current_pattern = str_replace('/', '\\/', $current_pattern); $current_pattern = str_replace('*', '(.*)', $current_pattern); $current_url_is_ssl = preg_match('/' . $current_pattern . '/i', $current_url); } else if (strcasecmp($current_ssl_action, $current_url) == 0) { $current_url_is_ssl = true; } if ($current_url_is_ssl) { break; } } if (($current_url_is_ssl !$this-_in_ssl()) || (!$current_url_is_ssl $this-_in_ssl())) { $url = parent::url($url, true); $url = ($url{0} == '/' ? substr($url, 1): $url); $current_base_url = ($current_url_is_ssl ? 'https://' : 'http://'); $current_base_url .= $_SERVER['SERVER_NAME']; $current_base_url .= (!$this-_in_ssl() $_SERVER['SERVER_PORT'] != 80 ? ':' . $_SERVER['SERVER_PORT']: ''); $url = $current_base_url . '/' . $url; return $this-output($url, $return); } } return parent::url($url, $return); } function _in_ssl() { return (isset($_SERVER['HTTPS']) strcasecmp($_SERVER['HTTPS'], 'on') == 0 ? true : false); } } Since I'm extending the url() method, any other html helper function that uses this method will be using our version (as long as we used the SyHtml helper). For example, on layout.thtml I have the following: ?php echo $syhtml-link('Login', '/account/login', array('class' = 'login')); ? ?php echo $syhtml-link('Forgot', '/account/forgot'); ? Our helper will see that these two links should be linked to their HTTPS version. Finally, on the AppController class I add the following code to the beforeRender() method: if (isset($GLOBALS['AppConfig']) isset($GLOBALS['AppConfig']['SSLActions'])) { $current_url = ($this-here{0} == '/' ? substr($this-here, 1): $this-here); $current_url_is_ssl = false; foreach($GLOBALS['AppConfig']['SSLActions'] as $current_ssl_action) { if (strpos($current_ssl_action, '*') !== false) { $current_pattern = $current_ssl_action; $current_pattern = str_replace('/', '\\/', $current_pattern); $current_pattern = str_replace('*', '(.*)', $current_pattern); $current_url_is_ssl = preg_match('/' . $current_pattern . '/i', $current_url); } else if (strcasecmp($current_ssl_action, $current_url) == 0) { $current_url_is_ssl = true; } if ($current_url_is_ssl
Login through HTTPS on CakePHP
Hi fellow bakers, I have an element where I have the following($layout_texts reffers to an array of text elements, such as $layout_texts['top.menu.user'] = 'User', obtained through PEAR Translation2 package): ?php echo $html-formTag('/account/login'); ??php echo $layout_texts['top.menu.user']; ?:?php echo $html-input('account/user', array('size' = '10')); ??php echo $layout_texts['top.menu.password']; ?:?php echo $html-password('account/password', array('size' = '10')); ??php echo $html-input('account/submit', array('type' = 'image', 'class' = 'button', 'src' = $this-webroot . 'img/icons/login.jpg')); ?/form?php echo $html-link($layout_texts['top.menu.forgot'], '/account/forgot'); ? My first question could be a little off-topic, and if that's the case I apologyze: if the user is viewing this form through a standard HTTP connection, but the action of the login form reffers to a HTTPS page, am I then following HTTPS authentication security protocol? Or should I display the login form *only* from a HTTPS page? The other question is: is there a standard procedure to change the protocol for a $html-link or $html-formTag page? I could just extend the html helper and allow another parameter that would allow me to change protocols, such as: ?php echo $html-formTag('/account/login', 'https'); ? But I was wondering if this functionality is not already in place. P.S: I've read somewhere on a Simphony-CakePHP comparison that Simphony had better documentation. Eventhough CakePHP does lack some documentation I believe that CakePHP's google group makes up for it BIG TIME. Bake on! -MI --~--~-~--~~~---~--~~ You received this message because you are subscribed to the Google Groups Cake PHP group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~--~~~~--~~--~--~--- -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.408 / Virus Database: 268.13.11/492 - Release Date: 10/23/2006