Secure Login

[Pokun]

If you log in to the forum using HTTPS the theme graphics and images disappears, and if you don't you will get a warning that the connection isn't secure for sending passwords.

Is this something that is looked into? People trying to register to the forum have said that they couldn't register to the forum because the theme graphics are missing.

[ClodBuster]

I think this is something that SHOULD be looked into.

[Necromancer]

I can't do anything about missing theme graphics.  That's something Nightwolve or Aaron would have to handle.

I never use a secure connection, but maybe I should?  Other than the missing graphics looking goofy and making some buttons invisible, the site still seems to be fully functional under https; I tested logging in, reading a few threads (responding in this one), and creating a new test account successfully.

[NightWolve]

Thanks, looks like it was Apache .htaccess code to prevent hotlinking by other sites if the referrer domain is not pcenginefx.com, but the "http:" condition didn't allow for "https:". I also had to remove any hardcoded "https://www.pcenginefx.com" references in the forum settings.

Old:

Code: [Select]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com/.*$      [NC]
RewriteCond %{HTTP_REFERER} !^https://www.pcenginefx.com$      [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ - [F,NC]

New/Correct:

Code: [Select]

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?pcenginefx.com [NC]
RewriteRule \.(gif|jpg|jpeg|png|js|css)$ - [F]

I'm updating all my bookmarks to "https:" as I'd rather my connection be encrypted upon login when the cookie password info is used to restore a session.