OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki

PKP Support

Support forums for the Public Knowledge Project

Skip to content


Software Hosting and Development Services available at PKP Publishing Services

As the developers of Open Journal Systems, Open Conference Systems, Open Harvester Systems, and Open Monograph Press, the PKP team are experts in helping journal managers and conference organizers make the most of their online publishing projects. PKP Publishing Services offers support for:

As a customer of PKP Publishing Services, you will not only receive direct, personalized support from the PKP Development Team, but will be contributing to the ongoing development of the PKP applications. All funds raised by PKP Publishing Services go directly toward enhancing our free, open source software. For more information, please contact us.

Patch: support force_login_ssl properly

OCS development discussion, enhancement requests, third-party patches and plug-ins.

Moderators: jmacgreg, michael

Forum rules
Developer Resources:

Documentation: The OJS Technical Reference and the OJS API Reference are both available from the OJS Documentation page. While these are OJS-specific, the OCS codebase is similar enough to OJS they should be of help. There is also an [url=http://pkp.sfu.ca/ocs_documentation[/url]OCS Documentation[/url] page with some more general documentation that might also be of interest.

Git: You can access our public Git Repository here. Comprehensive Git usage instructions are available on the wiki.

Bugzilla: You can access our Bugzilla report tracker here.

Search: You can use our Google Custom Search to search across our main website, the support forum, and Bugzilla.

Questions and discussion are welcome, but if you have a workflow or usability question you should probably post to the OCS Conference Support and Discussion subforum; if you have a technical support question, try the OCS Technical Support subforum.
Post a reply

Patch: support force_login_ssl properly

Postby derekp » Wed Mar 19, 2008 3:33 pm

This patch fixes the Request::url(...) function to generate HTTPS URLs where required. Without this patch, resources (the login controller in particular) are not adequately protected by SSL. With force_login_ssl=On in config.inc.php, users would transmit their credentials over plaintext HTTP before being redirected to HTTPS.

This is not an elegant patch, since it hard-codes special cases into a generic function, but it is an effective solution.

Code: Select all
--- ocs-2.0.0-1/classes/core/Request.inc.php.forcessl   2007-04-10 13:45:06.000000000 -0700
+++ ocs-2.0.0-1/classes/core/Request.inc.php    2008-03-18 11:48:55.793930000 -0700
@@ -715,5 +715,10 @@
                }

-               return ((empty($overriddenBaseUrl)?Request::getIndexUrl():$overriddenBaseUrl) . $baseParams . $pathString . $additionalParams . $anchor);
+               $url = ((empty($overriddenBaseUrl)?Request::getIndexUrl():$overriddenBaseUrl) . $baseParams . $pathString . $additionalParams . $anchor);
+               if ( ($page == 'login' && $op == 'signIn' && Config::getVar('security', 'force_login_ssl')) ||
+                    Config::getVar('security', 'force_ssl') ) {
+                       $url = preg_replace('/^http:/', 'https:', $url);
+               }
+               return $url;
        }
 }
derekp
 
Posts: 16
Joined: Wed Oct 10, 2007 12:45 am
Location: University of British Columbia
Top
Post a reply

Return to OCS Development

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group