OJS OCS OMP OHS

You are viewing the PKP Support Forum | PKP Home Wiki



Secured connection after login

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

Secured connection after login

Postby piotreba » Fri Sep 27, 2013 2:20 am

Hello,


is there any way to configure ojs to use ssl not just on the login page or site-wide, but to use secured connection after logging into the system (and of course on the login page itself too)?



Thanks,
Peter
piotreba
 
Posts: 157
Joined: Mon Dec 13, 2010 3:29 pm

Re: Secured connection after login

Postby piotreba » Mon Sep 30, 2013 1:25 am

Ok, I did it solely via .htaccess. Maybe it'll be helpful for someone (here the code include situation, when multiple journals are set up on the OJS):

Code: Select all
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/journals/index.php/(.*)/(login|user)(.*)$
RewriteRule ^(.*)$ https://some_domain.com/$1 [R,L]


RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/journals/index.php/(.*)/(login|user)(.*)$
RewriteRule ^(.*)$ http://some_domain.com/$1 [R,L]



Anyway, I noticed that when using SSL TinyMCE doesnot show, additionally clicking on small envelopes next to author names results in empty receiver fields (no email addresses put). Any idea why? I have changed the above code a little, so that instead of 'user' there is 'user/register|user/profile' to secure password register/update.



Peter
piotreba
 
Posts: 157
Joined: Mon Dec 13, 2010 3:29 pm

Re: Secured connection after login

Postby asmecher » Mon Sep 30, 2013 8:54 am

Hi Peter,

There is a TinyMCE cache file in cache/ (it has a .gz suffix) that might be causing the TinyMCE issue; I believe it contains URLs in it. Try flushing the cache and see if that affects things. As for the author email form, I'm not sure how that would be caused by these rules; the URL itself should contain the recipient address as a URL parameter. The form should just bounce that value back to the browser.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 9210
Joined: Wed Aug 10, 2005 12:56 pm

Re: Secured connection after login

Postby piotreba » Tue Oct 01, 2013 8:17 am

No luck. What is more, securing ojs with ssl in this way results with errors when trying to edit user profile and saving updated. The forms get empty and wouldn't process.

Code: Select all
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} ^/journals/index.php/(.*)/(login|user/register|user/profile)(.*)$
RewriteRule ^(.*)$ https://some_domain.com/$1 [R,L]

RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !^/journals/index.php/(.*)/(login|user/register|user/profile)(.*)$
RewriteRule ^(.*)$ http://some_domain.com/$1 [R,L]
piotreba
 
Posts: 157
Joined: Mon Dec 13, 2010 3:29 pm

Re: Secured connection after login

Postby asmecher » Tue Oct 01, 2013 9:26 am

Hi Peter,

I'd suggest modifying OJS temporarily to dump $_POST and $_GET -- that way you'll be able to see whether somehow your rewrite configuration is affecting these, or whether OJS is getting confused internally. The email icon problem you were having before uses GET parameters; the profile form save uses POST.

Regards,
Alec Smecher
Public Knowledge Project Team
asmecher
 
Posts: 9210
Joined: Wed Aug 10, 2005 12:56 pm


Return to OJS Technical Support

Who is online

Users browsing this forum: Bing [Bot] and 3 guests