https login on drupal 5

By bozo-1 on 21 Jan 2007 at 21:14 UTC

Has anybody found a way to force login to occur through https on Drupal 5.x?

I used to do it with an apache redirect in 4.7, but this solution no longer works. I've also tried setting the site's base URL to "https://mysite", but the login/password is transferred in clear text before the redirection to https.

Any input would be appreciated!

Comments

Simple Module or redirect

mlhess commented 22 January 2007 at 02:19

You could do this with either a simple module or 2 virt hosts in apache.

With the 2 virt hosts, you have one that has a single file that redirects to the secure site and then the secure site.

Thanks for the input. As far

bozo-1 commented 22 January 2007 at 13:14

Thanks for the input.

As far as the 2 virtual hosts are concerned, I'd rather not force SSL on everyone who visits the site, only for user connections.

As for a simple module ... meh. I guess I could learn how to make a basic drupal module easily enough, but I have no idea how the authentication system actually works, and a brief look at the user.module file hasn't really enlightened me :-)

Did it.

bozo-1 commented 26 January 2007 at 23:07

Well, I finally got around learning the basics of Drupal module coding. The most basic basics, but that's not the point :-)

I wanted to create a separate module, but I had no idea how to hook back into user.module's login function, so I simply patched user.module to add a "Secure Login" settings entry. It's only a checkbox to activate the redirection, and a text field to enter the site's HTTPS base URL.

It's a quick and dirty solution, but for now, it suits my needs.

Until I can clean it up and submit it, the patch is available here.