Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.If you have secure pages enabled on a server with SSL set properly and then move the site to a non-ssl enabled server or for some reason your ssl fails or is disabled and you have the admin pages set to use SSL, you can loss the ability to access your site and/or disable securepages until you manually edit the database or remove the securepages module. Attached is a patch that will cause secure pages to not redirect to a secure page if the server doesn't support it. It also has one other change, if you have secure pages enabled, but the server doesn't support secure pages, it will allow you to disable it instead of having the option grayed out.
I was worried about having users get to a non-secure page when maybe if SSL is not available should not see an unsecure version of the page. I made it so administrators can see the pages properly and get a warning, where as non-admin users will get an access denied page with an error message explaining the problem.
I had another developer at work look over this patch so it is somewhat tested already
| Comment | File | Size | Author |
|---|---|---|---|
| securepages-5.x-1.x-dev-secure_pages_enabled_fix.patch | 1.79 KB | smccabe |
Comments
Comment #1
sterg17 commentedIm having this problem with Drupal 6x.
Would the patch work for 6x? How do people recommend this issue be fixed?
I test on my localhost - but I cant access the admin functions since they point to HTTPS.
Please help.
Comment #2
smccabe commentedI'm not sure about Drupal 6, i never tested against it, but you can disable the module through the database by just turning the module off. Something like "update system set status=0 where name='securepages';" that will at least let you access your site. If i get time ill make a patch for 6.x as well, plus i have a few updates I made to the current patch I'll put up when i get a chance.
Comment #3
redsatboy commentedIf you are using Secure pages you MAY also be using Secure Pages Hijack Prevention. If you are the updating the db as per smccabe (post 2) you may break the site (WSOD) - even updating the status back to 1 did not fix it..
A better approach would be to use drush (http://drupal.org/project/drush)..running "drush dis securepages" it checks the dependencies and disables the associated mods.
..fixed my site :-)
Comment #4
Rob B commentedI couldn't use Drush because the server was running an earlier version of PHP, however I got around the Secure Pages Hijack Prevention by running "update system set status=0 where name='securepages_prevent_hijack';", along with the code in post 2. Worked a treat.
Comment #6
grendzy commented#2 is correct, you can disable the module via SQL, or use drush. Another option is to add the following to your settings.php:
$conf['securepages_enable'] = FALSE;