Secure pages enabled and https turned off error
| Project: | Secure Pages |
| Version: | 5.x-1.6 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Jump to:
If you have secure pages enabled on a server with SSL set properly and then move the site to a non-ssl enabled server or for some reason your ssl fails or is disabled and you have the admin pages set to use SSL, you can loss the ability to access your site and/or disable securepages until you manually edit the database or remove the securepages module. Attached is a patch that will cause secure pages to not redirect to a secure page if the server doesn't support it. It also has one other change, if you have secure pages enabled, but the server doesn't support secure pages, it will allow you to disable it instead of having the option grayed out.
I was worried about having users get to a non-secure page when maybe if SSL is not available should not see an unsecure version of the page. I made it so administrators can see the pages properly and get a warning, where as non-admin users will get an access denied page with an error message explaining the problem.
I had another developer at work look over this patch so it is somewhat tested already
| Attachment | Size |
|---|---|
| securepages-5.x-1.x-dev-secure_pages_enabled_fix.patch | 1.79 KB |
#1
Im having this problem with Drupal 6x.
Would the patch work for 6x? How do people recommend this issue be fixed?
I test on my localhost - but I cant access the admin functions since they point to HTTPS.
Please help.
#2
I'm not sure about Drupal 6, i never tested against it, but you can disable the module through the database by just turning the module off. Something like "update system set status=0 where name='securepages';" that will at least let you access your site. If i get time ill make a patch for 6.x as well, plus i have a few updates I made to the current patch I'll put up when i get a chance.