Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Possible bug in form_open and https
Possible bug in form_open and https
  • El Forum
    Guest
  •  
#1
03-17-2011, 04:02 AM

[eluser]Nairobi[/eluser]
Hi all,

Posting here after searching around for a solution - none found, so figured it's easier to put the question to the masses. Using CodeIgniter 2.0 (tip, not reactor 2.0.0)

I have two subdomains (www. and test.), and both are in discreet and separated html folders on the server, and are virtually the same codebase - test is used to fix and test things before migrating the fixes to www. Also, www. is the SSL host in Apache.

I'm having a problem shifting between Http: and Https: on some URLs, and I'm not sure where things are messing up.

The problem is that I'm testing various methods to shift some controllers to https (login, member account info, etc) and some to http. There seems to be a conflict in the system where I'm observing and replicating the following behavior.

- www. subdomain config uses www.domain.com as the base url
- test. subdomain config uses test.domain.com as the base url

If I keep everything http:// then there are no problems, but when I use https, there are problems as follows:
- form_open(), regardless of which domain, echoes http://www.domain.com/ (ie, https in test.domain.com has forms that point to http://www.domain.com). This presents 2 issues
-- is there no way to toggle forms to use https:// (???)
-- test.domain.com should not be replaced by www.domain.com, but that is happening
- redirection attempts using .htaccess or force_ssl helpers let me go from http->https, but I can't seem to get the redirection going the other way (minor, actually, as I can keep the whole site https)

I have tried a variety of approaches, including setting https://test.domain.com as the base_url in config.php, however, there is no change in behavior or form_open output.

The combination prevents me from logging in (https->http, CSRF mismatch, etc) and from using the form_open()... Although I could probably manually set each form handler on the site (violates DRY and messes up future change simplicty for migration), is this a normal CI 2.0 experience, or is this fixed in a newer version?

Am I missing something here???
  • El Forum
    Guest
  •  
#2
03-17-2011, 05:35 AM

[eluser]InsiteFX[/eluser]
Read this Article!

InsiteFX
  • El Forum
    Guest
  •  
#3
03-17-2011, 06:09 AM

[eluser]Nairobi[/eluser]
Hi InsiteFX,

Actually, I did. I tried the .htaccess rewrites, and it works for some reason going to https but not the other way around. I tried alternative syntax on the .htaccess portions, again, with no success. The force_ssl helper function didn't work it either. Will give it another go, just because I want to get this resolved. Are those solutions for 1.7.x and does that work seamlessly for 2.0+

The block to logging in, I think, is that form_open pushes out http://www.domain.com/auth/login and not https://www.domain.com. This isn't addressed at all by the link, however.

That said, it also doesn't address why, when I am in test.domain.com, is it pointing to the www.domain.com config file, and not the values in the test.domain.com config file, which is a completely separate application in a discreet webspace? I'm guessing that may be in part PHP & SSL with global values, but the link you posted doesn't address that issue either.

Will give it a try just now...
  • El Forum
    Guest
  •  
#4
03-17-2011, 06:34 AM

[eluser]InsiteFX[/eluser]
Did you try this?
Code:
$this->config->set_item('base_url', 'https//your_path');

You would need to toggle it back.

InsiteFX
  • El Forum
    Guest
  •  
#5
03-17-2011, 06:50 AM

[eluser]Nairobi[/eluser]
Thanks InsiteFX,

I did indeed try that, and have reverted it. My config has both of these set.
Code:
$config['base_url'] = 'http://test.domain.com/';
$config['secure_base_url'] = 'https://test.domain.com/';

Even if I try using something like the line below, the form is echoed using http://www.domain.com
Code:
echo form_open($this->config->item('secure_base_url') . 'auth/login', $data);

I'm half torn - part of my intuition says it's an Apache issue (and there may be a contribution there), but part of me says that CI should be able to stay with the config parameters and not be over-ridden by any system variables when a well-formed config file exists.

I've grepped the test.domain.com folder for instances of 'www.domain.com' and it's only in php doc notations or other places where it's hard coded (not the links I'm testing on), so for some reason, it appears that the test subdomain CI instance is getting "polluted" when using https.

Any ideas on places to look???
  • El Forum
    Guest
  •  
#6
03-17-2011, 06:58 AM

[eluser]InsiteFX[/eluser]
If you look in system/core/config.php library, all of this is being set in the constructor.

InsiteFX




Theme © iAndrew 2016 - Forum software by © MyBB