[solved] Still can't figure out chronoforms + ssl

jimmyt 23 Sep, 2010
Hi,
I've read several posts on here about https + chronoforms, and I still can't get it to work just right. I'm using Joomla 1.5.15.
I've set live_site to "". I've set the menu for the chronoforms to force SSL.

Issue #1: Forcing HTTPS.

I've pasted the snippet:

<?
$application =& JFactory::getApplication();
$uri =& JFactory::getURI();

if ($uri->getScheme() != "https") {
$uri->setScheme('https');
$application->redirect($uri->toString());
}
?>

At the top of the form. (Please note that I've had to change JFactory::getURL() to JFactory::getURI()). There is some weird stuff happening there. Is the php code supposed to disappear from the html after submitting it? i.e., when I go back to see the form's html code, the php is no longer there - but the rest of the html remains. If I put just text, like 'test', then it remains there. After inserting the php code in the form html, the *administrator* session (previously using http) starts using https, but it has no effect on the form itself (I can still access it with http, if I type it in manually). It's as if the php gets evaluated right away, and is discarded. Am I suppose to escape it in some way?


Issue #2: IE security warning

When I do access the form through the menu and it is a secure connection, IE issues the annoying Security Warning Do you want to view only the webpage content that was delivered securely? . Looking at Google Chrome's warnings, the following warnings are shown when accessing the chronoform with https:

The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/themes/default/css/style1.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/css/calendar2.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/css/tooltip.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/calendar2.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/livevalidation_standalone.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/css/consolidated_common.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/customclasses.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/jsvalidation2.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/themes/default/css/style1.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/css/calendar2.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/css/tooltip.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/calendar2.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/livevalidation_standalone.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] displayed insecure content from http://www.[web site].com/components/com_chronocontact/css/consolidated_common.css.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/customclasses.js.
The page at https://www.[web site].com/component/chronocontact/?chronoformname=[form name] ran insecure content from http://www.[web site].com/components/com_chronocontact/js/jsvalidation2.js.

Like I said, there is no live_site directive, so I'm not sure what's wrong... Do I need to modify some chronoform code? All chronoforms on our site need to use https, so I could do that... I just don't know what/where🙂

Thanks for the help!
GreyHead 25 Sep, 2010
Hi jtalbot,

Fredrik knows much more about this than I do. My understanding from the code is that ChronoForms will pick up the prefix from the calling URL and use that for all the file loads.

I think that your forcing code should work - you my need to add this line at the beginning to get round a ChronoForms quirk and let it save correctly.
<?php
if ( !$mainframe->isSite() ) { return; }
. . .


Bob
jimmyt 25 Sep, 2010
Ah, thanks GreyHead, this did the trick for forcing https:

<?php
if ( !$mainframe->isSite() ) { return; }
$application =& JFactory::getApplication();
$uri =& JFactory::getURI();

if ($uri->getScheme() != "https") {
$uri->setScheme('https');
$application->redirect($uri->toString());
}
?>

After adding that line at the top the php code now saves properly, and the form properly redirects to https if the user manually enters http.

Now there is just the one issue about some resources not coming down with https, causing IE to show that warning, and causing Chrome/Firefox to show a lock icon with a warning. The plain joomla pages are coming down without warning when addressed with https; it just seems to be chronoforms that insists on pulling the resources above with http instead of https...

Thanks!
GreyHead 25 Sep, 2010
Hi jtalbot,

ChronoForms uses the Joomla! JURI::base() function to get the current URL for the downloadable files
$CF_PATH = ($mainframe->isSite()) ? JURI::Base() : $mainframe->getSiteURL();
That ought to pick up the correct prefix.

You might add some debug code in chronocontact.html.php to see exactly what is happening. This code is around line 25.

Bob
jimmyt 25 Sep, 2010
Ha! Turns out it was that darn $live_site variable after all.

I had set live_site to blank, but somehow JURI::Base() was still returning http:// when the URL was https:// . I had to stop the web server (IIS) and re-start it again.

But wait, it still wasn't working! I had to clear my browser cache.

But wait, it still wasn't working! I had to shut down the browser and restart it.

And then, finally, it worked. <sigh>
This topic is locked and no more replies can be posted.