Announcement

Collapse
No announcement yet.

BUG: HTTPS mixed content (AdminCP)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • [Forum] BUG: HTTPS mixed content (AdminCP)

    When enabling https on vBulletin 4, the AdminCP won't show as secure, because there's mixed content.

    First off, this issue is deeper than mixed content. The php form mentioned below doesn't even work since php.net doesn't allow loading via iFrame.

    So 3 things need to be done:
    • Use secure.php.net for php.net form
    • Use relative paths for php.net and mysql.com forms
    • Open each in new tab
    Fix: in admincp/index.php

    Change:
    PHP Code:
        <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline"
    To:
    PHP Code:
        <form action="//secure.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline" target="_blank"
    Change:
    PHP Code:
        <form action="http://www.mysql.com/search/" method="get" style="display:inline"
    To:
    PHP Code:
        <form action="//www.mysql.com/search/" method="get" style="display:inline" target="_blank"


    That will get rid of the mixed content issue and make the AdminCP display the green padlock as fully secure
    http://modernvb.com - Professional vBulletin services, vBulletin mods and vBulletin designs.

  • #2
    Thanks!
    Works fine in vBulletin v3.8.10 as well
    The change applies to both admincp and modcp
    Julio Franco
    TechSpot.com

    Comment


    • #3
      I haven't edited admincp/index.php at all but my AdminCP shows as secure.

      I ran my sites, including forums, through one or both of these checkers:

      Why No Padlock? - Why is my SSL web page insecure? Find the culprit!

      SSL-check: crawl your HTTPS website and find unsecure content

      Then, if memory serves, I changed a couple of links in some templates from http:// to either https:// or just // and that was all that I needed to do.

      For the forums themselves, I used this plugin for images: Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution - vBulletin.org Forum
      Last edited by djbaxter; Mon 4th Sep '17, 1:23pm.
      Psychlinks Mental Health Support Forum
      Local Search Forum

      Comment


      • #4
        I tried this exactly as you said but it did nothing but revert my board back to HTTP??
        can you tell me why this may be?
        ive changed it to https:// in my admin control panel.

        i'm running version 4.2.0

        heres how the code looks (and yes I know this is the code that needs to be replaced, im just showing how it looklooked before I changed it to what you posted, it didnt work and I changed it back to whats below)
        --------------------------------------------



        print_label_row($vbphrase['php_function_lookup'], '

        <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline">
        <input type="text" class="bginput" name="function" size="30" tabindex="1" />
        <input type="submit" value=" ' . $vbphrase['find'] . ' " class="button" tabindex="1" />
        </form>
        ', '', 'top', NULL, false
        );
        print_label_row($vbphrase['mysql_language_lookup'], '
        <form action="http://www.mysql.com/search/" method="get" style="display:inline">

        <input type="hidden" name="doc" value="1" />
        <input type="hidden" name="m" value="o" />
        <input type="text" class="bginput" name="q" size="30" tabindex="1" />
        <input type="submit" value=" ' . $vbphrase['find'] . ' " class="button" tabindex="1" />
        </form>
        ', '', 'top', NULL, false



        Originally posted by gio~logist View Post
        When enabling https on vBulletin 4, the AdminCP won't show as secure, because there's mixed content.

        First off, this issue is deeper than mixed content. The php form mentioned below doesn't even work since php.net doesn't allow loading via iFrame.

        So 3 things need to be done:
        • Use secure.php.net for php.net form
        • Use relative paths for php.net and mysql.com forms
        • Open each in new tab


        Fix: in admincp/index.php

        Change:
        PHP Code:
         <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline"
        To:
        PHP Code:
         <form action="//secure.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline" target="_blank"
        Change:
        PHP Code:
         <form action="http://www.mysql.com/search/" method="get" style="display:inline"
        To:
        PHP Code:
         <form action="//www.mysql.com/search/" method="get" style="display:inline" target="_blank"


        That will get rid of the mixed content issue and make the AdminCP display the green padlock as fully secure
        Last edited by blackdream71; Mon 11th Sep '17, 12:17am.

        Comment


        • #5
          Can't really provide any support for those changes other than to say that they do work, so I suspect you've made a mistake editing the code somewhere.

          The code was changed in 4.2.5 so the issue doesn't occur there, but you will need to upgrade php to 5.6 to run 4.2.5.
          MARK.B | vBULLETIN SUPPORT

          TalkNewsUK - My vBulletin 5.5.2 Demo
          AdminAmmo - My Cloud Demo

          Comment


          • #6
            Hey Mark,

            I dont think so? I just copy and pasted the new code into the old code area?

            thanks.



            Originally posted by Mark.B View Post
            Can't really provide any support for those changes other than to say that they do work, so I suspect you've made a mistake editing the code somewhere.

            The code was changed in 4.2.5 so the issue doesn't occur there, but you will need to upgrade php to 5.6 to run 4.2.5.

            Comment

            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
            Working...
            X