BUG: HTTPS mixed content (AdminCP)

**TS | Julio** · Mon 4 Sep '17, 10:00am

Thanks!
Works fine in vBulletin v3.8.10 as well

The change applies to both admincp and modcp

**djbaxter** · Mon 4 Sep '17, 1:15pm

I haven't edited admincp/index.php at all but my AdminCP shows as secure.

I ran my sites, including forums, through one or both of these checkers:

Why No Padlock? - Why is my SSL web page insecure? Find the culprit!

SSL-check: crawl your HTTPS website and find unsecure content

Then, if memory serves, I changed a couple of links in some templates from http:// to either https:// or just // and that was all that I needed to do.

For the forums themselves, I used this plugin for images: Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution - vBulletin.org Forum

**blackdream71** · Sun 10 Sep '17, 11:46pm

I tried this exactly as you said but it did nothing but revert my board back to HTTP??
can you tell me why this may be?
ive changed it to https:// in my admin control panel.

i'm running version 4.2.0

heres how the code looks (and yes I know this is the code that needs to be replaced, im just showing how it looklooked before I changed it to what you posted, it didnt work and I changed it back to whats below)
--------------------------------------------

print_label_row($vbphrase['php_function_lookup'], '

<form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline">
<input type="text" class="bginput" name="function" size="30" tabindex="1" />
<input type="submit" value=" ' . $vbphrase['find'] . ' " class="button" tabindex="1" />
</form>
', '', 'top', NULL, false
);
print_label_row($vbphrase['mysql_language_lookup'], '
<form action="http://www.mysql.com/search/" method="get" style="display:inline">

<input type="hidden" name="doc" value="1" />
<input type="hidden" name="m" value="o" />
<input type="text" class="bginput" name="q" size="30" tabindex="1" />
<input type="submit" value=" ' . $vbphrase['find'] . ' " class="button" tabindex="1" />
</form>
', '', 'top', NULL, false

Originally posted by gio~logist

When enabling https on vBulletin 4, the AdminCP won't show as secure, because there's mixed content.

First off, this issue is deeper than mixed content. The php form mentioned below doesn't even work since php.net doesn't allow loading via iFrame.

So 3 things need to be done:

Use secure.php.net for php.net form
Use relative paths for php.net and mysql.com forms
Open each in new tab

Fix: in admincp/index.php

Change:

PHP Code:


 <form action="http://www.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline">

To:

PHP Code:


 <form action="//secure.ph' . 'p.net/manual-lookup.ph' . 'p" method="get" style="display:inline" target="_blank">

Change:

PHP Code:


 <form action="http://www.mysql.com/search/" method="get" style="display:inline">

To:

PHP Code:


 <form action="//www.mysql.com/search/" method="get" style="display:inline" target="_blank">

That will get rid of the mixed content issue and make the AdminCP display the green padlock as fully secure

**Mark.B** · Mon 11 Sep '17, 5:01am

Can't really provide any support for those changes other than to say that they do work, so I suspect you've made a mistake editing the code somewhere.

The code was changed in 4.2.5 so the issue doesn't occur there, but you will need to upgrade php to 5.6 to run 4.2.5.

**blackdream71** · Mon 11 Sep '17, 8:47am

Hey Mark,

I dont think so? I just copy and pasted the new code into the old code area?

thanks.

Originally posted by Mark.B

Can't really provide any support for those changes other than to say that they do work, so I suspect you've made a mistake editing the code somewhere.

The code was changed in 4.2.5 so the issue doesn't occur there, but you will need to upgrade php to 5.6 to run 4.2.5.

vBulletin 4 End of Life

BUG: HTTPS mixed content (AdminCP)

[Forum] BUG: HTTPS mixed content (AdminCP)

Comment

Comment

Comment

Comment

Comment