Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+6 votes
1.0k views
in Q2A Core by

I've seen this question in old posts but it never seems to get answered in full. I'd like to force https connections for login page and register but plain http for everything else. Gidgreen suggested the following which forces https correctly but the rest of the site is then accessed over https instead of http. I've also tried doing it in .htaccess but I keep introducing loops.

Any help would be appreciated.

 

function doctype() 

  if ( 
    ( ($this->template=='login') || ($this->template=='register') ) && 
    (!qa_is_http_post()) && 
    (!qa_is_https_probably()) 
  ) { 
    // your code to redirect to https page... 
    exit; 
  }

  qa_html_theme_base::doctype(); 
}

Q2A version: 1.6.3
by
Why not just have the whole site HTTPS?
by
Scott, that's a good point and is an option. I'm not sure how much that would affect page load times for uneccessary https pages. I'm sure with modern processors it wouldn't make a lot of difference but not sure how it would affect hosted web server if I get a lot of concurrent connections.

1 Answer

+1 vote
by

I face the same problem, and to avoid that, I wrote a small plugin to override a function and redirect to https or http. Basically, it will check: 

  • if the page need to use https and is using http: redirect to https
  • if the page need to use http and is using https: redirect to http
  • otherwise, continue

Note: You must enable both http and https for your website.

function qa_get_request_content()
{
//    echo "Test call";
    $forced_https_pages = array('login', 'register', 'user', 'admin');
    $is_forced_https = in_array(qa_request_part(0), $forced_https_pages) ? true : false;
    if ($is_forced_https && !qa_is_https_probably()) {
        header('Location: ' . "https://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
        die();
    } else if (!$is_forced_https && qa_is_https_probably()) {
        header('Location: ' . "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
        die();
    } else {
        return qa_get_request_content_base();
    }
}

There are 2 problems:

  1. If user login by the login form (http page) then it will redirect to Login page (https page) instead of login immidiately.
  2. I'm not sure qa_get_request_content is the right function to redirect.
...