SSL set by default on all admin pages

[mtrat]

Dear all, I've just installed civicrm on joomla 1.5 running on IIS 6.0. From within the admin, I can click on the 'category' links, i.e. manage groups, civicontribute, civievents etc, however anything under this level has an https:// address and leads to a page error since my server is not set up for SSL.

I managed to browse to the resource URLs page by retyping the address manually each time, (from https to http) , and the 'Force Secure URLs' setting is set to No. I'm a newbie at this, but would very much appreciate your help if any of you have experienced and/or got around this problem.

[Donald Lobo]

This is a bug with CiviCRM on IIS and will be fixed in the next 1.8 release (in the next week or so). Here is the diff if you'd like to apply it manually:

If the below format does not make any sense, please wait for the next release

lobo

Index: CRM/Core/Config.php
===================================================================
--- CRM/Core/Config.php   (revision 11200)
+++ CRM/Core/Config.php   (working copy)
@@ -596,7 +596,8 @@
 
         if ( defined( 'CIVICRM_UF_BASEURL' ) ) {
             $this->userFrameworkBaseURL = self::addTrailingSlash( CIVICRM_UF_BASEURL, '/' );
-       if ( isset( $_SERVER['HTTPS'] ) ) {
+       if ( isset( $_SERVER['HTTPS'] ) &&
+             strtolower( $_SERVER['HTTPS'] ) != 'off' ) {
          $this->userFrameworkBaseURL     = str_replace( 'http://', 'https://',
                             $this->userFrameworkBaseURL );
        }
@@ -1025,7 +1026,8 @@
         
         if ( $this->userFrameworkResourceURL ) {
             // we need to do this here so all blocks also load from an ssl server
-            if ( isset( $_SERVER['HTTPS'] ) ) {
+            if ( isset( $_SERVER['HTTPS'] ) &&
+                 strtolower( $_SERVER['HTTPS'] ) != 'off' ) {
                 CRM_Utils_System::mapConfigToSSL( );
             }
             $this->resourceBase = $this->userFrameworkResourceURL;

[helper]

Just installed 1.8.11248-drupal-php5

Seems that the first mod was missed in this version (was line 599), however, making the change did not seem to matter.  All CiviCRM links show up as SSL (https).

[Donald Lobo]

1. The version with the patch is not yet released. We'll release it sometime this week

2. Note that once the site is on https all links switch to https

3. We dont have a windows / IIS box to test the below, so if you can do and contribute back patches to ensure it is working propertly, that would be great

lobo

[helper]

As a temporary fix (until the real fix comes out), I made the changes lobo recommended for the ...\Core\Config.php AND disabled the rewrite as follows:

in file: ...CRM\Utils\System.php

commented out lines 489 and 490

480    /**
481     * rewrite various system urls to https
482     *
483     * @return void
484     * access public
485     * @static
486     */
487    static function mapConfigToSSL( ) {
488        $config   =& CRM_Core_Config::singleton( );
489        //$config->userFrameworkResourceURL = str_replace( 'http://', 'https://',
490        //                                                 $config->userFrameworkResourceURL );
491        $config->resourceBase = $config->userFrameworkResourceURL;
492        require_once( str_replace( '_', DIRECTORY_SEPARATOR, $config->userFrameworkClass ) . '.php');
493        return eval( 'return ' . $config->userFrameworkClass . '::mapConfigToSSL( ); ' );
494    }

Verified that this does work, however, I plan on using SSL later