https/SSL enabled on LearnNa'vi Forum

Started by Tìtstewan, February 16, 2016, 10:40:34 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Tìtstewan

Kaltxì ma smuk,

I was busy with creating a special forum plugin exclusively for LearnNa'vi that makes possible to have https/SSL on almost all pages. Posted images and avatars from externel non-https sources are used to go through an image proxy to prevent mixed content issue. By this, LN's safety has been increased, woo! :D

This plugin is absolutely unique, and my first created plugin with that size. If you see bugs or a weird behavior especially related with images and forum avatars, please, report them. Seiyi irayo! :)

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Toruk Makto

This is, in fact, unique in a production forum of this size and using this application. Major kudos to tsmukan Tìtstewan!

-Markì 

Lì'fyari leNa'vi 'Rrtamì, vay set 'almong a fra'u zera'u ta ngrrpongu
Na'vi Dictionary: http://files.learnnavi.org/dicts/NaviDictionary.pdf

Wllìm

Wou! Txantsan! :D Irayo ma Tìtstewan!

I noticed that some links still refer to the HTTP version of the site instead of the HTTPS version. After you click the link, the forum nicely redirects to the HTTPS version, but I think this still exposes some data, as the initial request is HTTP.

These are the HTTP links I found:
[ul]
  • on a post: cite, applaud, smite, notify moderator;
  • the buttons below the posts on a page: reply, notify, ...;
  • the Site Rules link at the bottom of the page.
[/ul]

In any case, this is really great already! :D

Toliman


Tìtstewan

Tstunwi! :D

Quoteon a post: cite, applaud, smite, notify moderator;
the buttons below the posts on a page: reply, notify, ...;
I believe, that's a pretty-url mod fail...

Quotethe Site Rules link at the bottom of the page.
That should not be a problem as it just direct one to that thread.

---
The only page one see a mixed content issue is the staff page and that only because of that yahoo online/offline smiley, hrh.

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Wllìm

#5
Another bug report: I can't edit posts anymore :( (Firefox on Android)... when clicking Save it gives me a security warning and after clicking Continue it redirects to the New Topic page...



I think that it is really stupid that browsers give such warnings for HTTPS sites - they should also do this for all HTTP sites if they want to be consistent...

Tìtstewan

That's weird. because I see what you are seeing. And I thought I fixed that? Ok, I'll lurk on the Browser console to see which graphics is causing that.

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Wllìm

#7
Quote from: Tìtstewan on February 17, 2016, 11:19:34 AM
That's weird. because I see what you are seeing. And I thought I fixed that? Ok, I'll lurk on the Browser console to see which graphics is causing that.

Irayo nìli! :D

(and sorry for that huge image; I wanted to edit the post to make it smaller, but I can't ;))

Edit: Test! Yay, it works!

Tìtstewan

#8
That huge image fixed. (yay for quick edit)

Ok, I'll bang on that weird thing. Stay tuned.

Editing test

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Tìtstewan

Ok, I found the reason why editing didn't work. It was the pretty url mod which I have now disabled...

Please checke if you can edit your post now.

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Toruk Makto

I have corrected the base path for Pretty URLs and updated the rewrite rules.

Pretty URLs is now back on. Can you check to see if the mixed content error is gone?

Lì'fyari leNa'vi 'Rrtamì, vay set 'almong a fra'u zera'u ta ngrrpongu
Na'vi Dictionary: http://files.learnnavi.org/dicts/NaviDictionary.pdf

Tìtstewan

Quote from: Toruk Makto on February 17, 2016, 12:46:29 PM
Pretty URLs is now back on. Can you check to see if the mixed content error is gone?
Image proxy enabled. :)

Test edit

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Toruk Makto

Quote from: Tìtstewan on February 17, 2016, 12:49:07 PM
Quote from: Toruk Makto on February 17, 2016, 12:46:29 PM
Pretty URLs is now back on. Can you check to see if the mixed content error is gone?
Image proxy enabled. :)

For the edit stuff, I mean.

Lì'fyari leNa'vi 'Rrtamì, vay set 'almong a fra'u zera'u ta ngrrpongu
Na'vi Dictionary: http://files.learnnavi.org/dicts/NaviDictionary.pdf

Tìtstewan


-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Toruk Makto


Lì'fyari leNa'vi 'Rrtamì, vay set 'almong a fra'u zera'u ta ngrrpongu
Na'vi Dictionary: http://files.learnnavi.org/dicts/NaviDictionary.pdf

Wllìm

Awesome, editing works and all links are fixed too! Irayo! :D

Toruk Makto


Lì'fyari leNa'vi 'Rrtamì, vay set 'almong a fra'u zera'u ta ngrrpongu
Na'vi Dictionary: http://files.learnnavi.org/dicts/NaviDictionary.pdf

Tìtstewan

Quote from: Tìtstewan on February 17, 2016, 11:12:37 AM
The only page one see a mixed content issue is the staff page and that only because of that yahoo online/offline smiley, hrh.
Mixed content issue of the staff list fixed. :)

Quote from: Toruk Makto on February 17, 2016, 02:02:34 PM
Quote from: Wllìm on February 17, 2016, 01:21:06 PM
Awesome, editing works and all links are fixed too! Irayo! :D

EGGcellent!
Fì'u! :D

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Tìtstewan

#18
I just noticed a little bug regarding avatar in threads that has been chosen from the avatar gallery. I am on it and try to fix it.
I'll need a bit time since the solution is somewhere in this HUGE php array...
Code (php) Select
<?php
'avatar' => array(
'name' => $profile['avatar'],
'image' => $profile['avatar'] == '' ? ($profile['id_attach'] > '<img class="avatar" src="' . (empty($profile['attachment_type']) ? $scripturl '?action=dlattach;attach=' $profile['id_attach'] . ';type=avatar' $modSettings['custom_avatar_url'] . '/' $profile['filename']) . '" alt="" />' '') : (($modSettings['force_ssl'] == && $image_proxy_enabled && (substr($profile['avatar'], 08) != 'https://')) ? $profile['avatar'] = $boardurl '/proxy.php?request=' urlencode($profile['avatar']) . '&hash=' md5($profile['avatar'] . $image_proxy_secret) : (stristr($profile['avatar'], 'http://')) ? '<img class="avatar" src="' $profile['avatar'] . '"' $avatar_width $avatar_height ' alt="" />' '<img class="avatar" src="' $modSettings['avatar_url'] . '/' htmlspecialchars($profile['avatar']) . '" alt="" />'),
'href' => $profile['avatar'] == '' ? ($profile['id_attach'] > ? (empty($profile['attachment_type']) ? $scripturl '?action=dlattach;attach=' $profile['id_attach'] . ';type=avatar' $modSettings['custom_avatar_url'] . '/' $profile['filename']) : '') : (($modSettings['force_ssl'] == && $image_proxy_enabled && (substr($profile['avatar'], 08) != 'https://')) ? $profile['avatar'] = $boardurl '/proxy.php?request=' urlencode($profile['avatar']) . '&hash=' md5($profile['avatar'] . $image_proxy_secret) : (stristr($profile['avatar'], 'http://')) ? $profile['avatar'] : $modSettings['avatar_url'] . '/' $profile['avatar']),
'url' => $profile['avatar'] == '' '' : (($modSettings['force_ssl'] == && $image_proxy_enabled && (substr($profile['avatar'], 08) != 'https://')) ? $profile['avatar'] = $boardurl '/proxy.php?request=' urlencode($profile['avatar']) . '&hash=' md5($profile['avatar'] . $image_proxy_secret) : (stristr($profile['avatar'], 'http://')) ? $profile['avatar'] : $modSettings['avatar_url'] . '/' $profile['avatar'])
),
?>


BTW, Me @ my test forum:

-| Na'vi Vocab + Audio | Na'viteri as one HTML file | FAQ | Useful Links for Beginners |-
-| Kem si fu kem rä'ä si, ke lu tìfmi. |-

Toliman