WPMU-Nelo does not honor FORCE_SSL_LOGIN and FORCE_SSL_ADMIN
WPMU DEV Community
WPMU-Nelo does not honor FORCE_SSL_LOGIN and FORCE_SSL_ADMIN
Elite
4 pointsGetting my WPMU DEV WingsI'm new here
pauxus
Member
—
5th January 2012 (4 months ago)
When setting one of those variables, logins are to be done over ssl.
However, the sidebar link "login" button points to the schema used for page (i.e., if you enter the page over http, it points to http://site/wp-login.php, transmitting username and password unencrypted.
if FORCE_SSL_ADMIN is set, this even results in the login page beeing redisplayed (when coming from a non-ssl page, coming from an ssl page or changing the link manually to https (using firebug) works)
IMHO, the theme should honor the variables and if present, always set the login link to https
Alternatively, the login page could be made configurable under theme options
When setting one of those variables, logins are to be done over ssl.
However, the sidebar link "login" button points to the schema used for page (i.e., if you enter the page over http, it points to http://site/wp-login.php, transmitting username and password unencrypted.
if FORCE_SSL_ADMIN is set, this even results in the login page beeing redisplayed (when coming from a non-ssl page, coming from an ssl page or changing the link manually to https (using firebug) works)
IMHO, the theme should honor the variables and if present, always set the login link to https
Alternatively, the login page could be made configurable under theme options
By default the theme doesn't have it's own login link
Sorry, but yes it does, via profiles.php now found in wpmu-nelo/lib/templates/wp-template/. Perhaps pauxus can hack that file in the time being. I customized our login panel content and recreated the file in wpmu-nelo-child/lib/templates/wp-template/ since we're using a child theme. Hope this helps!
Responses (5)
Sales & Support Pro — 5th January 2012 (4 months ago) #
Hiya!
By default the theme doesn't have it's own login link in the sidebar, so can you tell me what widgets you have in your sidebar please?
Even better, please post a screenshot of your sidebar settings.
Thanks,
Phil
Member — 5th January 2012 (4 months ago) #
Sorry, I am not using a widget in the sidebar, but the "profile settings -> login panel" of the theme options,
Member — 5th January 2012 (4 months ago) #
Sorry, but yes it does, via profiles.php now found in wpmu-nelo/lib/templates/wp-template/. Perhaps pauxus can hack that file in the time being. I customized our login panel content and recreated the file in wpmu-nelo-child/lib/templates/wp-template/ since we're using a child theme. Hope this helps!
Member — 6th January 2012 (4 months ago) #
Hallo!
Thanks for the tipp, jcnjr, I did that.
For the record, wordpress already provides that functionality by given "login" as optional second parameter to site_url function.
So I simply added that parameter to line 15 (Nelo 2.2.2):
before:
after:
<form name="loginform" id="logs" action="<?php echo site_url('/wp-login.php', 'login'); ?>" method="post">I suggest changing that in the themes (quick check shows the same behavior for Dixi and Triden as well)
Sales & Support Pro — 6th January 2012 (4 months ago) #
Ah I see! Will pass this onto the developer for a permanent fix...
Become a member