Membership Premium breaks after removing SSL certificate

Bit of a weird issue but our MU network recently removed it's SSL certificate and everything SSL was turned off. However, the membership module broke in the admin panel.

The membership module tries to load .js files, .css files and other resources over https and not https.

The offending line of code is in plugins/membership/membershipincludes/includes/functions.php
on line 147...

if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
		$M_membership_url = preg_replace('/http:/i', 'https:', $M_membership_url);
	}

If I comment out the preg_replace line of code, all is hunkydory and works fine.

Strange thing is, I have this plugin installed on a test network that has never had an SSL certificate (but is on the same server) and it works fine on the test network without having to comment out the code.

The server configuration is identical on both networks (because they're on the same server) but the live network that recently stopped using the SSL certificate doesn't work properly.

Interestingly, $_SERVER['HTTPS'] is empty on both sites and $_SERVER['SERVER_PORT'] is 80 on both sites.

Help?

  • aecnu

    Greetings brandicoot,

    Thank you for bringing this item to our attention.

    Just looking at this and not being a coder myself I would think that it is a browser caching issue or possible other caching issue but I do not believe that https is cached server side.

    On the browser you were using was all the cache dumped by any chance?

    You are sure the URL in your browser is set http without the "s"?

    Also I am wondering if you folks have the https plugin of some sort installed and activated by any chance?

    Obviously there are many possibilities that can cause this phenomenon, but as you have pointed out this line:

    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
    		$M_membership_url = preg_replace('/http:/i', 'https:', $M_membership_url);
    	}

    When commented out appears to "fix it" which makes me think that this line checks to see if https is available which I would then think that it is perhaps getting the answer from the httpd.conf file that port 443 is available.

    You may want to see if this particular site still has a port 443 SSL entry in the httpd.conf file, or else leave the line commented out and go forward.

    Please advise.

    Cheers, Joe

  • brandicoot

    Hi @aecnu and thanks for the reply.

    On the browser you were using was all the cache dumped by any chance?

    Not sure what you mean, but this isn't a browser caching issue. I've tried it from various machines, some of which have never visited the site.

    You are sure the URL in your browser is set http without the "s"?

    Positive.

    Also I am wondering if you folks have the https plugin of some sort installed and activated by any chance?

    Nope.

    When commented out appears to "fix it" which makes me think that this line checks to see if https is available which I would then think that it is perhaps getting the answer from the httpd.conf file that port 443 is available.

    When I echo $_SERVER['SERVER_PORT'] it echoes 80, not 443.

    As I said, this plugin works fine on a test MU network that we have running on the same server. Both MU networks return identical results for both $_SERVER['SERVER_PORT'] and $_SERVER['HTTPS']

    I've confirmed that both sites are call this function. Yet it works on one site but not on the other.

    I can think that something is being cached on the server somewhere but I'm stuck as to what or where.

    Any more ideas?

  • brandicoot

    Hi @aecnu

    Worked it out and it's a bug in the membership plugin.

    I added the following line of code, it echoes "Off" (note the capital letter O)

    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
    		echo $_SERVER['HTTPS'];
    		$M_membership_url = preg_replace('/http:/i', 'https:', $M_membership_url);
    	}

    Therefore the above is never going to work where the 'Off' has a capital letter 'O' because the logic only considers the lowercase variant. I suggest that the code be amended to the following...

    if (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' || $_SERVER['SERVER_PORT'] == 443) {
    		$M_membership_url = preg_replace('/http:/i', 'https:', $M_membership_url);
    	}

    You're welcome :wink:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.