Page 1 of 1

HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 4:47 am
by KT_
It's my understanding that phpMyFaq should work with HTTPS (and that it should internally translate http:// links to https://). However, having just updated to 2.9.9 I am getting broken pages, with apparently no CSS or scripting, and the Chrome console is full of:
Mixed Content: The page at 'https://www.mysite.com/kb/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.mysite.com/kb/assets/templat ... in.css?v=1'. This request has been blocked; the content must be served over HTTPS.
and similar. The certificate for the rest of the site works just fine.

Am I missing a configuration step?

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 12:04 pm
by Thorsten
Hi,

do you have the https domain setup in your admin configuration?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 5:43 pm
by KT_
Thank you for getting back to me. Yes, I do.

I ended up addressing it by going directly into the MySQL database and changing the configuration base url from http://mysite/kb to https://mysite/kb.

I wasn't able to do it through the phpMyFaq admin interface because I couldn't log in (because scripts wouldn't load, because of the mixed content issue).

(On a somewhat related note, there used to be an "Administration" link that would take you to /admin in phpMyFaq 2.8, that would show up when logged in as an administrator. Is that gone in 2.9?)

Thanks again.

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 6:38 pm
by Thorsten
Hi,

there was this link?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Mon Nov 27, 2017 7:41 pm
by KT_
It used to appear on the top line, at the right next to Login/Logout, and was generated here, I believe:

Code: Select all

//
// Show login box or logged-in user information
//
if (isset($auth)) {
    if (in_array(true, $permission)) {
        $adminSection = sprintf(
            '<a href="%s">%s</a>',
            $systemUri . 'admin/index.php',
            $PMF_LANG['adminSection']
        );
    } else {
        $adminSection = sprintf(
            '<a href="%s">%s</a>',
            $systemUri . 'index.php?action=ucp',
            $PMF_LANG['headerUserControlPanel']
        );
    }
Looking at it now, though, I see there's a similar bit in 2.9.9:

Code: Select all

//
// Show login box or logged-in user information
//
if (isset($auth)) {

    $userRights = $user->perm->getAllUserRights($user->getUserId());
    $minRights = ['37', '39', '40', '41'];

    if (array_values(array_intersect($userRights, $minRights)) === $minRights) {
        $adminSection = sprintf(
            '<a href="%s">%s</a>',
            $faqSystem->getSystemUri($faqConfig).'admin/index.php',
            $PMF_LANG['adminSection']
        );
    } else {
        $adminSection = '';
    }
However that doesn't seem to do anything for me. I have to go to /admin manually.

(Coincidentally, when I do go to /admin manually, my "Dashboard" page is empty and my "Admin worklog" link is inactive. So I'm wondering if something's still not right after upgrading.)

Re: HTTPS/HTTP mixed content blocked

Posted: Thu Dec 07, 2017 4:31 am
by KT_
From the documentation:
5. Administration

The administration of phpMyFAQ is completely browser-based. The admin area can be found under this URL:

http://www.example.com/faq/admin/index.php

You can also login in the public frontend and after the successful login you'll see a link to administration backend, too.
It's that last-mentioned link I'm not seeing, even when (temporarily, sometimes) logged in as my admin account. Something is obviously not being set properly somewhere after updating to 2.9.9.

Re: HTTPS/HTTP mixed content blocked

Posted: Thu Dec 07, 2017 4:50 am
by KT_
I don't know if this is pertinent or not, but I notice the line in 2.9.9:

Code: Select all

$minRights = ['37', '39', '40', '41']
but when I look directly at the faquser_right table, user_id 1 (admin) only has right_id 1 through 36. Although in the user management interface, all permission checkboxes are checked. Did the permission set change somehow and something not get fully updated when I upgraded to 2.9.9?

Re: HTTPS/HTTP mixed content blocked

Posted: Fri Dec 08, 2017 10:12 pm
by Thorsten
Hi,

from which version did you upgrade?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Dec 09, 2017 9:17 am
by KT_
2.8[.something]. I'm not sure where to find the point version number. I want to say 2.8.7.