Page 1 of 1

HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 4:47 am
by KT_
It's my understanding that phpMyFaq should work with HTTPS (and that it should internally translate http:// links to https://). However, having just updated to 2.9.9 I am getting broken pages, with apparently no CSS or scripting, and the Chrome console is full of:
Mixed Content: The page at 'https://www.mysite.com/kb/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.mysite.com/kb/assets/templat ... in.css?v=1'. This request has been blocked; the content must be served over HTTPS.
and similar. The certificate for the rest of the site works just fine.

Am I missing a configuration step?

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 12:04 pm
by Thorsten
Hi,

do you have the https domain setup in your admin configuration?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 5:43 pm
by KT_
Thank you for getting back to me. Yes, I do.

I ended up addressing it by going directly into the MySQL database and changing the configuration base url from http://mysite/kb to https://mysite/kb.

I wasn't able to do it through the phpMyFaq admin interface because I couldn't log in (because scripts wouldn't load, because of the mixed content issue).

(On a somewhat related note, there used to be an "Administration" link that would take you to /admin in phpMyFaq 2.8, that would show up when logged in as an administrator. Is that gone in 2.9?)

Thanks again.

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Nov 25, 2017 6:38 pm
by Thorsten
Hi,

there was this link?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Mon Nov 27, 2017 7:41 pm
by KT_
It used to appear on the top line, at the right next to Login/Logout, and was generated here, I believe:

Code: Select all

//
// Show login box or logged-in user information
//
if (isset($auth)) {
    if (in_array(true, $permission)) {
        $adminSection = sprintf(
            '<a href="%s">%s</a>',
            $systemUri . 'admin/index.php',
            $PMF_LANG['adminSection']
        );
    } else {
        $adminSection = sprintf(
            '<a href="%s">%s</a>',
            $systemUri . 'index.php?action=ucp',
            $PMF_LANG['headerUserControlPanel']
        );
    }
Looking at it now, though, I see there's a similar bit in 2.9.9:

Code: Select all

//
// Show login box or logged-in user information
//
if (isset($auth)) {

    $userRights = $user->perm->getAllUserRights($user->getUserId());
    $minRights = ['37', '39', '40', '41'];

    if (array_values(array_intersect($userRights, $minRights)) === $minRights) {
        $adminSection = sprintf(
            '<a href="%s">%s</a>',
            $faqSystem->getSystemUri($faqConfig).'admin/index.php',
            $PMF_LANG['adminSection']
        );
    } else {
        $adminSection = '';
    }
However that doesn't seem to do anything for me. I have to go to /admin manually.

(Coincidentally, when I do go to /admin manually, my "Dashboard" page is empty and my "Admin worklog" link is inactive. So I'm wondering if something's still not right after upgrading.)

Re: HTTPS/HTTP mixed content blocked

Posted: Thu Dec 07, 2017 4:31 am
by KT_
From the documentation:
5. Administration

The administration of phpMyFAQ is completely browser-based. The admin area can be found under this URL:

http://www.example.com/faq/admin/index.php

You can also login in the public frontend and after the successful login you'll see a link to administration backend, too.
It's that last-mentioned link I'm not seeing, even when (temporarily, sometimes) logged in as my admin account. Something is obviously not being set properly somewhere after updating to 2.9.9.

Re: HTTPS/HTTP mixed content blocked

Posted: Thu Dec 07, 2017 4:50 am
by KT_
I don't know if this is pertinent or not, but I notice the line in 2.9.9:

Code: Select all

$minRights = ['37', '39', '40', '41']
but when I look directly at the faquser_right table, user_id 1 (admin) only has right_id 1 through 36. Although in the user management interface, all permission checkboxes are checked. Did the permission set change somehow and something not get fully updated when I upgraded to 2.9.9?

Re: HTTPS/HTTP mixed content blocked

Posted: Fri Dec 08, 2017 10:12 pm
by Thorsten
Hi,

from which version did you upgrade?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Dec 09, 2017 9:17 am
by KT_
2.8[.something]. I'm not sure where to find the point version number. I want to say 2.8.7.

Re: HTTPS/HTTP mixed content blocked

Posted: Fri Dec 15, 2017 7:21 am
by KT_
Just curious, am I missing permissions/rights from the configuration?

Unless I'm reading that incorrectly, it alludes to 37 and higher, while my installation stops at 36 (as per the attached image from phpmyadmin).

Screen Shot 2017-12-15 at 1.17.52 AM.png

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Dec 16, 2017 2:54 pm
by Thorsten
Hi,

did you ran the update script?

bye
Thorsten

Re: HTTPS/HTTP mixed content blocked

Posted: Sat Dec 16, 2017 4:00 pm
by KT_
I believe I did.

(Most) other things seem to be working properly.

Is the update script something that can be re-run to fix anything that wasn't properly configured the first time?

Re: HTTPS/HTTP mixed content blocked

Posted: Sun Dec 17, 2017 3:43 pm
by Thorsten
HI,

you can try to re-run it, usually it doesn't break things.

bye
Thorsten