• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Different homePageUrl while viewing conversations?

Floren

Well-known member
#1
My goal is to make the conversations encrypted, so I need to modify the homePageUrl variable:
Code:
if (user is viewing the conversations)
{
	$options->homePageUrl = 'https://www.domain.com/community';
}
I was wondering if you can help me to determine what hooks I should use to perform this change.
Thank you for your help.
 

digitalpoint

Well-known member
#2
Probably the "Load Class Controller" event listener, and then have it listening for the "XenForo_ControllerPublic_Conversation" class being loaded?
 

Floren

Well-known member
#3
Thanks Shawn. Well, from quickly looking at the code... I have few options.

First: create an extended Zend_Controller_Request_Http class and set the isSecure function to true, when XenForo_ControllerPublic_Conversation is loaded.
Second: create an extended XenForo_Application class and define in getRequestPaths() the $protocol as default 'https'.

I'm inclined to use the second option, as is easier to deal with XenForo code.
Now, on with the code logic... I have no idea how to load the extended XenForo_Application class ONLY when the private conversations are viewed:
/library/Protected/Application.php
Code:
class Protected_Application extends XenForo_Application
{
	/**
	 * Gets the request paths from the specified request object.
	 *
	 * @param	Zend_Controller_Request_Http $request
	 * @return	array
	 */
	public static function getRequestPaths(Zend_Controller_Request_Http $request)
	{
		$basePath = $request->getBasePath();
		if ($basePath === '' || substr($basePath, -1) != '/')
		{
			$basePath .= '/';
		}
		$host = $request->getServer('HTTP_HOST');
		if (!$host)
		{
			$host = $request->getServer('SERVER_NAME');
			$serverPort = intval($request->getServer('SERVER_PORT'));
			if ($serverPort && $serverPort != 80 && $serverPort != 443)
			{
				$host .= ':' . $serverPort;
			}
		}
		$protocol = 'https';
		$requestUri = $request->getRequestUri();

		return array(
			'basePath'	=> $basePath,
			'host'		=> $host,
			'protocol'	=> $protocol,
			'fullBasePath'	=> $protocol . '://' . $host . $basePath,
			'requestUri'	=> $requestUri,
			'fullUri'	=> $protocol . '://' . $host . $requestUri
		);
	}
}
 

digitalpoint

Well-known member
#4
Assuming your server is already setup for SSL, why not just eliminate the hassle of only part being encrypted and just run everything over SSL? If you are worried about a man in the middle attack reading conversations, shoudn't you be worried about a man in the middle attack stealing login credentials? Just seems that is the easier (and more secure) route.
 
F

Floris

Guest
#5
I have no idea what I am doing, but.. this is how i extended on the findNew and NotFound results.
http://xenforo.com/community/threads/product-xenfans-com-custom-errors.23488

my own class, then a function, within it i check for the controller for conversations,
then extend. and a code event listener for the listener.

then in the other file i have my class extending on xfcp_classnameagain
with a function that's already used within xenforo, allowing me to do what i want, rather than what xenforo wants.

Sorry if I didn't quite understand what you were looking for. This is what i used to catch the 404 error, so i can use my own template, etc, rather than just have xenforo spit out the phrase. I hope the code explains how to extend if it's a specific controller.

you could my other plugin to find out which controllername the individual conversation pages are using; http://xenforo.com/community/threads/product-xenfans-com-extra-debug.19504/
 

Floren

Well-known member
#6
Assuming your server is already setup for SSL, why not just eliminate the hassle of only part being encrypted and just run everything over SSL? If you are worried about a man in the middle attack reading conversations, shoudn't you be worried about a man in the middle attack stealing login credentials? Just seems that is the easier (and more secure) route.
I hear you and totally agree. But for speed reasons, even if I cache the SSL sessions with Nginx, I rather keep only the admin.php, login and conversations through SSL connections.

Edit: the admin.php is easy as it stores all conditions separately:
https://www.axivo.com/community/admin.php

Nginx takes care of the http > https redirect easy... and viceversa:
https://www.axivo.com/community/

But I have to define a conditional that allows me to automatically switch to https in templates so I don't get any SSL insecure browser warnings.
Now that I think, how is the login popup loaded? Is it called as a separate Ajax page?

Either ways, once I know how to extend the Protected_Application class, all I have to do is call it at login event also. You should do the same on your site also, much more secure.

Second edit: You are right, by default the Login is just injected html at the top, there is no way to secure the login with the current XenForo design. I guess, the only solution is to load the entire forum through SSL.