1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Different homePageUrl while viewing conversations?

Discussion in 'XenForo Development Discussions' started by Floren, Nov 19, 2011.

  1. Floren

    Floren Well-Known Member

    My goal is to make the conversations encrypted, so I need to modify the homePageUrl variable:
    if (user is viewing the conversations)
    	$options->homePageUrl = 'https://www.domain.com/community';
    I was wondering if you can help me to determine what hooks I should use to perform this change.
    Thank you for your help.
  2. digitalpoint

    digitalpoint Well-Known Member

    Probably the "Load Class Controller" event listener, and then have it listening for the "XenForo_ControllerPublic_Conversation" class being loaded?
  3. Floren

    Floren Well-Known Member

    Thanks Shawn. Well, from quickly looking at the code... I have few options.

    First: create an extended Zend_Controller_Request_Http class and set the isSecure function to true, when XenForo_ControllerPublic_Conversation is loaded.
    Second: create an extended XenForo_Application class and define in getRequestPaths() the $protocol as default 'https'.

    I'm inclined to use the second option, as is easier to deal with XenForo code.
    Now, on with the code logic... I have no idea how to load the extended XenForo_Application class ONLY when the private conversations are viewed:
    class Protected_Application extends XenForo_Application
    	 * Gets the request paths from the specified request object.
    	 * @param	Zend_Controller_Request_Http $request
    	 * @return	array
    	public static function getRequestPaths(Zend_Controller_Request_Http $request)
    		$basePath = $request->getBasePath();
    		if ($basePath === '' || substr($basePath, -1) != '/')
    			$basePath .= '/';
    		$host = $request->getServer('HTTP_HOST');
    		if (!$host)
    			$host = $request->getServer('SERVER_NAME');
    			$serverPort = intval($request->getServer('SERVER_PORT'));
    			if ($serverPort && $serverPort != 80 && $serverPort != 443)
    				$host .= ':' . $serverPort;
    		$protocol = 'https';
    		$requestUri = $request->getRequestUri();
    		return array(
    			'basePath'	=> $basePath,
    			'host'		=> $host,
    			'protocol'	=> $protocol,
    			'fullBasePath'	=> $protocol . '://' . $host . $basePath,
    			'requestUri'	=> $requestUri,
    			'fullUri'	=> $protocol . '://' . $host . $requestUri
  4. digitalpoint

    digitalpoint Well-Known Member

    Assuming your server is already setup for SSL, why not just eliminate the hassle of only part being encrypted and just run everything over SSL? If you are worried about a man in the middle attack reading conversations, shoudn't you be worried about a man in the middle attack stealing login credentials? Just seems that is the easier (and more secure) route.
    Jeremy likes this.
  5. Floris

    Floris Guest

    I have no idea what I am doing, but.. this is how i extended on the findNew and NotFound results.

    my own class, then a function, within it i check for the controller for conversations,
    then extend. and a code event listener for the listener.

    then in the other file i have my class extending on xfcp_classnameagain
    with a function that's already used within xenforo, allowing me to do what i want, rather than what xenforo wants.

    Sorry if I didn't quite understand what you were looking for. This is what i used to catch the 404 error, so i can use my own template, etc, rather than just have xenforo spit out the phrase. I hope the code explains how to extend if it's a specific controller.

    you could my other plugin to find out which controllername the individual conversation pages are using; http://xenforo.com/community/threads/product-xenfans-com-extra-debug.19504/
  6. Floren

    Floren Well-Known Member

    I hear you and totally agree. But for speed reasons, even if I cache the SSL sessions with Nginx, I rather keep only the admin.php, login and conversations through SSL connections.

    Edit: the admin.php is easy as it stores all conditions separately:

    Nginx takes care of the http > https redirect easy... and viceversa:

    But I have to define a conditional that allows me to automatically switch to https in templates so I don't get any SSL insecure browser warnings.
    Now that I think, how is the login popup loaded? Is it called as a separate Ajax page?

    Either ways, once I know how to extend the Protected_Application class, all I have to do is call it at login event also. You should do the same on your site also, much more secure.

    Second edit: You are right, by default the Login is just injected html at the top, there is no way to secure the login with the current XenForo design. I guess, the only solution is to load the entire forum through SSL.
  7. Floren

    Floren Well-Known Member

Share This Page