Switch to HTTPS - External login/registration issue

MarlyNL

Member
Hi guys,

I'm trying to switch my website and forum to HTTPS (SSL) usage.
Both separate are working fine, but combined I find some issue's.
Is there someone that can help me on why this is not working properly?

First let me describe what I have now:
A website which is currently working via HTTP.
Users can register and will be registered on the forum automatically.
Also when they login on the website they don't have to login separatly for the forum.

What I want:
Using HTTPS (SSL) for a more secure connection.

Problem I face?
When using HTTPS in the URL a user can register on the website, but isn't automatically registered on the forum.
Also when login on the website the user won't be logged in into the forums.

Is there a way to make this work?
Below are the scripts that are currently used.
 
XenForoHandler.php
PHP:
<?php
session_start();
ob_start();
define('GTONLINE', 1);

include_once('lang.php');
include_once('config.php');
include_once('db_connect_website.php');
include_once('functions.php');

$fileDir = '/var/www/clients/client123/web456/web';

// ini_set( "display_errors", 0);


// Functie om user aan te maken in XenForo
//XenForoAddUser('Test13','test13@test.nl','Locatie','welkom01');
function XenForoAddUser($username,$email,$location,$password)
    {
    global $fileDir;
    $startTime = microtime(true);
  
  
    require($fileDir . '/library/XenForo/Autoloader.php');
    XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');
  
    XenForo_Application::initialize($fileDir . '/library', $fileDir);
    XenForo_Application::set('page_start_time', $startTime);
    XenForo_Application::disablePhpErrorHandler();
  
    $deps = new XenForo_Dependencies_Public();
    $deps->preLoadData();
  
    $writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
  
    $writer->set('username', $username);
    $writer->set('email', $email);
    $writer->set('location', $location);
    $writer->set('signature', '[IMG]http://website.net/game/userbanner.php/'.$username.'.png[/IMG]');
    $writer->setPassword($password,$password);
    $writer->set('user_state','valid');
    $writer->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
    $writer->save();
  
    // redirect home
    header("Location: /game/home.php");
    ob_flush(); 
  
    }
  
  
//XenForoChangePassword('Colin','welkom01');
function XenForoChangePassword($username,$password)
    {
    global $fileDir;
    $startTime = microtime(true);
                                                
    $userId = countstuff("SELECT user_id FROM c123website_prd_xenforo.xf_user WHERE username LIKE '".$username."'");
  
  
    require($fileDir . '/library/XenForo/Autoloader.php');
    XenForo_Autoloader::getInstance()->setupAutoloader($fileDir . '/library');
  

    XenForo_Application::initialize($fileDir . '/library', $fileDir);
  

    XenForo_Application::set('page_start_time', $startTime);
    XenForo_Application::disablePhpErrorHandler();
  
    // Not required if you are not using any of the preloaded data
    $dependencies = new XenForo_Dependencies_Public();
    $dependencies->preLoadData();
  
        // $userId = XenForo_Visitor::getUserId();
      
        $writer = XenForo_DataWriter::create('XenForo_DataWriter_User');
        $writer->setExistingData($userId);
        $writer->setPassword($password, $password);
        $writer->save();
      
      

    }


if ($_SESSION['XenForo']['changepass'] == true && $_SESSION['XenForo']['changepass_location'] != 'frontpage')
    {

        XenForoChangePassword($_SESSION['XenForo']['username'],$_SESSION['XenForo']['newpassword']);
        $_SESSION['XenForo']['passchanged'] = true;
        header("Location: ../userpanel.php");
        ob_flush();     
    } 
elseif ($_SESSION['XenForo']['changepass'] == true && $_SESSION['XenForo']['changepass_location'] == 'frontpage')
    {
        XenForoChangePassword($_SESSION['XenForo']['username'],$_SESSION['XenForo']['newpassword']);
        $_SESSION['XenForo']['passchanged'] = true;
      
        // redirect frontpage
        header("Location: ../../../?passwordchanged=1");
        ob_flush();     
    }
else
    {
        // redirect frontpage
        //header("Location: http://website.net");
        //ob_flush();         
    }


?>
 
XenForoHandler2.php
PHP:
<?php
/*
*XenForo Support Functions
*/


class appXenForo {

//Singleton Storage
private static $bInitialized = false;

/**
* Initialise XenForo Functions
*/
function __construct(){}

/*
*Initialise the XenForom Controllers:
*/
public static function init() {
define('XF_ROOT', '/var/www/clients/client123/web567/web/'); // set this!
define('TIMENOW', time());define('SESSION_BYPASS', false);
require_once(XF_ROOT . '/library/XenForo/Autoloader.php');
XenForo_Autoloader::getInstance()->setupAutoloader(XF_ROOT . '/library');
XenForo_Application::initialize(XF_ROOT . '/library', XF_ROOT);
XenForo_Application::set('page_start_time', TIMENOW);
XenForo_Application::disablePhpErrorHandler();
XenForo_Session::startPublicSession();
error_reporting(E_ALL & ~E_NOTICE);
}


/*
*Set the user password.
*/
public static function setPassword($iID, $sPassword) {

$sQuery = "UPDATE xenforo.xf_user_authenticate SET data = BINARY
CONCAT(CONCAT(CONCAT('a:3:{s:4:\"hash\";s:40:\"',
SHA1(CONCAT(SHA1('$sPassword'), SHA1('salt')))),
CONCAT('\";s:4:\"salt\";s:40:\"', SHA1('salt'))),
'\";s:8:\"hashFunc\";s:4:\"sha1\";}'),scheme_class = 'XenForo_Authentication_Core'
WHERE user_id = $iID;";


//QF($sQuery);
}


/*
*Get an array of the latest posts:
*/
public static function getLatestPosts($iMax) {
$sQuery = "
SELECT thread.last_post_id as post_id,
thread.last_post_user_id as user_id,
thread.last_post_username as username ,
thread.discussion_state,
thread.last_post_date,
thread.title as threadtitle,
thread.thread_id as thread_id,
forum.title as node_title, forum.node_id as node_id
FROM xf_thread as thread
LEFT JOIN xf_node as forum ON (forum.node_id = thread.node_id)
ORDER BY thread.last_post_date DESC
LIMIT $iMax";

//Get the rows:
$aLatest = query($sQuery);

// Loop over each post, get the message
foreach ($aLatest as &$cPost) {
//Get the message:
$aRow = query("SELECT * FROM xf_post WHERE post_id = ? LIMIT 1", array($cPost['post_id']));
$cPost['message'] = self::stripBBCode($aRow['message']);

}

return $aLatest;
}



/*
*Get a filtered string URL for the thread:
*/
public static function getThreadURL($sThreadTitle, $iThreadID) {
$sThreadURL = strtolower(str_replace(" ", "-", $sThreadTitle));
$sThreadURL = preg_replace("/[^A-Za-z0-9-]/",'', $sThreadURL);
return "forum/index.php?threads/{$sThreadURL}.{$iThreadID}";
}


/*
*Get a filtered string URL for a node / forum/.
*/
public static function getNodeURL($sNodeTitle, $iNodeID) {
$sForumURL = strtolower(str_replace(" ", "-", $sNodeTitle));
$sForumURL = preg_replace("/[^A-Za-z0-9-]/",'', $sForumURL);
return "forum/index.php?forums/{$sNodeURL}.{$cPost['node_id']}/";
}


/*
*Strip out BB code from xfPosts
*/
public static function stripBBCode($sMessage) {
return strip_tags(str_replace(array('[',']'), array('<','>'), $sMessage));
}


/*
*Create a XenForo User:
*/
public static function createUser($sUsername, $sEmail, $sPassword, array $aAdditionalData = array()) {

//Create the username from the person's name:
$sUsername = str_replace(' ', "_", $sUsername);

//Set User Data
$cWriter = XenForo_DataWriter::create('XenForo_DataWriter_User');
$cWriter->set('username', $sUsername);
$cWriter->set('email', $sEmail);
$cWriter->setPassword($sPassword);
$cWriter->set('user_group_id', XenForo_Model_User::$defaultRegisteredGroupId);
$cWriter->set('user_state', 'email_confirm');
foreach ($aAdditionalData AS $data => $key) {
$cWriter->set($data, $key);
}
$cWriter->save();
$cUser = $cWriter->getMergedData();

//Login new user: Log the ip of the user registering
XenForo_Model_Ip::log($cUser['user_id'], 'user', $cUser['user_id'], 'register');
//Set the user back to the browser session
XenForo_Application::get('session')->changeUserId($cUser['user_id']);
XenForo_Visitor::setup($cUser['user_id']);

return $cUser['user_id'];
}


/*
*Get the current user:
*/
public static function getCurrentUser() {

XenForo_Session::startPublicSession();
$cVisitor = XenForo_Visitor::getInstance();
if($cVisitor->getUserId()){
$dbUserModel = XenForo_Model::create('XenForo_Model_User');
$cUserInfo = $dbUserModel->getFullUserById($cVisitor->getUserId());
}
return $cUserInfo;
}



/*
*Get the current user:
*/
public static function getUserByEmail($sEmail) {
$dbUserModel = XenForo_Model::create('XenForo_Model_User');
$cUser = $dbUserModel->getUserByEmail($sEmail, array('join' => XenForo_Model_User::FETCH_USER_PROFILE + XenForo_Model_User::FETCH_LAST_ACTIVITY));
return $cUser;
}


/*
*Set the user state: from email_confirm to valid.
*/
public static function setUserState($iXFID, $sState) {
//'valid'
//'email_confirm'

//query("UPDATE xf_user SET user_state = ? WHERE user_id = ? LIMIT 1", array($sState, $iXFID));
}


/*
*Login a XenForo User // Set the cookie.
*/
public static function login($sEmail, $sPassword, $bRemember = true) {

//Get this class; delete existing login information
error_reporting(E_ALL);
restore_error_handler();
restore_exception_handler();

$dbLoginModel = XenForo_Model::create('XenForo_Model_Login');
$dbUserModel = XenForo_Model::create('XenForo_Model_User');
$sError = "";

$iUserID = $dbUserModel->validateAuthentication($sEmail, $sPassword, $sError);
if (!$iUserID) {
$dbLoginModel->logLoginAttempt($sEmail);
return $sError;
}

$dbLoginModel->clearLoginAttempts($sEmail);

if ($bRemember) {
$dbUserModel->setUserRememberCookie($iUserID);
}

XenForo_Model_Ip::log($iUserID, 'user', $iUserID, 'login');

$dbUserModel->deleteSessionActivity(0, $_SERVER['REMOTE_ADDR']);

$cSession = XenForo_Application::get('session');
$cSession->changeUserId($iUserID);
XenForo_Visitor::setup($iUserID);

return $iUserID;
}


/*
*Set this user ID as logged in.
*/
public static function setLogin($iUserID) {
$dbUserModel = XenForo_Model::create('XenForo_Model_User');
$dbUserModel->setUserRememberCookie($iUserID);
XenForo_Model_Ip::log($iUserID, 'user', $iUserID, 'login');
$dbUserModel->deleteSessionActivity(0, $_SERVER['REMOTE_ADDR']);
$cSession = XenForo_Application::get('session');
$cSession->changeUserId($iUserID);
XenForo_Visitor::setup($iUserID);
}


/*
*Check if this user name is in use, return true for already exists.
*/
public static function bUsernameInUse($sUsername) {
$cUser = query("SELECT * FROM xf_user WHERE `username` =  '$sUsername' LIMIT 1");

if (is_numeric($cUser['user_id'])) {
return true;
} else {
return false;
}
}


/*
*Delete the current session and log out.
*/
public static function logout() {
if (XenForo_Visitor::getInstance()->get('is_admin')) {
$adminSession = new XenForo_Session(array('admin' => true));
$adminSession->start();
if ($adminSession->get('user_id') == XenForo_Visitor::getUserId()) {
$adminSession->delete();
}
}
XenForo_Model::create('XenForo_Model_Session')->processLastActivityUpdateForLogOut(XenForo_Visitor::getUserId());
XenForo_Application::get('session')->delete();
XenForo_Helper_Cookie::deleteAllCookies(
          array('session'),
          array('user' => array('httpOnly' => false))
      );
XenForo_Visitor::setup(0);
return;
}
}
?>
 
Top Bottom