Author Topic: HTTPS/TLS (Read 3961 times)

sact · « **on:** December 05, 2020, 12:19:19 AM »

Yes, this is a repost, but first one went to wrong area and apparently nobody noticed it.

I was wondering could Collector or whoever is responsible for running these websites could consider setting up TLS-encryption in place to both http://sciprogramming.com and http://agiwiki.sierrahelp.com ? If there's lack of knowhow, EFF's certbot-website should help you get it up and running in notime:

https://certbot.eff.org/

EricOakford · « **Reply #1 on:** February 04, 2022, 12:35:23 PM »

I replied to the previous topic, but I do have a status update regarding this site's security.

This site actually does have a valid certificate, and it's issued by the cPanel, Inc. Certification Authority. As far as everything under Community is concerned, it's secure as long as you use the HTTPS protocol. The rest of the site, however, does not display properly with HTTPS, and won't use the forum's style, just being plain white pages with black text. So yes, the site is not fully secure, but that seems to be because the rest of the site seems to use a custom or outdated CMS. Even the forum software hasn't been updated since 2017.

Kawa · « **Reply #2 on:** February 05, 2022, 10:38:53 AM »

I can tell you right now that the cause of the lack of style is that the main site uses an "http://" URL for the stylesheet, and the browser doesn't let you mix security levels like that. What you want to do instead is link to "//sciprogramming.com/community/Themes/MTBlue/css/index.css?fin20", or preferably just "community/Themes/MTBlue/css/index.css?fin20".

Collector · « **Reply #3 on:** February 05, 2022, 05:25:41 PM »

I am assuming that Cloudee is the only one with FTP/cPanel access.

Kawa · « **Reply #4 on:** February 08, 2022, 08:31:47 PM »

Having access to the SMF theme files, I noticed an oddity in the function that writes the navigation bar. $siteUrl is hoisted in via global but it turned out to be blank/unset, so everywhere it said <a href="'.$siteUrl.'/something"> it'd end up with a link to only /something. Relative, not absolute.

As a bit of a hack to make sure that no matter how you got to the board (HTTP or HTTPS) you will go to the unsafe-but-functional main pages, I hardcoded things in the template to have $siteUrl be http://sciprogramming.com and new variable $commUrl be https://sciprogramming.com/community, then used the latter for all the links leading to things on the board, with regards to the top of the page.

Cloudee1 · « **Reply #5 on:** February 10, 2022, 10:01:25 AM »

I have updated the themes address in the admin panel, the front page seems to load correctly now. However it still lands on all kinds of insecure pages. I'll keep digging and see if I can find all the hardcoded http's and turn them into https's

*Pretty sure I have everything either working, or totally broken lol. It wasn't easy, but I went through and managed to get the forum version updated to the current version. With a few of the mods we've added, unfortunately it wasn't just a matter of clicking install. But regardless, it's done.

We also had quite a bit of deprecated code going on that I attempted to go through and clean up. It has been a very long night. If anyone still has flash installed, the arcade is even back up.

If anyone comes across anything that is broken, please let me know while all this sites code is fresh in my mind lol.

EricOakford · « **Reply #6 on:** February 11, 2022, 11:39:44 AM »

All right, things are nice and secure now! It's good to see you here again, Cloudee!

So the arcade is back. Too bad Flash is no longer supported on modern browsers.

I did have an idea about bringing things over to my new site, The Missing Floppies, but it looks like things are good here now. I'll still write things up there, and I even branched out to SCUMM games.

Good work updating to SMF 2.0.19. That will help ensure PHP 8 compatibility. Of course, SMF 2.1 was just released, but there's no rush to upgrade yet.

Yeah, I bet the mods installed made things a little harder. That's why I use XenForo, which was made by former vBulletin developers. It cost me $160, but with a lot of built-in features, I think it was worth it. The only third-party add-on I have installed is XenPorta ($40), which provides a portal for the forum. The only other add-on I have is the first-party XenForo Resource Manager ($65). I've uploaded my own template games with it.

Anyway, keep up the good work. You do your thing and I'll do mine.

Kawa · « **Reply #7 on:** February 11, 2022, 02:00:54 PM »

All this talk about SMF updates and how much XenForo and its add-ons cost, and I'm just sitting here with my own board software that I made...

SCIprogramming.com

Author Topic: HTTPS/TLS (Read 3961 times)

sact

HTTPS/TLS

EricOakford

Re: HTTPS/TLS

Kawa

Re: HTTPS/TLS

Collector

Re: HTTPS/TLS

Kawa

Re: HTTPS/TLS

Cloudee1

Re: HTTPS/TLS

EricOakford

Re: HTTPS/TLS

Kawa

Re: HTTPS/TLS