Force Joomla to use SSL/HTTPS
by Lonnie on Jan.15, 2009, under Joomla
Have you ever needed to make Joomla use https?
If you use Joomla 1.0.x you could just simply changed $mosConfig_livesite to your https URL, but this won’t solve the issue of someone coming in on a non https link from a search engine or bookmark, yes it will change to https if they click a link, but that landing page will be insecure, what can we do about this? read on!
I encountered this issue on a Joomla site that had a small store for purchasing supplies for equipment this company was selling.. The issue is that before, the page was just static content without any online ordering capabilities at all .. search engines had picked it up long ago and they didn’t want to change the links.
I wrote up a very simple snippet of code that rests at the top of your template..
// if https isn’t on, we need to fix that!
if ( $_SERVER["HTTPS"] != “on” ) {
$newurl = “https://” . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
header(“Location: $newurl”);
exit();
}
This block of code will detect if they came in via https or not, and if they didn’t, it will redirect them to the https version of the page they were on.
Easy as 123 .. 4
If you found this helpful, please consider a donation!
If you have a question you’d like me to try to solve, go ahead and ask it :)
Incoming search terms:
- joomla Force SSL
- joomla force https
- joomla ssl
- force ssl joomla
- joomla force https login
- force https joomla
- joomla force_ssl
- force ssl in joomla
- joomla force ssl login
- ssl joomla
April 26th, 2010 on 7:47 pm
Yes, you can force a re-direct to https. But, is there a way for a template to get the Access Level of the current article, to know if it should force the re-direct? I want one template that knows that it should use http for Public pages and https for Registered pages.
In the template’s index.php:
$thisTitle = $this->title; // works
$thisAccess = $this->access; // is empty
The article can have the following JUMI script:
$theAccess = $article->access; // 0 for public, 1 for registered
which could be used, except you then have to add that script to every article’s HTML! Tried making it a separate module and assigning to every page, but it doesn’t work outside of the article.
Thoughts/suggestions anyone?
May 4th, 2010 on 9:42 pm
Yes you can get an instance of the jUser object and pull their access level before doing your redirect.
You would want to move the code to the template rather than the config file at that point.. and you should still be able to override variables from jConfig .. I can work up some sample code for you if you need. Sorry for the delay.
March 13th, 2011 on 6:03 pm
I wonder if this will also work as a fix for virtuemart not forcing SSL on the store pages. Would you happen to have some insight on that?
Thanks,
Mike
March 13th, 2011 on 7:39 pm
That SSL trick could work for that because it forces SSL on every page.. but some custom code could be written in the template to force SSL when the virtuemart component is loaded only.