Ideas about log in issue

dash-crypto
#1

Just wondered if anyone has any thoughts on this one?

I have created the topic here as I think others will be able to help far better than I can!

#2

Tried to login with a mock user/pass and the issue seems to be mixed content not being allowed. Of all things to be sent over http, sign in form shouldn’t be one :smile:

Mixed Content: The page at 'https://communitybox.tk/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://communitybox.tk/includes/ajax/core/signin.php'. This request has been blocked; the content must be served over HTTPS.

I don’t use it myself, but have seen many people recommend Really Simple SSL plugin to fix mixed-content issues on WP sites.

2 Likes
#3

Thank you @floripare :slightly_smiling_face: I have again suggested they create a thread here to be helped more!

I have already made the point about using Flexible for a login… But mixed content?!?

#4

The site is now responding in HTTPS, but there seems to be a strange redirect in place for the login URL:

https://communitybox.tk/includes/ajax/core/signin.php

is redirected to the home page on HTTP, which is then redirected again to HTTPS.

Though he shared many screenshots, I couldn’t see any redirect page rule, but that’s probably where the problem is, something like a wildcard * redirect without $1 on the target URL.

#7

Did he mean he switched to grey cloud as that would disable cf ssl though?

#8

I think they meant that it was :grey: and they switched to :orange: to enable SSL…

#9

hey i’m here what info do you guys need to be able to help?

#10

Hi @rawcyanide, welcome.

I guess the redirect question from @floripare is open. I don’t see any page rules. Yes on :logodrop: change @domjh.

#11

i was told to add some page rules by some one else in the 000webhost forum and that just made my site not work

2 Likes
#12

Here are some options in this tip, Community Tip - Fixing ERR TOO MANY REDIRECTS, was it the always use https page rule you implemented?

#13

this is what i was told to do

#14

This rule can safely be ruled out as the cause for your sign-in form issue.

Do you have any rules at the server level, like any .htaccess directives re: redirects?

2 Likes
#15

i don’t think so

#16

Still on-going issue.

The script works fine over HTTP & also HTTPS just not CloudFlare?

It is really weird the script will function fine over HTTPS:// on the free subdomain.

When logging in there is no errors in Console and the correct error message is displayed if you try to login with wrong password / fake user / reset password error message appears correctly.

When running on CloudFlare

With HTTPS in the config file you get infinite redirects (can we fix this?)

Or if you use HTTP in the config file you get

The site loads without the redirects error and has no issues apart… from obviously logging in/doing any functions to get in.

You get this annoying error

& the mixed content console error

Is there a simple way to fix the redirects error or is this because it isn’t a full certificate and using flexible? :slight_smile:

#17

I don’t think so, as Flexible does not require HTTPS at the origin.

I just tried some test user/pass and it did return the same message, even though the site is now on Cloudflare, as there are CF- headers.

1 Like
#18

Thanks for the reply.

Weird you get that, I don’t see any message currently.

I think it is a script issue @rawcyanide

1 Like
#19

oh i guess it could be but i don’t know why it works with 000webhost and when i used to have paid hosting

#20

wait wtf it works now for some reason, i can log in and still keep the ssl certificate!

1 Like
#21

Talk to @ckhawand he was going to look at your scripts code.

#22

okay do i just private message him on webhost?