Community Support Forums

Re: Redirect errors when forcing SSL

2011-11-17T11:11:05-05:00

We have two other sites that were installed from scratch as https (with SSL cert and dedicated IP) and they seem to work fine using the Wordpress HTTPS plugin to force SSL. The downside - or upside for some - is that the admin sections are all SSL and take more time to load.
However, on a different site, the problem with s2 and Event Espresso remains. What is interesting is that Event Espresso's own version of Wordpress HTTPS works for s2 but not for the EE pages.

Statistics: Posted by dvpro — November 17th, 2011, 11:11 am

Re: Redirect errors when forcing SSL

2011-11-17T10:54:07-05:00

This may be a lame question but I cannot find anything that addresses it specifically. For WP sites needing secure transaction processing, what are the ramifications if the site has been installed as http and then a SSL cert and dedicated IP are applied versus without reinstalling WP as https?

Well starting with an http installation is the most popular way. Then as you said, add a dedicated IP and the SSL certificate to enable the use of SSL over the https protocol. Once that's in place, you should only need to use s2Member's instructions, as seen below.

For the benefit of other readers...
taken from our FAQ at s2Member.com.

Do I need an SSL certificate to use PayPal® Pro or Authorize.Net®?

If you're using s2Member's Pro Forms, then yes. In order to comply with PayPal®, Authorize.Net® and PCI Compliance policies, as set forth by major credit card companies; you will need to host all of your Pro Forms on an SSL enabled site. Please check with your hosting provider to ask about obtaining an SSL certificate for your domain. Please note... when you create Pro Forms using the Form Generators provided by s2Member; you'll be supplied with WordPress® Shortcodes, which you'll insert into Posts/Pages of your choosing. These special Posts/Pages will need to be displayed in SSL mode, using links that start with ( https:// ). In other words, when you link to these Posts/Pages, you'll need to make sure your links start with https://.

You can skip the SSL certificate during Development/Sandbox testing. SSL is not required until you officially go live. Once you're live, you can add the Custom Field s2member_force_ssl -> yes to any Post/Page. s2Member will buffer output on those special Posts/Pages, converting everything over to https:// for you automatically, and forcing those specific Posts/Pages to be viewed over a secure SSL connection; so long as your server supports the https protocol. This will help you eliminate the dreaded Secure/Insecure errors in Internet Explorer®. If your server runs SSL over a special port number, or your server requires the port number to actually be in the URL ( i.e. HOST:port ), you can set s2member_force_ssl -> 443; or to whatever port you need.

SNAG-0124.png
Is WordPress® compatible with SSL enabled?

Yes, WordPress® is indeed compatible with SSL enabled ( https:// ). However, not all themes/plugins are designed to behave properly with SSL enabled. For instance, some WordPress® themes/plugins embed links to images, scripts, and/or style sheets; all starting with http://, instead of https://, ( or just //: - which is cross-protocol compatible ). For this reason, you should be very careful when choosing a WordPress® theme/plugin to use with s2Member Pro. Otherwise, your visitors could see the famous "Secure/Insecure" warnings in Internet Explorer® browsers.

A good web developer can fix this minor issue with ease,
but novice site owners are advised to get help from a professional.

*Tip: All themes available at PriMoThemes.com include full support for SSL enabled Posts/Pages. Also, with s2Member installed, you can add the Custom Field s2member_force_ssl -> yes to any Post/Page. s2Member will buffer output on those special Posts/Pages, converting everything over to https:// for you automatically, and forcing those specific Posts/Pages to be viewed over a secure SSL connection; so long as your server supports the https protocol.

Statistics: Posted by Jason Caldwell — November 17th, 2011, 10:54 am

Re: Redirect errors when forcing SSL

2011-11-15T18:10:33-05:00

I will put something on the EE site.

This may be a lame question but I cannot find anything that addresses it specifically. For WP sites needing secure transaction processing, what are the ramifications if the site has been installed as http and then a SSL cert and dedicated IP are applied versus without reinstalling WP as https?

Two of the sites where we have installed WP as https and THEN we added the SSL cert and IP seem to work fine for secure transactions. However, the admin sections have the added overhead of https.

Statistics: Posted by dvpro — November 15th, 2011, 6:10 pm

Re: Redirect errors when forcing SSL

2011-11-15T17:44:34-05:00

Thanks for the follow-up.

dvpro wrote:
This is still a problem with Event Espresso 3.1. Has anyone at EE responded?

No, I'm sorry. There has been no communication on this issue that I'm aware of.

Statistics: Posted by Jason Caldwell — November 15th, 2011, 5:44 pm

Re: Redirect errors when forcing SSL

2011-11-15T02:03:21-05:00

This is still a problem with Event Espresso 3.1. Has anyone at EE responded?

Statistics: Posted by dvpro — November 15th, 2011, 2:03 am

Re: Redirect errors when forcing SSL

2011-07-22T19:10:53-05:00

vonralls wrote:
I believe the problem is the Espresso Event plugin. There is an SSL switch in that plugin, and when it is turned off, SSL works for the rest of the site. When it's on, it breaks SSL for the rest of the site.

Ah, thanks for reporting this. I'll add this plugin to our list here: viewtopic.php?f=36&t=6309

In the mean time, if the developer is unable to resolve the issue for you, please ask them to send us a copy of the software so we can help to resolve this. They can use this private contact form: http://www.s2member.com/contact/

Statistics: Posted by Jason Caldwell — July 22nd, 2011, 7:10 pm

Re: Redirect errors when forcing SSL

2011-07-22T10:21:49-05:00

I believe the problem is the Espresso Event plugin. There is an SSL switch in that plugin, and when it is turned off, SSL works for the rest of the site. When it's on, it breaks SSL for the rest of the site.

Statistics: Posted by vonralls — July 22nd, 2011, 10:21 am

Re: Redirect errors when forcing SSL

2011-07-21T20:29:03-05:00

Additionally, it seems to me that I should be able to add https: to any page and it should work. If I just go to the main page with https://www.sms-midsouth.org it redirects back to http://... Interesting.

Statistics: Posted by vonralls — July 21st, 2011, 8:29 pm

Re: Redirect errors when forcing SSL

2011-07-21T20:08:46-05:00

Here you go:

akismet
contact form7
event espresso
event espresso calendar
event espresso members add-on
exclude pages from navigation
nextgen gallery
page links to
redirection
s2member
staff directory
twitter widget pro
wordpress importer

Wordpress HTTPS is deactivated, but was installed

Statistics: Posted by vonralls — July 21st, 2011, 8:08 pm

Re: Redirect errors when forcing SSL

2011-07-21T17:15:37-05:00

vonralls wrote:
I will try to make a list. http://www.sms-midsouth.org
Click "membership" then click "Register Now" under one of the packages to see the problem.

Great thanks. I was able to reproduce the infinite redirection loop. Yea, that's ODD. I've been unable to reproduce this on our end though, so I suspect it's something server-specific. If I can see the list of other plugins, that might shed some light.

Statistics: Posted by Jason Caldwell — July 21st, 2011, 5:15 pm

Re: Redirect errors when forcing SSL

2011-07-21T16:29:09-05:00

I will try to make a list. http://www.sms-midsouth.org
Click "membership" then click "Register Now" under one of the packages to see the problem.

Statistics: Posted by vonralls — July 21st, 2011, 4:29 pm

Re: Redirect errors when forcing SSL

2011-07-21T16:22:15-05:00

What other plugins are you running in concert with s2Member?
It sounds like there is another plugin and/or theme that is working in conflict with s2Member?
Can we get a link to this page please?

Statistics: Posted by Jason Caldwell — July 21st, 2011, 4:22 pm

Re: Redirect errors when forcing SSL

2011-07-21T16:06:23-05:00

.htaccess looks like this:

Code:: # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress

Yes, happens in IE, Chrome, and FF as well.

Statistics: Posted by vonralls — July 21st, 2011, 4:06 pm

Re: Redirect errors when forcing SSL

2011-07-21T16:03:47-05:00

vonralls wrote:
I have added the above code to my wp-config file, and I have added the s2member_force_ssl custom field set to yes on the page. I still get the redirection issue. In Safari, I can watch it go back and forth between http: and https: until it dies with the redirect error.

Does this happen in other browsers, or just Safari?
Do you have anything special related to redirection inside your .htaccess file?

Statistics: Posted by Jason Caldwell — July 21st, 2011, 4:03 pm

Re: Redirect errors when forcing SSL

2011-07-21T15:39:35-05:00

I have added the above code to my wp-config file, and I have added the s2member_force_ssl custom field set to yes on the page. I still get the redirection issue. In Safari, I can watch it go back and forth between http: and https: until it dies with the redirect error.

Statistics: Posted by vonralls — July 21st, 2011, 3:39 pm

Re: Redirect errors when forcing SSL

2011-07-21T15:18:03-05:00

Hi Beth. Thanks for the follow-up.
Using the FTP information you provided, I can confirm that this hack inside the /wp-config.php file works.

Code:: php if(isset($_GET["s2-ssl"])) $_SERVER["HTTPS"] = "on";

However, given your hosting situation with Proxy SSL and no $_SERVER["HTTPS"] environment variable, I can see why you're continuing to have trouble. Although this hack corrects the endless loop, after our email communication the other day, I can see that it still does NOT fix the issue with embedded media that does not contain the ?s2-ssl parameter. I'm sorry, but I've been unable to find a workaround for this. I would recommend a hosting change in this case. Without the proper environment variables available to PHP, it makes it impossible for WordPress, and thus s2Member to know when SSL is and is not enabled. I suggest MediaTemple (gs).

Statistics: Posted by Jason Caldwell — July 21st, 2011, 3:18 pm

Re: Redirect errors when forcing SSL

2011-07-21T14:02:18-05:00

I'm still having this issue even after adding the lines to the wp-config and putting the custom field value: s2member_force_ssl and yes in the page. Is there anything else that could cause this? It looks like the page is trying to force ssl, but then redirects back to http...

Statistics: Posted by vonralls — July 21st, 2011, 2:02 pm

Re: Redirect errors when forcing SSL

2011-07-14T20:24:19-05:00

Hi Beth. I saw the code you quoted in the other thread on this. viewtopic.php?f=4&t=14122

Could you try this hack?

/wp-content/mu-plugins/s2hacks.php

Code:: add_action('ws_plugin__s2member_config_hooks_loaded', 'https_plugin_dir_url'); function https_plugin_dir_url() { if (isset($_GET['s2-ssl'])) $GLOBALS['WS_PLUGIN__']['s2member']['c']['dir_url'] = strtr($GLOBALS['WS_PLUGIN__']['s2member']['c']['dir_url'], array('http:' => 'https:')); } ?>

I hope it works and solves your problem.

Statistics: Posted by Cristián Lávaque — July 14th, 2011, 8:24 pm

Re: Redirect errors when forcing SSL

2011-07-14T01:17:29-05:00

My apologies - I've tried the force SSL so many times without success. I've been in two days of endless loops. I understood that S2Member should do all this for me but I had the conflict with NS and I didn't know about putting this code in the wp.config file.

I put the code in the file and it know converts files to shttp. But unfortunately, I still get security error messages and I checked JS debugger and there are two lines with HTTP in the javascript for State, Zip and US. One is an Ajax gif file

Thank you for your help and I would love to know how ti fix the issues with the javascript

Statistics: Posted by bethperkins — July 14th, 2011, 1:17 am

Re: Redirect errors when forcing SSL

2011-07-14T00:46:51-05:00

Thanks for the follow-up.

I think I do understand, but please correct me again if I really don't.

s2Member handles most of this for you. So as long as the client is using SSL for WordPress Posts/Pages that have the Custom Field s2member_force_ssl = yes, this solution should provide a simple workaround for you. I just tested this on your site. It seems to work nicely. No more endless loops, and all media is forced to SSL by s2Member.

/wp-config.php

Code:: php if(isset($_GET["s2-ssl"])) $_SERVER["HTTPS"] = "on";

* No need to use a separate header. s2Member handles all media conversions to https:// for you automatically. It does appear that your SSL certificate is invalid though? Or just in development still?

I don’t think you understood my SSL problem. I can’t use the “force SSL” option because the customers hosting company is Network Solutions.

I understand. But nothing prevents your /wp-config.php file from setting the proper environment variable when it detects ?s2-ssl in the URL. That's why this works. This is what Network Solutions *should* be doing, but they aren't, so we just have to force WordPress to do it instead of relying on the server to handle it automatically.

Code:: php if(isset($_GET["s2-ssl"])) $_SERVER["HTTPS"] = "on";

Statistics: Posted by Jason Caldwell — July 14th, 2011, 12:46 am

Re: Redirect errors when forcing SSL

2011-07-14T00:36:17-05:00

I don’t think you understood my SSL problem. I can’t use the “force SSL” option because the customers hosting company is Network Solutions.

You can try the page here, it goes into an endless loop:
http://www.action-intell.com/printers/?s2-ssl=yes

I did some research of the web – I put it in the note and the forum. This was what Network Solutions says:
"Our proxy SSL doesn't allow server-side variables to detect HTTPS (secure). All server-side coding will always detect HTTP (non-secure), and for programs that attempt to redirect non-secure connections (http://) to a secure connection (https://) will result in an infinite loop and server error after 30 seconds.

The only ways around this is to assume the connection is secure by making all the links to the sensitive pages https, or use a client-side program (like javascript) to detect if it's secure and redirect if it's not.

This is why I came up with a separate header.php for my check out. Can you tell me a way that I can let all the components of my check out page know that it is https without using the query string?

I will encourage customer to leave NS soon but I need to get this working right now,

Statistics: Posted by bethperkins — July 14th, 2011, 12:36 am

Re: Redirect errors when forcing SSL

2011-07-13T23:55:32-05:00

I just sent you an email with some private details regarding custom coding.

Statistics: Posted by Jason Caldwell — July 13th, 2011, 11:55 pm

Re: Redirect errors when forcing SSL

2011-07-13T20:56:49-05:00

I'm taking a look at your other question via email now.

Statistics: Posted by Jason Caldwell — July 13th, 2011, 8:56 pm

Re: Redirect errors when forcing SSL

2011-07-13T20:50:28-05:00

Thanks for your inquiry Beth.
~ and for your patience. I'm sorry, it's been crazy here the last few days.

Regarding SSL ...
When you set the Custom Field s2member_force_ssl -> yes, s2Member will force a redirection to the https:// version of the Post or Page. In addition, s2Member will append this onto the query string of the URL: ?s2-ssl=yes. So you can ditch the JavaScript solution if you like, and instead just add these two lines to the top of your /wp-config.php file, right after the tag.

Code:: php if(isset($_GET["s2-ssl"])) $_SERVER["HTTPS"] = "on";

This way WordPress, s2Member, and other plugins know that you're running under the SSL protocol, whenever the URL contains /?s2-ssl=yes.

I hope that helps. If not, please let us know.

Statistics: Posted by Jason Caldwell — July 13th, 2011, 8:50 pm

Re: Redirect errors when forcing SSL

2011-07-11T14:45:09-05:00

I installed the Wordpress HTTPS plugin and I had the same redirect errors. In desperation I tried a solution on the plugin forum suggested by TomsRiver WebDesign and it is working. I'm not happy with this solution because I don't like changing plugin code (that I don't fully understand, and now I cant uprev). Here is the link for any other people suffering, try it out. http://wordpress.org/support/topic/plug ... irect-loop
In the meantime, please let me know if someone has a better solution.

Statistics: Posted by bethperkins — July 11th, 2011, 2:45 pm