•  » Extensions
  •  » [Force HTTPS] questions about code and "login only" feature

#1 2016-08-26 19:41:16

Piwigo Team
Nantes, France, Europe

[Force HTTPS] questions about code and "login only" feature

Hello bonhommedeneige,

I'm currently working on HTTPS related subjects. Of course I'm trying [extension by bonhommedeneige] Force HTTPS in depth. I have a few questions :-)

* what is the directory PHPWG_ROOT_PATH.PWG_LOCAL_DIR.'piwigo-force-https' about? (it looks like useless code to me)

* now that you use maintain.class.php you no longer need your function piwigo_force_https_init() in

* this is far too complicated:


$use_https = isset($conf['fhp_use_https']) ? piwigo_force_https_strbool($conf['fhp_use_https']) : 'false';
if ($use_https == 'true') {

you can write this instead:


if ($conf['fhp_use_https'])

(Piwigo alread converts config values like (string)"true" to (bool)true and at this level in the code, you should be sure $conf['fhp_use_https'] is already set.

* what do you think about a simpler option "use HTTPS for log in and following pages" ? This idea is to allow HTTP browsing, but force HTTPS force log in.

Latest blog post (November 9th 2018) Why Flickr could not remain free for ever



#2 2017-11-08 00:45:24


Re: [Force HTTPS] questions about code and "login only" feature

Hello plg
At first, sorry for replying to your message more than one year later (didn't see the notification to be honest), and thank you for the comments / suggestions.
I've enhanced the code and the way to handle the configuration, it is I think much simpler now.
The new version also embeds new options, from which the possiblities to enable HTTPS only for :
- identification (identification, register, and user preferences)
- admin pages
New options also so that one can customize the values of the redirect code (as requested here and the HSTS max-age value (which by default is now 6 months instead of 300 seconds)

Arnaud (bonhommedeneige)

Last edited by bonhommedeneige (2017-11-08 00:45:56)


  •  » Extensions
  •  » [Force HTTPS] questions about code and "login only" feature

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate © 2002-2019 · Contact