I've released a plugin to force usage of HTTPS for any connection.
http://piwigo.org/ext/extension_view.php?eid=697
Enjoy !

I think that would appear only the first time: go to its settings page and validate once

PS: please open a new thread especially when the current one is marked as Resolved

Hi,

I've released an update (+enhancement). You can download it there : http://piwigo.org/ext/extension_view.php?eid=697
Hope it will fix your issue (it should :-) )

I'm not very good at apache, so I've been searching the piwigo forums and the rest of the internet, to figure out how to have only the login screen ssl encrypted, not everything on my piwigo site.

I was able to piece together the following which gives me the login screen in https, then switches back to http after a successful login.  To me this is perfect because I don't want the added overhead of ssl encryption when I'm just going through the gallery or doing simple admin stuff.  I'm running piwigo on a Raspberry Pi, so I must be conservative with my resources on the Pi.

So here it is for guys like me, who don't have all the technical expertise that so many forum posters assume we have.

This solution uses the .htaccess and I'm running apache2 on my Pi.
I installed webmin and phpmyadmin on my Pi which automatically setup ssl on apache.

1. create a .htaccess file on your pc and paste the following into the file and save it.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI}  ^/piwigo/identification\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

RewriteCond %{REQUEST_URI}  !^/piwigo/identification\.php$
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

2. ftp the .htaccess file to your piwigo folder (eg. var/www/piwigo) Make sure permissions and ownership are identical to other files in that location.

3. copy /etc/apache2/mods-available/rewrite.load to /etc/apache2/mods-enabled if it isn't there already or create a symlink to the file.

4.restart apache or reboot your server.

Your done!!!!

Here's an explanation of the commands in the .htaccess file
- turn rewrite engine on
- check if https is off
- check if it's the login page
- if it is, redirect to https page
- R=302 does the redirection once (not permanently)
- L makes this the last command to execute

if the first command was not executed, it continues checking through the .htaccess file

- checks to make sure it's not the login page
- checks to make sure https is on
- if it is, redirect to http page

I hope this is useful for anybody who just wants their login page encrypted.

Cheers,
Michel. 

P.S. My Raspberry Piwigo gallery is at http://myphotos.linkpc.net if you want to see how piwigo runs on the $35 Pi.

Just a quick note to other noobs like me...
Even though webmin setup ssl on my server, I still had copy or symlink the default-ssl from the etc/apache2/sites-available directory, to the etc/apache2/sites-enabled directory.

I also had to edit the default-sll file and change AllowOveride from None to All.

I hope this helps other that want https for only their login page.

Cheers.