Topic: HTTPS problems

Hi guys

I have been having a problem with setting up monstra on HTTPS this is what i have found to be causing problems.

Firstly with regards to the gavatar it needs to point to the HTTPS site for security I have done a patch for this

In plugins/box/users/users.plugin.php

  /**
     * Get Gravatar
     *
     *  <code>
     *      <img src="<?php echo Users::getGravatarURL('monstra@monstra.org', 64); ?>" alt="">
     *  </code>
     *
     * @param string  $email  Email
     * @param integer $size   Image Size
     */
    public static function getGravatarURL($email, $size)
    {
        if( isset($_SERVER['HTTPS'] ) ) {
          return 'https://secure.gravatar.com/avatar/'.md5(strtolower(trim($email))).'?size='.$size;
        } else {
          return 'http://www.gravatar.com/avatar/'.md5(strtolower(trim($email))).'?size='.$size;
        }
    }

I still have a problem where by the admin backend connects to monstra.org for a version update?
this could be a problem as I see monstra does not run HTTPS

I would suggest getting a SSL key and have the option for both HTTP and HTTPS to allow users to setup HTTPS websites. if it's a cost problem startssl offer a really good service.

otherwise maybe a option to disable version checking?

Re: HTTPS problems

Hi,

Nice tweak, have you logged this as a new issue in Github for Monstra? https://github.com/Awilum/monstra-cms/issues

Regarding disabling version checking, have you tried adjusting the: define('CHECK_MONSTRA_VERSION', true); in the defines.php to FALSE?

Will

Re: HTTPS problems

For me the back end is not HTTPS is okay, as long as the front end is HTTPS. So far our security team have failed to pawn Monstra!

Monstra 3.0.1