Mini Mods - IMG Cacher - SSL Keeper - Mixed Content Block Solution

Pretty much you use this when you want to keep the SSL certificete working on pages that people may use [IMG] tag's without https://.

When you use SSL on your forum, and somebody embeds an image from a non-ssl host, lots of browsers will give you a warning and say the website is unsafe ---this is a solution to that problem.

Specifically, Mozilla has a 'Mixed Content Blocker', which makes it so if you are on an https:// website, it won't load any content on the same domain, using http://.



NOTE: MAKE SURE THE .HTACCESS FILE IN cache-img/ IS WORKING!



Upload the files into your root directory, and that's it.

Then you need to create a plugin (admincp -> plugins & products -> add new plugin)
Hook location: bbcode_img_match
Title: SSL IMG Cacher
Execution order: 5
Plugin PHP Code:

Code:

$link_parsed = parse_url($link);
if ($link_parsed['host'] != '[LINK_TO_YOUR_WEBSITE]')
{
 $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
 $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
}

Plugin is active: Yes


edit "[LINK_TO_YOUR_WEBSITE]" - Without http, example: www.dragonbyte-tech.com or www.internot.info etc. etc.

Then you are done.

It should be secure as the actual directory for the images is not available.(deny from all in htaccess)


I would also suggest adding this to robots.txt

Code:

User-agent: *
Disallow: /cache.php

Also I suggest you add something like this to .htaccess:

Code:

<FilesMatch "cache\.php$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>

======
I only give support to people who have pressed 'installed' this.
======


Source&stuff can be found here: https://github.com/MegaManSec/IMG

For vB3.8 solution, go here: https://vborg.vbsupport.ru/showthrea...75#post2411575 (Thanks to Kh99)

[hugoroger]

I installed this but I am trying to get pages like:

https://www.iforumelite.com/content....e-contratacoes
https://www.iforumelite.com/content.php

Secure but this did not work.

I did everything except add this:

User-agent: *
Disallow: /cache.php
Also I suggest you add something like this to .htaccess:
Code:

<FilesMatch "cache\.php$">
Header set Cache-Control "max-age=86400, public"
</FilesMatch>

[Alan_SP]

These images are served from your system as attachments. I don't use attachments, but I'm sure there's a way to sort this out. Look at attachment options, or also you can rebuild styles, but this mod shouldn't touch images on your domain, that is why you have problem in my opinion.

[Alan_SP]

Quote:

Originally Posted by DSemen

Please tell me how to install it correctly.

You have file cache.php, you need to upload it to your forum root directory.

Well, you replace original content of that file with this code. Whole content, not just part of it. Basically, you quoted how new cache.php looks like.

Also, everything else needs to stay same, i.e. you need to create plugin which calls cache.php.

It works for me, except for some images (few here and there, maybe slower sites that react slowly).

[Alan_SP]

This mod do images from https hosts and for some reason have problem with images taken from Facebook.

Is there a solution for this, either that all images work, or that mod just starts ignoring images from https hosts.

I guess that plugin code should be different, to check not only if images is from different host, but that image comes only from http hosts. This also would speed this mod greatly. Is there someone who knows how to check if image is from host already with https?

[djbaxter]

Quote:

Originally Posted by MegaManSec

I'll give you an example of how to do it.

This is mine:
[code]

edit this part:

Code:

src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

and make it https://

Even easier:

Change

Code:

src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

To:

Code:

src="//pagead2.googlesyndication.com/pagead/show_ads.js">

[bridge2heyday]

This is my version of this plugin

PHP Code:

$link_parsed = parse_url($link);
if( $link_parsed['scheme'] == 'http'){
    $ssl = 'https://'.$link_parsed['host'];
    $stream = @stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
    $read = @fopen($ssl, "rb", false, $stream);
    $cont = @stream_context_get_params($read);
    $var = ($cont["options"]["ssl"]["peer_certificate"]);
    $result = (!is_null($var)) ? true : false;
    if($result) {
    $link = str_replace('http','https',$link);
    $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
    } else {
        $link = $this->registry->options['bburl'] . '/cache.php?img=' . urlencode($link);
        $retval = ($fullsize ? '<div class="size_fullsize">' : '')  . '<img src="' .  $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
    }
    
} 


it checks if image https => OK
if image http .. check for https version .. if the https version is OK => OK
if the https version not working .. use the script

[Alan_SP]

Great work bridge2heyday, do you maybe have better code for cache.php? I noticed that it slows down loading of pages and also that some images don't work with it, but work when I disable plugin (i.e. disable cache.php).

It would be great if there's faster and 100% compatible version of this mod. That all images on http that work (some don't work) can be transferred to https.

[bridge2heyday]

Quote:

Originally Posted by Alan_SP

Great work bridge2heyday, do you maybe have better code for cache.php? I noticed that it slows down loading of pages and also that some images don't work with it, but work when I disable plugin (i.e. disable cache.php).

It would be great if there's faster and 100% compatible version of this mod. That all images on http that work (some don't work) can be transferred to https.

Thank you , I didn't look at cache.php file .. I just did this small modification for a client .. though , my code may be improved by checking if the file is previously cached or not before looking for validity of https image .. because connection overhead may slow down the site .
There may be alternative solution - I did for an other client - to add white-list for known image hosting websites which turned using SSL .. if the image is hosted on one of those sites .. the link will be changed to https .. if not , it will be displayed as plain text image URL

[Alan_SP]

I checked, cache.php doesn't actually cache images in cache directory, it probably just create image there temporarily and delete it after it is sent to browser. At least I didn't found images in cache folder.

Anyway, it would be great if cache.php can work with all images, as some images don't work, not sure why. With your plugin modification and cache.php that work with all images (and hopefully faster), this would be great for making site completely https compatible.

[Beor]

Hello

This modification works for vb5?

Signatures of our forum not is on https

BR