Had an interesting encounter with a server sitting behind a hardware load balancer - the app sees all traffic as http and the client IP address it sees is the address of the load balancer!
Looking at the Hikashop code there are various checks of the form $_SERVER.
From my investigations so far it looks like a more robust check for SSL is something like this (the HTTP_X_FORWARDED_PROTO value might need to be enabled by the server administrator):
if ( (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off')) ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ) {
... handle SSL case ...
}
else {
... handle non-SSL case ...
}
Similarly for the client IP address need to code something like this:
> function GetUserIP() {
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) $client_ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
else if (isset($_SERVER["HTTP_CLIENT_IP"])) $client_ip = $_SERVER["HTTP_CLIENT_IP"];
else $client_ip = $_SERVER["REMOTE_ADDR"];
Is it possible to modify Hikashop code to cater for this situation or do you have other suggestions as to how this type of setup might be handled? - seems too complicated a setup for my liking, although I can see the logic of simplifying the upgrade process if your site traffic outgrows your environment.
Looking at core Joomla 1.6 code it also does a simple $_SERVER check.
See:
Dire load balancing straits
Joomla proxy patch
Getting real IP of your users
HIKASHOP ESSENTIAL 60€The basic version. With the main features for a little shop.
HIKAMARKETAdd-on Create a multivendor platform. Enable many vendors on your website.
HIKASERIALAdd-on Sale e-tickets, vouchers, gift certificates, serial numbers and more!
MARKETPLACEPlugins, modules and other kinds of integrations for HikaShop
