b2evolution with gravatars and https

Published by Andrew Hreschak in Web Development, b2evolution blog software
Published on 05/27/14 @ 12:53:00 pm using 428 words, and has 14108 views

I recently installed a private testing blog using b2evolution 5.0.9 and configured it to operate as a user forum. Connections to the site are encrypted with an SSL certificate and, after a little messing about with the htaccess file to make sure that all non-www connections were redirected to www, and http connections were redirected properly to https, I noticed that the shiny new "protected by SSL" icon in the web browser's address bar had changed.

Image showing broken SSL connection when using gravatars in b2evolution

I've worked with SSL in the past and I immediately suspected that it was an issue with off-site images being drawn from a non-secure location. After some grepping of the source code I discovered it was the gravatar system which is now installed on this blog. (For those of you who don't know what gravatars are, they're the little cartoon avatars that appear beside your posts or comments.) So, here's how to patch your b2evo site to work behind an SSL Cert while also using gravatars...

The first thing I did was grep the source code to find the location of the gravatar call using the following command from the /blogroot/:

grep -H -r "http://www.gravatar" ./

That searched the entire blog recursively and found what I was looking for in:

/blogroot/inc/users/model/_user.funcs.php

Open that file in your favorite editor and use the Search function (it's a long file) or scroll down to approx line 1490, where you should see the following:

Image showing php code to be edited to allow gravatars to work with SSL in b2evolution

Now simply edit that http: to https: as in the image below:

Image showing edited php code allowing gravatars to work with SSL in b2evolution

Once you've made that change, save the file and, if you're working locally, upload the edited file to your server, taking care to drop it in the correct directory. Now reload your site and you should see a proper SSL icon in the address bar, as in the image below:

Image showing properly loaded SSL / https connection in b2evolution

Hopefully the b2evolution developers will consider making all of these types of external resource calls dependent on the blog's primary configuration baseurl. That way if the baseurl is configured as a secure 'https' connection, all urls built relatively from that URL will automatically pick up the https connection type and we won't have to go about hacking individual code pages.

Remember, when you upgrade your blog to a new version, you will likely need to redo that edit, so keep track of the change you made in a logfile or, better yet, just bookmark this site and come back again!

Contemporaneous Auditory Narcotics:
or, What my speakers are currently pumping...
Monster Magnet - End of Time

Creative Commons LicenseThis post is the creative work of Andrew Hreschak and is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.

1 comment

Comment from: Francois Planque [Visitor]  
Francois Planque

Try $img_url = ‘//www.gravatar.com…

This way it should work on BOTH http and https ;)

03/15/15 @ 22:49