Can we remove secure login option alone from Magento

Question

Is there way to disable the secure login/registeration/forgot password alone, but all other pages like checkout customer dashboard area can use https but i want to disable secure url for only customer login/registeration/forgot pages, i checked on custome r module /etc/config.xml but couldnot find anything like that.

Please help me

Thanks in advance.

Answer 1

First you'll want to do all this from app/code/local/ of course!

With that being said you'll need to extend/edit app/code/core/Mage/Customer/etc/config.xml:

    <secure_url>
        <customer>/customer/account/</customer>
    </secure_url>

...and remove it.

Next you'll need to edit/extend app/code/Core/Mage/Customer/Helper/Data.php:

and modify the _getUrl()'s to force using secure url on the pages you want it to be secure:

return $this->_getUrl('customer/account', array('_secure' => true));

NOTE: Like everyone else mentioned this isn't exactly a good idea from a security stand point.

Hope this helps!

Answer 2

Did you think that Login pages are accessed via HTTPS for a reason? The reason is to protect them from modification. Removing HTTPS will open a huge security hole and will cause leakage of passwords of your web site visitors.

Answer 3

So, you should overload the blocks that contents url links and rework it to get urls witout http. But the good is to use in your box the iframes.