Indexhibit is a CMS which was quite sucessful and widely used in the 2000's. Its minimalist look and simple browsing interface made it the perfect tool for artists and designers who were not well versed into technical details. What it had in simplicity it lacked into security (the codebase was a mess). A 2.0 version was developped in 2012 but it never gained widespread success and is not maintened anymore. Today many better alternatives exist (Cargo to name just one) if one want to build a new portfolio/website.

But if one care about one's Indexhibit and/or don't want migrating it to another CMS there is one easy yet undocumented hack I discovered that allow an Indexhibit website to work over HTTPS.

HTTPS and broken links

There's many reasons for going fully HTTPS and I won't cover it. I just happen to have an old Indexhibit based website that switched automatically to HTTPS thank to my web host. Overnight my website broke with many 404 errors. It wasn't an horrible thing since I was procrastinating about migrating to HTTPS anyway. Going further with my analysis of the situation I noticed plenty of mixed active content error messages with a web console (Firefox is a wonderful tool for that). These errors are actualy a result of a security mechanism that prevent loading of unsecured resources (read: loading data from HTTP URL) when called from a secured webpage (read: HTTPS). And indeed all the CSS and the JS files were called over HTTP link so there weren't loaded, thus the website totally broken.

I went on the hunt for any hardcoded HTTP link into Indexhibit codebase and after few minutes I finally found a single line which was the root of all my problems. On line 49 of /ndxz-studio/defaults.php (I'm using Indexhibit 0.70d, YMMV) there's this little line:

$base = 'http://' . $_SERVER['HTTP_HOST'] . $self . '/';

As you've surely guessed by now, you just have to replace "http://" with "https://" and voilĂ  your Indexhibit is now fully working over HTTPS.