SSL and Admin

[jdbtech]

Help. I've searched but can't find any answer to this.

 

I would like the Admin functions to be performed using

the SSL connection. I have set htaccess to require a

password, and if I type "https" for each admin page

the site works, but I need to force my order people to

go to the orders section and get the information using

the SSL connection.

 

Here is the first part of my admin config:

 

define('HTTP_SERVER', 'http://www.costumesforsanta.com'); //

define('HTTP_CATALOG_SERVER', 'http://www.costumesforsanta.com');

define('HTTPS_CATALOG_SERVER', 'https://www.costumesforsanta.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where the pages are located on the server

define('DIR_WS_ADMIN', '/owner/'); // absolute path required

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

 

I have tried to force the DIR_FS_DOCUMENT_ROOT to be https but

that beaks all the admin functions.

 

Any thoughts? TIA

[Guest]

All you have to do is modify this line for SSL

define('HTTP_SERVER', 'http://www.costumesforsanta.com'); //

[jdbtech]

Yep, that did it!

 

Thanks so much. I knew it would be simple,

but I tried to make it difficult.

[Guest]

Yep, that did it!

 

Thanks so much. I knew it would be simple,

but I tried to make it difficult.

Yes, sometimes it's the simplest things that get over-looked

 

glad to help

[Guest]

EDITED

[Guest]

Hi

I don't mean to appear dumb (although I am good at it) but aren't you replacing the same line with the same line? In jdbtech's code is define('HTTP_SERVER', 'http://www.costumesforsanta.com'); //

and you are replacing it with define('HTTP_SERVER', 'http://www.costumesforsanta.com'); //

Isn't that the same?

Just I'm having the same problem. I log into admin under SSL, click orders and it pops back out of SSL.

Thanks

[Guest]

Actually I wasn't saying to replace with that line, but was referring to that line that needs to be changed.

In other words, just add the s

[Guest]

Hi

Thanks for your reply, but if I change that it makes the whole site run on SSL. At the moment it works fine, just popping into SSL when the customer logs in so not putting too much drag on the SSL server (plus it's slow) I am running through a shared server which is 'https://www.safeshop.co.nz/learnex' If I go to my admin through the SSL I put in https://www.safeshop.co.nz/learnex/catalog/admin which is fine, but as soon as I click on the 'Pending Orders' for example I am back in unsecure land which I think means that when I collect the customers creditcard details it is unsecure. Is that correct?

[Guest]

In order to secure the admin area, you need to put your ssl URL in admin/includes/configure.php file (HTTP_SERVER)

 

ps, you should really password protect admin too

[Guest]

So that is the only option to make the whole site secure?

(Don't tell your friends about the admin, I'll get round to it.)

Andrew

[wheeloftime]

I have been struggling with this also and even put a question about it on the board (which no one seemed to be able to answer). After reading this thread I made the proposed changes for the catalog and admin section and voil? it works !!

What I don't understand however is what the purpose is of

 

 define('HTTPS_SERVER', 'https://www.wheeloftime.nl'); // eg, https://localhost - should not be empty for productive servers

 

as that is the place where I made my change (besides setting SSL to true into the two configure.php files) and which didn't do the job ???

[Guest]

define('HTTPS_SERVER' is to define where the site goes when it needs to do the secure bits, ie after a customer logs in and makes a purchase, so if you have a shared certificate it goes through that path to make it secure.

define('HTTP_SERVER' should be where the site goes when it's not needed to be secure ie for normal catalog viewing. By making define('HTTP_SERVER', 'https://www.wheeloftime.nl'); you are telling the whole site to go through the secure path. (which I don't want to do. I just want the admin secure all the time but don't know how to do it.)

Andrew

[Guest]

Whoops. Just noticed that I didn't read Cyanides reply properly. I didn't realise that there is another config file admin/includes/. Now it is clear. Thanks for your help Cyanide.

Andrew

[wheeloftime]

@scream/@cyanide: Thank you both very much for the explanations !

Now it is starting to get clear how the SSL part is functioning and I suppose I'll remove it for the catalog part as it indeed won't be really neccessary there.

 

:thumbsup:

[Guest]

great! glad you guys got it going

[Keg]

great!  glad you guys got it going

<{POST_SNAPBACK}>

 

Wait! Not So Fast...I don't have anything going...how did you guys do that? I've been working at this for two days now and nothing seems to work right...whew!

 

Ok..I'm having problems with my "shared SSL Certificate"..ALL SORTS of problems...I'll give you a quick and dirty rundown. It works, but not the right way, etc.

 

My hosting company has my certificate listed as "https://ssl.shareddomain.net/mydomain.com"

 

This is what I want to do: I don't want my catalog and/or items or ANYTHING secured until either someone logs into their account, or when they check out and buy something. I just don't want my whole website secure...only when needed. When logged in or in the shopping cart, ready to buy, etc. It slows it down way too much if it is throughout the whole site, etc.

 

Here is my complete problem:

 

1. I can surf my shop throughout the catalog, but when logging in it comes up with this error

 

2. It DOES switch to ssl when logging in, but I don't want this ERROR to come up..it freaks people out and they might leave...it even freaks me out!

 

3. Also, I received this "Warning: I am able to write to the configuration file..." error AGAIN, after I just got done getting rid of it when setting up OSC...

 

Again, I got rid of this error when setting up OSC, but it came back when I recently installed my "Shared SSL Certificate"....

 

Can ANYONE tell me how to do this SSL thing step by step if anything? I did find SOME clues within the forum here, but nothing is REALLY CLEAR or CONCISE??!! I've been messing with this but still having very little or no luck at all!!! :(

 

Ok, I have two configure.php files (we know that right -because we all do?)

So here's my rundown and file setup for each one...can anyone tell me what I?m doing wrong here?

 

I'm going to list both of my configure.php files...so please scroll down to look at both of these...so here we go...the places higlighted in blue are the things I changed from the original

 

1. My 1st configure.php file layout directory is at (...catalog/includes/configure.php):

 

define('HTTP_SERVER', 'http://www.mydomain.com'); //

define('HTTPS_SERVER', 'https://ssl.shareddomain.net/mydomain.com'); //

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.mydomain.com');

define('HTTPS_COOKIE_DOMAIN', 'ssl.shareddomain.net');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/mydomain.com/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/*****/htdocs/mydomain.com/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'mydatabaseserver'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '*****');

define('DB_SERVER_PASSWORD', '*****');

define('DB_DATABASE', '*****');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

___________________________________END

 

2. My 2nd configure.php file layout directory is at (...catalog/admin/includes/configure.php):

 

 

define('HTTP_SERVER', 'http://www.mydomain.com'); //

define('HTTP_CATALOG_SERVER', 'http://www.mydomain.com');

define('HTTPS_CATALOG_SERVER', 'https://ssl.shareddomain.net/mydomain.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/*****/htdocs/mydomain/catalog/'); //

define('DIR_WS_ADMIN', '/catalog/admin/'); // ('DIR_FS_ADMIN', '/*****/htdocs/mydomain/catalog/admin/'); // absolute path required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/*****/htdocs/mydomain/catalog/'); // absolute path required

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

// define our database connection

define('DB_SERVER', 'mydatabaseserver'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '*****');

define('DB_SERVER_PASSWORD', '*****');

define('DB_DATABASE', '*****');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

_________________________END

 

:-"

So, can anyone copy and past "in colors" what I need to change in all of this mess?

 

Thanks a Bunch Everyone and Anyone that can HELP....

 

P.S. It might help some of you that I based some of my research on this forum link too, but is a bit confusing to say the least...

 

http://www.oscommerce.com/forums/lofiversion/i...php/t91446.html

[hetul]

Hello,

 

I was trying to set up my website with the Shared SSL.

 

I have successfully for my catalog to work by editing /catalog/include/configure.php

 

My problem started when I tried to get the Admin section working under SSL.

 

Once I go to the Admin Section, the top URL shows:

 

https://securestore.hosting4less.com/MyDoma...nfiguration.php

 

AS you can see my URL shows "MyDomainName" Twice...

 

What can I do to remove this?

 

Here is my Configure.php file settings....

 

define('HTTP_SERVER', 'http://www.MyDomainName.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.MyDomainName.com');

define('HTTPS_CATALOG_SERVER', 'https://securestore.hosting4less.com/MyDomainName/');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/home/MyDomainName/catalog/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/home/MyDomainName/catalog/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/home/MyDomainName/catalog/'); // absolute path required

 

Any thoughts?

[Jezthomp]

Join the club i have a separate ssl perhaps you can help me out though hetul cause i cannot get anything to work never mind admin.

 

Site:http://mysite.co.uk/catalog

My SSL:https://vault2.secure-url.com/myfolder

 

Have uploaded my catalog to the secure address and changed the two configure.phps to the ssl address and enanble true but when i click on my account or log in i get an error page.

 

Any ideas?

 

Thankyou so much for any help:)