Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

links to checkout don't bring up https?


Rick1122333

Recommended Posts

Hi, I set up a test ssl certificate and it seems to be working, but the links to the login and checkout page remain as http not https? I changed both configuration.php files but is there another step? Maybe in application_top.php?

 

here are my configure.php files:

define('HTTP_SERVER', 'http://www.vivgo.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.vivgo.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.vivgo.com');

define('HTTPS_COOKIE_DOMAIN', 'www.vivgo.com');

define('HTTP_COOKIE_PATH', '');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', '/catalog/images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

 

and in admin

define('HTTP_SERVER', 'http://www.vivgo.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.vivgo.com');

define('HTTPS_CATALOG_SERVER', 'https://www.vivgo.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)

define('DIR_WS_ADMIN', '/admin/');

define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);

define('DIR_WS_CATALOG', '/catalog/');

define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/')

 

Thanks you!

Link to comment
Share on other sites

is ssl currently enabled on the site? i went there and the pages which are supposted to automatically go to ssl based upon your configure.php file do not.

 

have you changed any of the pages dealing with ssl?

Link to comment
Share on other sites

is ssl currently enabled on the site? i went there and the pages which are supposted to automatically go to ssl based upon your configure.php file do not.

 

I don't know what you mean by enabled? I thought by changing this:

define('ENABLE_SSL', true); is the way you enable the site. I have modified some pages and I thought this may be the problem but to check this I installed a clean version of oscommerce and it still did not work?

 

Thanks

Link to comment
Share on other sites

The way your config files are set up is for a full ssl certificate - which you have to purchase and install. Your web hosting company may offer the use of a shred ssl for free, if so - take them up on it, and ask them for the pathway to the shared ssl.

 

Vger

Link to comment
Share on other sites

I understand this but the ssl part is working. For example i can go to the url https.vivgo.com/catalog.php , account.php and so forth. The problem is that when you visit the site and click checkout from the shopping cart for example, it is sopposed to link you to to a https version of checkout right? This is what is not happening. I thought it might have been my links via the flash header or some change i made in one of the files, but it seems to do the same in a new install of oscommerce i made for test reasons. Even if ssl wasn't intalled correctly should it not give you an error when trying to load the page? In effect what I see happening is no differnce what so ever using the define('ENABLE_SSL', true); set to true or false. Is there some other option i need to set to enable ssl? Maybe in the control panel?

 

Thank you very much for your time and responses.

Link to comment
Share on other sites

is ssl currently enabled on the site? i went there and the pages which are supposted to automatically go to ssl based upon your configure.php file do not.

 

I don't know what you mean by enabled?  I thought by changing this:

define('ENABLE_SSL', true);  is the way you enable the site.  I have modified some pages and I thought this may be the problem but to check this I installed a clean version of oscommerce and it still did not work?

 

Thanks

 

MY site is hosted on Lunar Pages. They told my that a the shared SSL cert thay offer cannot be used with OScommerce. They told me I had to buy a private cert for OScommerce. So I dont think a shared SSL cert will work.

Link to comment
Share on other sites

MY site is hosted on Lunar Pages.  They told my that a the shared SSL cert thay offer cannot be used with OScommerce.  They told me I had to buy a private cert for OScommerce. So I dont think a shared SSL cert will work.

 

I use Globat, and the shared works just fine to a degree (I have several installs of OsC two to good success and two that the ssl just will not cooperate). They are all on the same server, but different domain names.

 

Anyways, just thought I would share that I do not think it is the shared certificates really - at least not in my instance since it works with one install but not another.

Link to comment
Share on other sites

Hi, I set up a test ssl certificate and it seems to be working, but the links to the login and checkout page remain as http not https?  I changed both configuration.php files but is there another step?  Maybe in application_top.php?

 

Does anyone else have any input on this problem. I'm experiencing the same thing with my installation which has a full private SSL cert. I'd love to see this answered.

 

-g

Link to comment
Share on other sites

I'm experiencing the same thing with my installation which has a full private SSL cert.

 

Seems like alot of us are having the same trouble. Im here today looking for answers to the same problem. If you figure anything out please post it here!

Link to comment
Share on other sites

It seems that many people have a totally incorrect view of SSL.

 

1. If you want a full ssl (https://www.yourdomain.com) then unless you pay for it and either get your host to install it or install it yourself, then you haven't got ssl. osCommerce, by default, is set up with the file pathway to a full ssl in the config files.

 

2. If you want to make use of a shared ssl then you need to know the correct pathway and add that to the https references in your two config files.

 

3. Some people try to run their whole site behind ssl -

 

a. It is is completely unnecessary

b. It slows the page delivery down

 

4. SSL only offers encryption of data, and does not prevent hackers from accessing your osCommerce 'admin' control panel. You need to Password Protect that folder.

 

5. Even if you have installed a full SSL cert has your host company rebooted the httpd config files for the server you're on, if not then the ssl won't be fully installed (e.g. the intermediate certificate will be incorrect).

 

6. When you bought/installed your ssl cert did you upgrade your site from name based to ip based, because if you didn't then your full ssl cert won't work.

 

Hope this helps - Vger

Link to comment
Share on other sites

It seems that many people have a totally incorrect view of SSL.

- snip -

Hope this helps - Vger

 

Vger --

 

I understand how SSL works, though I appreciate you making sure. =)

 

What I don't understand is OSCommerce and why the link to login will not link to the SSL side of the site. Does anyone have any insight into this situation?

Link to comment
Share on other sites

Vger --

 

I understand how SSL works, though I appreciate you making sure.  =)

 

What I don't understand is OSCommerce and why the link to login will not link to the SSL side of the site. Does anyone have any insight into this situation?

 

I've got the same problem. Did you install all the files contained in the catalog directory within the non secure web root? It seems some need to be in the non secure side. (ie, the general catalog, sign up for an account, and shopping cart files ) And some need to be in the secure side. ( ie, the check out process and store admin ) The install directions don't explain this, but I beleive we must either duplicate files across secure/non web servers or create some sort of split across the file structure.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...