Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Although this page is Encrypted... ERROR


k1w1guy

Recommended Posts

I have this error on my site ZangoPill when I click on the ADD to CART button. But surprising enough *not* when I click on the BUY NOW button when using the categories link.

 

 

WINDOWS SECURITY WARNING:

Although this page is encrpypted, the information you have entered is to be sent over an Unencrypted connection and could be easily read by a third party.

Are you sure you want to contine sending this information?

 

I'm sure this appeard when I was messing with the admin/configure.php file.

 

Any help would be appreciated!

 

Pete

 

<?php
/*
 osCommerce, Open Source E-Commerce Solutions
 http://www.oscommerce.com

 Copyright (c) 2003 osCommerce

 Released under the GNU General Public License
*/

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'https://www.zangopill.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.zangopill.com');
 define('HTTPS_CATALOG_SERVER', '');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/content/k/1/w/k1w1guy/html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/myadmin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/content/k/1/w/k1w1guy/html/myadmin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/home/content/k/1/w/k1w1guy/html/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

// define our database connection
 define('DB_SERVER', 'mysql.secureserver.net'); // eg, localhost - should not be empty for productive servers
 define('DB_SERVER_USERNAME', 'xxxx');
 define('DB_SERVER_PASSWORD', 'xxxx');
 define('DB_DATABASE', 'xxxx');
 define('USE_PCONNECT', 'false'); // use persisstent connections?
 define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'
?>

Link to comment
Share on other sites

well...

ive played with it for a while, and it only does it on the actual product page. If you click buy now on category listing that doesnt do it either.

just wanted to at least give it a shot, but hey im relatively new and dont know why its doing that...

weird though.

maybe it has something to do with a blank for https server?

just a guess

Link to comment
Share on other sites

well...

ive played with it for a while, and it only does it on the actual product page. If you click buy now on category listing that doesnt do it either.

just wanted to at least give it a shot, but hey im relatively new and dont know why its doing that...

weird though.

maybe it has something to do with a blank for https server?

just a guess

 

Justin thanks for your reply. I'll keep messing things up, ahh I mean working on it :-)

 

Pete

Link to comment
Share on other sites

well...

ive played with it for a while, and it only does it on the actual product page. If you click buy now on category listing that doesnt do it either.

just wanted to at least give it a shot, but hey im relatively new and dont know why its doing that...

weird though.

maybe it has something to do with a blank for https server?

just a guess

 

 

Yes and IE does not seem to show the error. Just FireFox. What Browser are you using?

 

Pete

Link to comment
Share on other sites

define('HTTP_CATALOG_SERVER', 'http://www.zangopill.com');
define('HTTPS_CATALOG_SERVER', 'https://www.zangopill.com'); //This should be filled in 
define('ENABLE_SSL_CATALOG', 'true'); // If this is true

 

 

Thanks Dave!

 

I added:

 

define('HTTP_CATALOG_SERVER', 'http://www.zangopill.com');

define('HTTPS_CATALOG_SERVER', 'https://www.zangopill.com'); //This should be filled in

define('ENABLE_SSL_CATALOG', 'true'); // If this is true

 

and the rest is 'true'.

 

Still get the Warning! It's weird! I know I did something in the admin/configure.php but I can't figure out what. IE seems to be fine but Mozilla FireFox pops up the above Windows Security Warning.

 

Thanks for your help though.

 

Pete

Link to comment
Share on other sites

Thanks Dave!

 

I added:

 

define('HTTP_CATALOG_SERVER', 'http://www.zangopill.com');

define('HTTPS_CATALOG_SERVER', 'https://www.zangopill.com'); //This should be filled in

define('ENABLE_SSL_CATALOG', 'true'); // If this is true

 

and the rest is 'true'.

 

Still get the Warning! It's weird! I know I did something in the admin/configure.php but I can't figure out what. IE seems to be fine but Mozilla FireFox pops up the above Windows Security Warning.

 

Thanks for your help though.

 

Pete

 

 

OK I don't think this is an OSC error now. I just went to verizonwireless to check out my cell phone bill. I logged in and surfed around a bit in their customer back office area and got the same Windows Security Warning using Mozilla FireFox v1.0PR.

 

So Im going to leave it for now. It's annoying but since most people still use IE and IE is fine I'm going to look at it more closely when I have more time.

Link to comment
Share on other sites

  • 3 weeks later...

It appears this message is displayed any time you have a form on a secure page and the form.action is unsecure. The relevant code I found in the Mozilla 1.7.3 code base is as follows:

 

From ..\security\manager\boot\src\nsSecureBrowserUIImpl.cpp

nsresult
nsSecureBrowserUIImpl::CheckPost(nsIURI *formURL, nsIURI *actionURL, PRBool *okayToPost)
{
 PRBool formSecure,actionSecure;
 *okayToPost = PR_TRUE;

 nsresult rv = IsURLHTTPS(formURL, &formSecure);
 if (NS_FAILED(rv))
   return rv;

 rv = IsURLHTTPS(actionURL, &actionSecure);
 if (NS_FAILED(rv))
   return rv;
 
 // If we are posting to a secure link, all is okay.
 // It doesn't matter whether the currently viewed page is secure or not,
 // because the data will be sent to a secure URL.
 if (actionSecure) {
   return NS_OK;
 }
   
 // posting to insecure webpage from a secure webpage.
 if (formSecure) {
   *okayToPost = ConfirmPostToInsecureFromSecure();
 } else {
   *okayToPost = ConfirmPostToInsecure();
 }
 
 return NS_OK;
}

 

The message is displayed by the function ConfirmPostToInsecureFromSecure. There are no user options/preferences to turn off this message.

 

I have this issue in Netscape, so I believe this code is in Mozilla, Netscape, and Firefox.

 

Some possible solutions to help avoid this dialog:

 

1) Make the target of the form secure.

2) If you are done with security and want to continue unsecure, use redirect instead of a form.

 

DM

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...