Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

help with SSL secure set up for admin


theDruid

Recommended Posts

Hi,

 

I've got my host's shared SSL set up successfully for the 'customer side' of my osCommerce set-up, but I'm struggling with getting the admin side onto SSL.

 

I already have the directory protected, but I would like to make use of the SSL too.

 

My admin/includes/configure.php file looks like:

 

define('HTTP_SERVER', 'http://domain.co.uk');
 define('HTTP_CATALOG_SERVER', 'http://domain.co.uk');
 define('HTTPS_CATALOG_SERVER', 'https://securehost.myhosts.net/~domain');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
define('DIR_WS_ADMIN', '/shop/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
define('DIR_WS_CATALOG', '/shop/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

These are pretty much the same settings that have got it working on the shop front.

 

The admin section does not seem to be using SSL though.

 

Have I missed something?

 

thanks in advance,

theDruid.

Link to comment
Share on other sites

The admin is not set up for the automatice ssl like the catalog section. If you want to use ssl for your admin you need to change your

 

define('HTTP_SERVER'

 

to your secure settings, in your case your shared ssl path.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

Brilliant - thanks for that mate; it worked straight away.

 

cheers,

theDruid.

 

No Problem, good luck with your store.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

Link to comment
Share on other sites

Hello again - the admin section is now using HTTPS - which is great - but I'm now getting an error from osCommerce about the images directory not exisiting:

 

Error: Catalog images directory does not exist: /home/secure/public_html/shop/images/

 

..does this mean I have to change some more of the definitions in my config.php file?

 

(the only thing I've changed from above is the define('HTTP_SERVER', 'https://s....' as per Richard's advice.)

 

I'm not 100% clear actually on how the shared SSL set up works - is all the stuff in the secure path just a mirror of the unsecure content? I imagine they're actually the same files, just accessed via different protocols and therefore different paths?

 

So if new stock is uploaded, and the admin section saves new images into the images directory accessed via SSL, the images willstill be accessible via non-secure means?

 

any clarification much appreciated!

 

cheers,

theDruid.

Link to comment
Share on other sites

Good stuff - I had the same question and have now fixed it with advice above.

 

One more nitpicky thing:

All my admin console pages are now SSL protected, but my admin/index.php page starts off as non-SSL (when the folder permissions password is being sent).

 

Is there any way to set the SSL to kick in before the admin login/password is sent? After all, if we're going to secure this thing might as well make it watertight right?:ph34r:

 

thanks,

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...