Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Https is on when I have disabled it, broken images


discomonkey

Recommended Posts

My site (http://www.martinadesigns.com/) is broken now because all my images are being requested via HTTPS. For some reason it does this although I have it disabled in configure.php. I *used* to have the HTTPS server info filled in for the hell out it, although I don't even have a Secure Server, but I removed it for further debugging and it stilll messes up in IE and messes up my titles in mozilla.

 

Take a look at my configure.php, and application_top.php, where I have traced the problem to......

 

**** configure.php ******

 

define('HTTP_SERVER', 'http://www.martinadesigns.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.martinadesigns.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

 

 

 

*** In application_top.php ****

 

// set the type of request (secure or not)

echo("getenv(HTTPS) = " . getenv('HTTPS')); // I put this in for debugging

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

// set php_self in the local scope

if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];

 

if ($request_type == 'NONSSL') {

echo(" *** SSL Disabled (everything's fine!)"); // I put this in for debugging

define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);

} else {

echo(" *** SSL Enabled (crap)"); // I put this in for debugging

define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);

}

 

**** Output produced:

getenv(HTTPS) = on *** SSL Enabled (crap)

 

 

For some reason my getenv(HTTPS) returns on, although in my configure.php I clearly have disabled SSL. What other factors could possibly turn SSL back on??

 

(I have header tags controller, STS, additional images, auto thumbnailer, and info pages modules installed. the last thing I installed was additional images, but It was working fine when I walked finished...)

 

 

Any ideas??

Link to comment
Share on other sites

it baffles me, application_top.php is the first thing called in any page, and checking for SSL is one of the first things that happens in application_top.php. I guess the trick is to understand how getenv('HTTPS') works, I assume that consults configure.php, but I might be wrong?

Link to comment
Share on other sites

here it is:

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.martinadesigns.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', ''); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', false); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.martinadesigns.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/neen/public_html/martinadesigns/catalog/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', 'XXXX');

define('DB_SERVER_PASSWORD', 'XXXXX');

define('DB_DATABASE', 'XXXXXXXXXX');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

 

// STS ADDITIONS

define('STS_START_CAPTURE', DIR_WS_INCLUDES . 'sts_start_capture.php');

define('STS_STOP_CAPTURE', DIR_WS_INCLUDES . 'sts_stop_capture.php');

define('STS_RESTART_CAPTURE', DIR_WS_INCLUDES . 'sts_restart_capture.php');

define('STS_TEMPLATE_DIR', DIR_WS_INCLUDES . 'sts_templates/');

define('STS_DEFAULT_TEMPLATE', DIR_WS_INCLUDES . 'sts_template.html');

define('STS_DISPLAY_OUTPUT', DIR_WS_INCLUDES . 'sts_display_output.php');

define('STS_USER_CODE', DIR_WS_INCLUDES . 'sts_user_code.php');

define('STS_PRODUCT_INFO', DIR_WS_INCLUDES . 'sts_product_info.php');

?>

 

 

 

or did you want the actual file??

Link to comment
Share on other sites

I just took a fresh copy of configure.php from the Oscommerce package and filled in the info, then uploaded it, no change. What would a document root problem entail?

 

 

And do you know how getenv('HTTPS') works? I realize that HTTPS is not a value in configure.php, but where else could you get that value when nothing else is included??

Link to comment
Share on other sites

I understand my problem now.

 

The culprit was getenv('SSL'); I found a thread about people having problems with SSL/NONSSL items (http://www.oscommerce.com/forums/lofiversion/index.php/t23972.html)

Basically they say to use $_SERVER['HTTPS'] instead (which I tested and it returned nothing, which I believe is accurate in my case)

 

Basically for some reason getenv('HTTPS') decided to start returning 'on' for me, since its a php function and simply returns some sort of environmental value. I really don't understand how it decides if the page is SSL or not, but I don't care since I don't have a secure server.

 

I welcome any comments on this, since from the threads I've read many people have had glitches with getenv() and have suggested the same type fix, although other people have reported that it doens't work for them. I don't know how to fix it, so instead I just gimped my code

 

(changed

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

to

$request_type = (getenv('HTTPS') == 'onn') ? 'SSL' : 'NONSSL';

so it will never trigged SSL)

Link to comment
Share on other sites

  • 3 weeks later...
  • 1 year later...
I welcome any comments on this, since from the threads I've read many people have had glitches with getenv() and have suggested the same type fix, although other people have reported that it doens't work for them. I don't know how to fix it, so instead I just gimped my code

 

(changed

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

to

$request_type = (getenv('HTTPS') == 'onn') ? 'SSL' : 'NONSSL';

so it will never trigged SSL)

I just spent half a day trying to work out why getenv('HTTPS') was always equal to 'on' on our servers. This problem never existed in the past and may be due to an auto-update from CPanel. Or it may be due to some changes we made to mod_security.

 

Even a call to phpinfo() was showing the Environment variable HTTPS set to 'on', as were some test scripts (which simply went along the lines of echo getenv('HTTPS'); echo $_SERVER['HTTPS']; etc).

 

Anyways, here's something to try if you encounter the problem...

 

If getenv('HTTPS') is always returning 'on' even though your URL is http (not https), try resetting apache manually (via SSH or WHM). It worked for me :thumbsup:

 

See http://forums.cpanel.net/showthread.php?t=44256

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...