Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Security

ukgoods

By ukgoods
in General Support

Recommended Posts

ukgoods

ukgoods

Posted
Posted

On my website, once you have logged in, you are using the secure server. However, if you click on the breadcrumb or any of the categories you are taken back to the nonsecure server.

 

How can I modify my application_top to check whether the secure server is in use and keep secure?

 

I think this is scaring away some of my customers.

 

Here is my application_top.php

 

[/b]

 

Thanks,

 

Donna Gordon

UKGoods.com

Vger

♥Vger

Posted
Posted

Please don't post very large pages in their entirity. It is a waste of time, and uses up space on the server. It is a waste of time because (helpful as we try to be) no one is going to look through all of that to try and sort your 'problem' out.

 

The fact is that osCommerce is set up to switch between secure and non-secure as required by which page you are trying to access. The important thing, once you are logged in, is that as you switch from https to http and back to https that you stay logged in. Provided that this functions works it is not actually a problem.

 

Vger

ukgoods

ukgoods

Posted
  • Author
Posted

No need to be rude. >_<

 

The last several times I asked for help (which is not very often), I was asked to provide my code. I will not do it again.

 

Seriously though, my customers seem to think it is a problem if they log in (obviously they are not just browsing) and then go to add more items to their cart and are told they are going to an unencrypted page. I have had several emails from customers who did not place their order because of this.

 

Is there a way to test if the client is in ssl mode and stay in ssl mode?

 

I would think it would be a simple if else clause but don't know how to do it.

 

Regards,

 

Donna Gordon

UKGoods

Guest

Guest

Posted
Posted
No need to be rude.

Vger wasn't being rude.

 

Is there a way to test if the client is in ssl mode and stay in ssl mode?

Probably the easiest way to do this is to ALWAYS use ssl - adjust the config as required. It will increase the load on the server, of course, but if you're not bothered then it should work quite easily.

 

If this is not acceptable, then you'll have to code it yourself to give the desired affect.

 

Rich.

stevel

stevel

Posted
Posted

Normallly, the coding in osC prevents that warning about being redirected to a non-secure page. It does this by rewriting the URL in tep_redirect so that the target page is still secure, but all the links on it are non-secure, which is fine. You may have modified this code so that it doesn't work.

 

I agree with Vger that the switching between secure and non-secure is normal - pages where the customer enters personal information, such as passwords or credit card numbers, are secure. Other pages are not.

Steve

 

Contributions:

Country-State Selector

Login Page a la Amazon

Protection of Configuration

Updated spiders.txt

Embed Links with SID in Description

ukgoods

ukgoods

Posted
  • Author
Posted
Normallly, the coding in osC prevents that warning about being redirected to a non-secure page.  It does this by rewriting the URL in tep_redirect so that the target page is still secure, but all the links on it are non-secure, which is fine.  You may have modified this code so that it doesn't work.

 

I agree with Vger that the switching between secure and non-secure is normal - pages where the customer enters personal information, such as passwords or credit card numbers, are secure. Other pages are not.

 

My CUSTOMERS are saying it is a problem going to non-secure mode AFTER signing in. Personally, I could give a fig :) but they aren't buying because of this.

 

I do not want to turn on SSL mode for people who are only browsing. I want to make sure that all links are secure for people who are actually going to buy. It makes sense to think that people who actually login are going to purchase.

 

I have found the following in the forums:

 

if (!tep_session_is_registered('customer_id')) {

$navigation->set_snapshot();

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'NONSSL'));

}

 

This is for forcing the customer to login if they go into product_info.php. Obviously, the "if" clause is what I need to use. But where would I put it? I want to make the links in the category box & breadcrumb secure ONLY if you are logged in.

 

Any help would be very much appreciated!

 

Thanks,

 

Donna Gordon

UKGoods

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...