Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

Secure and Unsecure Items

sondov

By sondov
in General Support

Recommended Posts

sondov

sondov

Posted
Posted

I am having a problem with unsecure items in my secure pages. I believe I have the configure file ste up correctly, here it is:

 

define('HTTP_SERVER', 'http://www.kaptainkiddo.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.kaptainkiddo.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.kaptainkiddo.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/content/p/i/l/pilot33/html/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Does anyone see a problem that I am missing? The website is www.kaptainkiddo.com

 

Thanks is advance.

ozcsys

ozcsys

Posted
Posted

Nothing to do with your configure.php file. It seems to be the missing children banner you have on the right side.

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

sondov

sondov

Posted
  • Author
Posted
Nothing to do with your configure.php file. It seems to be the missing children banner you have on the right side.

 

It's not missing when I open it. I took over working on this site from someone else. If you go to www.kaptainkiddo.com, you'll notice all of the images are http://whatever. The images aren't secured, so I don't get the little lock in the lower right hand corner. Any ideas?

ozcsys

ozcsys

Posted
Posted
It's not missing when I open it. I took over working on this site from someone else. If you go to www.kaptainkiddo.com, you'll notice all of the images are http://whatever. The images aren't secured, so I don't get the little lock in the lower right hand corner. Any ideas?

 

I did not mean the banner was missing but the the banner for missing children seems to be the problem. You seem to have it hardcoded with a using a http: path to the image. Try using https:

The Knowledge Base is a wonderful thing.

Do you have a problem? Have you checked out Common Problems?

There are many very useful osC Contributions

Are you having trouble with a installed contribution? Have you checked out the support thread found Here

BACKUP BACKUP BACKUP!!! You did backup, right??

sondov

sondov

Posted
  • Author
Posted
It's not missing when I open it. I took over working on this site from someone else. If you go to www.kaptainkiddo.com, you'll notice all of the images are http://whatever. The images aren't secured, so I don't get the little lock in the lower right hand corner. Any ideas?

 

It's not hardcoded, a relative link is used. That doesn't explain the problem with all the rest of the images. None are hardcoded, but they all point to the unsecured site even when you go to the secured site.

sondov

sondov

Posted
  • Author
Posted
It's not hardcoded, a relative link is used. That doesn't explain the problem with all the rest of the images. None are hardcoded, but they all point to the unsecured site even when you go to the secured site.

 

Something else that might shed some light: When I add an item to the cart, then checkout, it takes me to the customer login page and I log in, then it sends me to the checkout page, but unsecured.

Vger

♥Vger

Posted
Posted

What richard means by the link being unsecured is that it is to http://www.missingkids.com. When you have any link on a page which should be https which is just http it often stops the padlock from appearing. Try taking out the link for now and see if things start to work. If they do then you know the link is the problem.

 

Vger

sondov

sondov

Posted
  • Author
Posted
What richard means by the link being unsecured is that it is to http://www.missingkids.com.  When you have any link on a page which should be https which is just http it often stops the padlock from appearing.  Try taking out the link for now and see if things start to work.  If they do then you know the link is the problem.

 

Vger

 

That didn't work. I moved this website from a differet host, and it seemed to work on the previous server. I talked to tech support from the new host, they also handle the SSL certificate. They said it is the images that are causing the page to contain unsecured items. If you go to My Account and look at the properties for the images at top, they are HTTP://www.kaptainkiddo.com/images/kklogo2.jpg when they should be HTTPS://www.kaptainkiddo.com/images/kklogo2.jpg.

 

This leads me to believe that it must be a configuration problem.

 

Thanks for all the responses. I admit I'm a little slow sometimes.

Guest

Guest

Posted
Posted

perhaps the new host doesnt know what they are doing??

sondov

sondov

Posted
  • Author
Posted
No, none of the images are hardcoded. I still think the problem is in the configuration file. I could be wrong.

 

Could the problem possibly be with the template file?

Vger

♥Vger

Posted
Posted

OR - could it be that your new hosting company uses one of those incredibly stupid systems where you have a seperate folder to handle SSL? If this is the case then you will have to duplicate all of your files/images etc. in the seperate 'ssl' or 'httpsdocs' folder.

 

Vger

 

BTW, this should read

 

define('HTTPS_COOKIE_DOMAIN', 'www.yourdomain.com');

sondov

sondov

Posted
  • Author
Posted
OR - could it be that your new hosting company uses one of those incredibly stupid systems where you have a seperate folder to handle SSL?  If this is the case then you will have to duplicate all of your files/images etc. in the seperate 'ssl' or 'httpsdocs' folder.

 

Vger

 

BTW, this should read

 

define('HTTPS_COOKIE_DOMAIN', 'www.yourdomain.com');

 

That may be the case, I'll be calling them now. If that is true, obviously the HTTPS_SERVER will be changed, but should the HTTPS COOKIE DOMAIN, PATH, etc.. reflect the separate location?

sondov

sondov

Posted
  • Author
Posted
That may be the case, I'll be calling them now. If that is true, obviously the HTTPS_SERVER will be changed, but should the HTTPS COOKIE DOMAIN, PATH, etc.. reflect the separate location?

 

I tried moving everything to a folder called secure, and adjusted the configure file like this:

 

define('HTTP_SERVER', 'http://www.kaptainkiddo.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.kaptainkiddo.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.kaptainkiddo.com');

define('HTTPS_COOKIE_DOMAIN', 'www.captainkiddo.com/secure');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/secure/');

 

 

Still pulling images from HTTP, not HTTPS. I'm at a total loss as to why this doesn't work.

sondov

sondov

Posted
  • Author
Posted

I got it!!

 

Replaced

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

with

 

$request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

Searched other forums and saw someone had a similar problem. Vger posted stuff there too.

 

Thank you everyone for the help, you were able to point me in the right direction.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...