The SSL In OsCommerce Guide For The Innocent

[nromain]

Hi There!

 

After trying to install SSL on my site North American Tuning and reading for hours on the subject, I am at a loss and would appreciate any help. My steps were:

 

1. Buy SSL PRO certificate from www.instantssl.com

2. Install in HSphere per HSphere and Comodo's instructions

3. Enable SSL in my store per HSphere's instructions by changing the code in CONFIGURE.PHP file

 

After doing all of this, my problem is that my store does not automatically switch to https when it is supposed to. My catalog/includes/configure.php file follows. Can you please tell me how to fix this? Thanks a lot.

 

define('HTTP_SERVER', 'http://www.northamericantuning.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://northamericantuning.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.northamericantuning.com');

define('HTTPS_COOKIE_DOMAIN', 'northamericantuning.com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

[khoking]

nromain,

 

your website is doing fine with SSL. Https only show up in certain area (eg. checkout, user account...etc.) and NOT EVERY PAGE.

 

If you want every page to be https (which is not so good IMO), then you change:

 

define('HTTP_SERVER', 'http://www.northamericantuning.com'); // eg, http://localhost - should not be empty for productive servers

 

to

 

define('HTTP_SERVER', 'https://www.northamericantuning.com'); // eg, http://localhost - should not be empty for productive servers

 

By the way, I find your site load up very slow, due to the trust logo that need to be pulled from other site.

 

Also, you should use thumbnail instead of full image size (resize).

 

After a few days hardwork, I have managed to install SSL to my site as well at:

 

www.shashinki.com

 

I find the hardest part is not to change the code at OSC, but to get the SSL cert installed properly.

[♥peterpil19]

I'm encountering a strange problem where each page in ADMIN may be accessed with either a HTTPS or HTTP. Can anyone suggest a reason why? My configure.php file is set correctly.

 

Thanks

 

Peter

[♥peterpil19]

Fixed,

 

Had to add the following to admin/includes/application_top.php

 

if($_SERVER['SERVER_PORT'] == 80) {

Header("Location: " . HTTPS_CATALOG_SERVER . DIR_WS_ADMIN);

exit;

}

 

Peter

[motorcity]

God bless your heart AlanR!!!!!!!!!!!!

 

I've been trying to figure this out for 4-5 days, finally did a search on the board and found your posts. My problem was solved by adding

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

in application top.

9/7/06 new freeSSL certificate setup. For; https://www.fdsons.com

Both the certificate issuer email & the ssl display in my host?s control panel match.

Very close to working. After playing with my configure.php files currently set:

Catalog/includes/configure.php

define('HTTP_SERVER', 'http://www.fdsons.com'); // eg, http://localhost - should not be empty for define('HTTPS_SERVER', 'https://www.fdsons.com'); // eg, https://localhost - should not be empty for define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.fdsons.com');

define('HTTPS_COOKIE_DOMAIN', 'https://www.fdsons.com');

 

Catalog/admin/includes/configure.php

define('HTTP_SERVER', 'https://www.fdsons.com'); // eg, http://localhost or - https://localhost

define('HTTP_CATALOG_SERVER', 'https://www.fdsons.com');

define('HTTPS_CATALOG_SERVER', 'https://fdsons.com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/mnt/w0502/d46/s40/b023504b/www/' ); // where your pages are located on the server.

 

At first I was getting a warning about the name on the cert not matching the site when ssl was first called. Click thru and I?d get another message saying I was not protected, at no time did I get the padlock lock displayed at all let alone closed.

 

Changed to the above config settings.

 

Then my current problem began. I still never get a padlock but https appears everwhere its supposed to except for this.

When you click ?checkout? from the shopping cart it takes you to https

If you?re already logged in there are no warnings just https through to paypal, no padlock displayed.

 

If you?re not logged in you go from the shopping cart page to the login under https

https://www.fdsons.com/catalog/login.php?osCsid=b7

 

but when you hit the ?sign in? button you get the warning ?..redirected to ?not secure?might be retransmitted?? the page:

http://www.fdsons.com/catalog/checkout_shipping.php

is not under ssl but hit ?continue? from there and you?re back.

https://www.fdsons.com/catalog/checkout_payment.php

 

We installed a contribution named Store Pickup v1.4

http://www.oscommerce.com/community/contributions,164

which I have disabled, but that makes no difference.

 

Back to the forums I found some mistakes and then found Alan?s little diagnostic file http://www.oscommerce.com/forums/index.php?sho...mp;#entry716319

http://www.oscommerce.com/forums/index.php?sho...mp;#entry672623

 

Here?s my application_top.php

 

// set the type of request (secure or not)

// $request_type = (stristr(getenv('HTTP_X_FORWARDED_HOST'), ".sslpowered.com")) ? 'SSL' : 'NONSSL';

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

// $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

And the result of http or https://www.fdsons.com/myenv2.php - that's right it dosen't change

$HTTP_HOST == www.fdsons.com

$HTTPS_HOST ==

getenv('SERVER_PORT') == 80

getenv('HTTPS') ==

getenv('HTTP_X_FORWARDED_SERVER') ==

getenv('HTTP_X_FORWARDED_HOST') == www.fdsons.com

getenv('HTTP_X_FORWARDED_BY') ==

$_SERVER['HTTPS'] ==

getenv('DOCUMENT_ROOT') == /mnt/w0502/d46/s40/b023504b/www

$DOCUMENT_ROOT == /mnt/w0502/d46/s40/b023504b/www

 

As you can see in my application_top.php I commented out the ?netfirms? default of ?.sslpowered.com? on the first line (actually line 41) does anyone know what ?stristr? means in php??? Maybe all I have to do is put freessl in there.

Anyone willing to help??

[zaxxon]

i dont know if this is the place, but if this isnt , then i dont know where is.

i bought an ssl for my site and didnt give much thought for the name i used. i thought it would be best looking as : secure.mysite.com instead of www.mysite.com . only now when i am trying to implement it i realize that files have to go in to that folder in order to be called upon - but if i move the files i break the file structure.

so my question is . what do i do ? how do i keep my shop working and use the secure.site.com structure i am stuck with ?

[motorcity]

i dont know if this is the place, but if this isnt , then i dont know where is.

i bought an ssl for my site and didnt give much thought for the name i used. i thought it would be best looking as : secure.mysite.com instead of www.mysite.com . only now when i am trying to implement it i realize that files have to go in to that folder in order to be called upon - but if i move the files i break the file structure.

so my question is . what do i do ? how do i keep my shop working and use the secure.site.com structure i am stuck with ?

First off, this isn't the right place to discuss the matter. I found out after I posted here that tips & tricks is not the place to ask about our specific problems.

Sorry to you and the board for yet another permanent display of confused people like me not following basic instructions :'(

SEE THIS

As for your first ssl cert - don't feel too bad. I'm on my second try and I'm not sure I'm ever going to get this one going either.

You should figure out what the real name on the cert should be and then contact the cert issurer to change it.

[qwick]

I added a new page with a form and I would like it to use the secure server.

What defines if it is secure or not. i figured it would be this

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

line but my new file has this line already. What am I missing?

[khoking]

I have my site at http://ShaShinKi.com. I installed the login infobox contribution, and that infobox is on the front page with http (not https).

 

I have installed Geotrust SSL cert to my site.

 

Now, with the login infobox on the http page, isnt customer login name and password not protected as well? Should I remove the login infobox?

[AlanR]

And the result of http or https://www.fdsons.com/myenv2.php - that's right it dosen't change

$HTTP_HOST == www.fdsons.com

$HTTPS_HOST ==

getenv('SERVER_PORT') == 80

getenv('HTTPS') ==

getenv('HTTP_X_FORWARDED_SERVER') ==

getenv('HTTP_X_FORWARDED_HOST') == www.fdsons.com

getenv('HTTP_X_FORWARDED_BY') ==

$_SERVER['HTTPS'] ==

getenv('DOCUMENT_ROOT') == /mnt/w0502/d46/s40/b023504b/www

$DOCUMENT_ROOT == /mnt/w0502/d46/s40/b023504b/www

 

As you can see in my application_top.php I commented out the ?netfirms? default of ?.sslpowered.com? on the first line (actually line 41) does anyone know what ?stristr? means in php??? Maybe all I have to do is put freessl in there.

Anyone willing to help??

You're on one of the rare servers which makes no usable distinction between an https connection and an http one. Some Network Solutions servers are similar.

 

You can resort to a trick.

 

Set the http server in configure.php to

 

define('HTTP_SERVER', 'http://fdsons.com');

 

and the https server to

 

define('HTTPS_CATALOG_SERVER', 'https://www.fdsons.com');

 

so you're only using the www for the ssl side.

 

Then you can set line 41 in application_top.php to:

 

$request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'www.fdsons.com') ? 'SSL' : 'NONSSL';

 

You'll then be relying on the fact that when the www appears in the url the store will be requesting an ssl connection.

 

You should also adjust catalog/includes/functions/general.php with the same change. Somewhere in this thread this change is described but thread's become so long I'll let you find it.

[ChasD]

This is a great thread. I've reviewed the postings but have yet to find the answer. So hopefully someone can help ...

 

I'm testing on a shared server using a shared ssl certificate. I have installed and configured ssl on the catalog successfully. Next I edited admin/configure.php to secure the admin cpanel. Now the ssl lock shows and browser address shows secure, However, all product, manufacturers, catagories images in the admin show broken links. This probably means I need an absolute address for the images but I can't seem to get it to work.

 

Below are the configure.php files

 

Any help greatly appreciated ...

 

scot

 

catalog/admin/includes/configure.php
 define('HTTP_SERVER', 'https://secure.MyHost.com/~MyUserName'); 
 define('HTTP_CATALOG_SERVER', 'http://MyDomain.com');
 define('HTTPS_CATALOG_SERVER', 'https://secure.MyHost.com/~MyUserName');
 define('ENABLE_SSL_CATALOG', 'true'); 
 define('DIR_FS_DOCUMENT_ROOT', '/home/MyUserName/public_html'); 
 define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/MyUserName/public_html/gallery/admin/');
 define('DIR_WS_CATALOG', '/catalog/'); 
 define('DIR_FS_CATALOG', '/home/MyUserName/public_html/catalog/'); 
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

catalog/includes/configure.php
 define('HTTP_SERVER', 'http://MyDomain.com'); 
 define('HTTPS_SERVER', 'https://secure.MyHost.com/~MyUserNamer'); 
 define('ENABLE_SSL', true); 
 define('HTTP_COOKIE_DOMAIN', 'MyDomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'secure.MyHost.com/~MyUserName');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/MyUserName/public_html/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

I have same config challenge as Scot describes above - I haven't seen a reply with guidance and thought if someone could answer, it would address two problems.

 

My symptoms include:

 

All seems to work - I enter the website on http and browse the catalog in http, even add items to the cart via http. I can click checkout (from http shopping cart) and will be prompted to log-in or register - here's where the problem starts:

 

1. once I log in, instead of taking me back to the cart or continuing with checkout - I am redirected to the index.php (in https). If I re-click on the shopping cart, I will go back to it and can continue to checkout, but there is another problem... see #2...

 

2. It would appear that the http cart and the https (permanent) cart aren't synching up in that if I go back to the catalog and add another item and then click checkout, it will take me directly to the checkout process (i.e. recognizes that I logged-in previously) but when I get to the ocnfirmation screen, it only shows me purchasing the first item in the cart (and not the one I added - this would indicate that the https cart wasn't updated when I subsequently added another item and reattempted check-out).

 

HELP much appreciated!

 

Chuck

[ChasD]

This is a great thread. I've reviewed the postings but have yet to find the answer. So hopefully someone can help ...

 

I'm testing on a shared server using a shared ssl certificate. I have installed and configured ssl on the catalog successfully. Next I edited admin/configure.php to secure the admin cpanel. Now the ssl lock shows and browser address shows secure, However, all product, manufacturers, catagories images in the admin show broken links. This probably means I need an absolute address for the images but I can't seem to get it to work.

 

Below are the configure.php files

 

Any help greatly appreciated ...

 

scot

 

catalog/admin/includes/configure.php
 define('HTTP_SERVER', 'https://secure.MyHost.com/~MyUserName'); 
 define('HTTP_CATALOG_SERVER', 'http://MyDomain.com');
 define('HTTPS_CATALOG_SERVER', 'https://secure.MyHost.com/~MyUserName');
 define('ENABLE_SSL_CATALOG', 'true'); 
 define('DIR_FS_DOCUMENT_ROOT', '/home/MyUserName/public_html'); 
 define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/MyUserName/public_html/gallery/admin/');
 define('DIR_WS_CATALOG', '/catalog/'); 
 define('DIR_FS_CATALOG', '/home/MyUserName/public_html/catalog/'); 
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

catalog/includes/configure.php
 define('HTTP_SERVER', 'http://MyDomain.com'); 
 define('HTTPS_SERVER', 'https://secure.MyHost.com/~MyUserNamer'); 
 define('ENABLE_SSL', true); 
 define('HTTP_COOKIE_DOMAIN', 'MyDomain.com');
 define('HTTPS_COOKIE_DOMAIN', 'secure.MyHost.com/~MyUserName');
 define('HTTP_COOKIE_PATH', '/catalog/');
 define('HTTPS_COOKIE_PATH', '/catalog/');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/MyUserName/public_html/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Scot - after posting my own similar situation, I also noticed something with regard to your image problems. In your admin/configure.php line:

 

define('DIR_FS_ADMIN', '/home/MyUserName/public_html/gallery/admin/');

 

shouldn't that be...

 

define('DIR_FS_ADMIN', '/home/MyUserName/public_html/admin/');

 

??

 

In all the posts, I've never seen a path to admin that went through 'gallery' before.

 

Chuck

[ChasD]

Ok, Ok, I realize now that trying to build on problems scootd had back in June was probably a very bad idea! Forgive me - so here's my own post and problem:

 

I recently installed OSC on a shared host with IPOWERWEB (collective arrrrrrgh) and I have thoroughly plowed through this excellent guide but still have a few issues I could use a hand with.

 

Here's my current setup:

 

1. Shared SSL cert on IPOWERWEB

2. OSC is installed in root directory

 

/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://expphotoart.com); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://host123.ipowerweb.com/~expphoto); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'expphotoart.com');
 define('HTTPS_COOKIE_DOMAIN', 'host123.ipowerweb.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/~expphoto/'); //this has to be here otherwise you get 'Cookies Disabled' browser error!
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/expphoto/public_html/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

admin/includes/configure.php

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'https://host123.ipowerweb.com/~expphoto'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://expphotoart.com');
 define('HTTPS_CATALOG_SERVER', 'https://host123.ipowerweb.com/~expphoto');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/expphoto/public_html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/expphoto/public_html/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/home/expphoto/public_html/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

/includes/application_top.php

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

Symptoms of my problems:

 

1. The configuration shown is the most functional of all configurations I've tried.

I can browse to www.expphotoart.com via http no problmes. I can browse catalog via http no problems. I can add items to guest cart via http no problems. When I click, 'checkout' in guest cart I am prompted to log-in (makes the switch to https no problem) however there is no message indicating that my cart will be merged into the member cart (first hint of a problem). Finally, after logging in (remember this is a part of the checkout process) I am returned to the index.php under https://host123.ipowerweb.com/~expphoto/index.php) when I think I should be taken back to the shopping cart (on the https side) - I believe??? in order to restart the checkout process. In any case, if from the https index.php I click on the Cart button it takes me back to the Guest (http) cart - might be a problem - where I click Checkout and it appears as though I can proceed through checkout no problem (it even looks like when I checkout that the contents from the guest cart were indeed put into the members cart successfully). This may sound fine, but consider #2...

 

2. Let's say during checkout in #1 above I decide that I need to add another item to my shopping cart - so I don't complete checkout but rather click on Home and I'm back at the http index.php. I then choose another item from the catalog and add it to my cart (guest cart). The guest cart screen comes up and shows two items in the cart. At this point I'm ready to checkout. I click Checkout (from within the guest cart) and it appears as though I can proceed to go through the order process (i.e. no prompt to re-login as it seems to recognize that I'm already logged in) - HOWEVER at the confirmation page, it shows that I am only purchasing one item - the first item in my cart... PROBLEM. This would indicate to me that no synchronization occured between guest cart and member cart even though when I clicked checkout in the guest cart, it did realize I was already logged in and took me straight to the checkout process (but evidently WITHOUT updating the contents of the member cart).

 

3. The final wrinkle... in #2 above after I've added that second item to the guest cart, if I were to click Home or Continue Shopping and then from the top menu bar choose Checkout - I am prompted once again to Login (this is via https://host123.ipowerweb.com and the message about merging the guest cart to the member cart showsup now) - also the number of items in the shopping cart shown on the index.php page goes from 2 to 1 - again I think this is an indication of what is in the guest cart (http) vs. what is in the member cart (https). All in all this might be standard behavior and when it happened I fully expected that upon logging in again that the member cart (https) would be updated to be the same as the guest cart, BUT surprise of surprises (NOT) I get stuck in a Login Loop whereby when I login it takes me immediately back to the login screen (even though on the main header it looks like I'm logged in as I'm only given a link to log off).

 

I've banged my head quite a bit on this one - I pray for some help from the SSL gods (or demons)!

 

Thanks,

 

Chuck

[ChasD]

ChasD post above was answered by VGER here:

 

SSL & Cart Synchronization

[Guest]

Hello i would like to ask what happens when we have two subfolders on the server.

The hosting company, in which my site is located, uses two subfolder

 

one for site without SSL and one for sites with ssl.

 

Thats why th hole site is under ssl

What do i have to do if i only want under ssl the pages for the order (order_confirmation.php etc)

 

Do i have to split the pages of my site in two subfolders ?

 

What modification do i have to do in cofugure.php ?

[gunnl]

Hi Charles

 

I have an ssl certificate issued to "www.bushido.is" by rapidssl. But I still get this message in my admin area "You are not protected by a secure SSL connection".

 

Here are my configure.php filles.

 

A - catalog

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.bushido.is'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.bushido.is'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'http://www.bushido.is');

define('HTTPS_COOKIE_DOMAIN', 'https://www.bushido.is');

define('HTTP_COOKIE_PATH', '/test/');

define('HTTPS_COOKIE_PATH', '/test/');

define('DIR_WS_HTTP_CATALOG', '/test/');

define('DIR_WS_HTTPS_CATALOG', '/test/');

 

B - admin

define('HTTP_SERVER', 'http://www.bushido.is'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.bushido.is');

define('HTTPS_CATALOG_SERVER', 'https://www.bushido.is');

define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/var/www/is/bushido.is/html/test/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/test/admin/'); // absolute path required

define('DIR_FS_ADMIN', '/var/www/is/bushido.is/html/test/admin/'); // absolute pate required

define('DIR_WS_CATALOG', '/test/'); // absolute path required

define('DIR_FS_CATALOG', '/var/www/is/bushido.is/html/test/'); // absolute path required

 

Your help would be greatly appreciative :rolleyes:

 

Kind regards

Gunnlaugur

[Guest]

Alan,

Thanks so much for this I wish I had found it before I spent 3days thinking I was missing something so small in order to get my Dedicated SSL working on 1and1...unreal. I had done searches & gotten to the Guide for the innocent but didn't read every last post. Did what you said & it worked perfectly I was so worried I was neer going to get it right & end up losing business because of it even though I had "https://" in the bar.

Thanks again, can't thank you enough for figuring this out quite some time ago.

Thanks!!!

Dingo- :thumbsup: :D :thumbsup:

[ChasD]

Gunnlaugur,

 

I posted a link on this post in order to take people struggling with the ipowerweb host environment and the shared SSL cert they provide to an answer page that figured out how to configure it. I'm not an expert nor really sure how to advise you. I would suggest that you make a post in the Install/Configure section of the forum with your particular question. I originally tacked on my question to this post and I think it's too long for any ongoing action.

 

I'd suggest a post title of: SSL for xxxx where xxxx is the host or SSL cert that you're trying to get resolved. I had an answer from Vger in less than a day when I took this route.

 

Good luck,

 

Chuck

[danerb]

:thumbsup: I have tried everything... sorry EVERYTHING!!!!!!!! to fix this problem and finally this has solved my problem. thank dude!

[Guest]

I guess I better add this tip here, it's the logical place after all.

 

This is for people who are having trouble getting ssl to work, especially shared ssl. The way I've written it is oriented towards a 1&1 server but its use is general and applies to all servers. It's all about setting line 41 in application_top.php for those cases where the standard query does not work.

 

This is line 41:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

Now that's a very narrow test and lots of servers won't respond with on (or at all) to that. So the trick is to find out how the server does respond.

 

Create a little file, I named it myenv.php, with these lines:

 

<?php
 echo 'HTTP HOST: ' . "$HTTP_HOST";
 echo '<br>Server Port: ' . getenv('SERVER_PORT');
 echo '<br>SSL Status: ' . getenv('HTTPS');
 echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER');
 echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST');
 echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY');
?>

 

 

This was right on the money for me, instead of returning on 1an1 hosting was returning a 1. Problem solved!

[krypton1]

I have one thing to add which might help some people.

 

Several people have suggested that if you are getting errors about "some items are secure and some aren't" or you have a lock icon that looks partial (like in Firefox). Then you need to look for absolute links to images on other sites or absolute links to your own pages. (Absolute means a full url that includes the domain, like "http://www.example.com/image.jpg" instead of "/image.jpg").

 

For me what was causing this problem was my Google Analytics code. This little piece of javascript that sends tracking data to google.

 

When I disabled it, I got a full lock, completely secure. Does this mean you can't use tracking code like Google Analytics?

 

No.

 

Luckily they provide a secure piece of code

 

http://www.google.com/support/analytics/bi...opic=&type=

 

Generally, my point here is that, you can still have links to external sites, its just that they need to be secure links as well with the https.

 

Hope that helps,

Brian

[jackrabbit]

Generally, my point here is that, you can still have links to external sites, its just that they need to be secure links as well with the https.

 

Hope that helps,

Brian

 

That's good stuff to know Brian, thanks.

 

I was wondering if anyone can tell me what php code I can use to test a page is secure or not? for example:

<php code that checks to see if the page is secure>

stuf that shows up if page is secure

</php>

[smithveg]

2) Shared SSL certificates

 

Talk to your host for the path you need to apply in your configure.php paths

 

If i want to put the ssl for /images/ directory.

 

Am i need to tell my host to do it, and i also add the following line of code in admin and catalog configure.php file,

define('HTTPS_SERVER', 'https://yourdomain.com/images');

[CitizenZed]

Been reading and have a number of questions:

 

1>> Where is the secure part of the site? I used to run a site that had a "secure" directory as such, wherein all https action transpired. Assuming a site with oscommerce is SSL certified/secure, what parts are secure?

 

2>> related: I've got that error where "some parts aren't secure..do you want to procceed". In Firefox I have a partial lock thing, in IE6 nothing at all........and IE6 constantly throws up an annoying questionbox on this. Now, I'm running OScommerce in Joomla. "ECJoomCommerce V1.1.53" and based on osCommerce 2.2-MS2. So, it's inside a Joomla template, therewith I have a persistent menu has links that show up as http://yada .... and the logo too is set to click "home". What's more, the template itself has the following crap in the code:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

 

So, which if any of these elements, menu, image link, and/or code could cause the problem???

 

3>> I have an SSL Cert via godaddy.com which says something like Starfield Technologies Inc. when viewing details. It's installed, correctly or so says hosting people. And yet, in OScommerce it says "You are not connected by a secure SSL connection". But I think I've got everything "turned on"

 

Here's my extant code - but note that my oscommerce isn't running out of a catalog dir off the main dir. Rather, it's in /components/com_oscommerce ... so in /components/com_oscommerce/includes/configure.php I have the following:

  // Define the webserver and path parameters
 //
 // * DIR_WS_* = Webserver directories  (virtual/URL)
 // * DIR_FS_* = Filesystem directories (local/physical)
 //

// Enable Secure SSL for Catalog
define('ENABLE_SSL',			  'true');

// This is the URL of your PUBLIC Catalog webserver
define('HTTP_SERVER',			 'http://www.mysite.com');
define('HTTPS_SERVER',			'https://www.mysite.com');

// Absolute Server Path to WWW folder
define('DIR_FS_HTTP_ROOT',		$mosConfig_absolute_path . '/');

// Webserver Catalog Root Path
define('DIR_WS_HTTP_CATALOG',	 $server_pos_flag . '/');
define('DIR_WS_HTTPS_CATALOG',	$server_pos_flag . '/');

// How to Handle Cookies
define('HTTP_COOKIE_DOMAIN',	  'mysite.com');
define('HTTPS_COOKIE_DOMAIN',	 'mysite.com');
define('HTTP_COOKIE_PATH',		DIR_FS_HTTP_ROOT . 'components/com_oscommerce/cookies/');
define('HTTPS_COOKIE_PATH',	   DIR_FS_HTTP_ROOT . 'components/com_oscommerce/cookies/');

 

and..... in admin/includes/configure.php I have

// define our webserver variables
// FS = Filesystem (physical)
// WS = Webserver (virtual)
 define('HTTP_SERVER', 'https://www.mysite.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'https://www.mysite.com');
 define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', $DOCUMENT_ROOT); // where your pages are located on the server. if $DOCUMENT_ROOT doesnt suit you, replace with your local path. (eg, /usr/local/apache/htdocs)
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', DIR_FS_DOCUMENT_ROOT . DIR_WS_ADMIN);
 define('DIR_WS_CATALOG', '/catalog/');
 define('DIR_FS_CATALOG', DIR_FS_DOCUMENT_ROOT . DIR_WS_CATALOG);
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

 

http://www.oscommerce.com/forums/index.php?sho...trike&st=40 is where I got the https after 'HTTP_Catalog_Server' part.... but that doesn't seem to sync with the code on the first page here.

 

Also wondering just what 'DIR_WS..' and 'DIR_FS' are doing here. I see 'DIR_WS_CATALOG", '/catalog/'); and realize that my oscommerce isn't in that directory....and so wonder if that's part of the problem.

 

I did try the instructions on page one of this thread and it made it where I could not click from products to items ..nor go to checkout without some "you are not authorized to view"...or somesuch. So I "fixed" it back to the code above.

[smithveg]

Been reading and have a number of questions:

 

wait wait wait, CitizenZed, are you trying to resolve my issues or asking helps? I say this, is because i'm confusing when i reading your reply. :P