pafranklin Posted January 15, 2006 Share Posted January 15, 2006 Fanyastic information and advice here - Thanks guys. I do have a couple of slight problems which I would be very grateful for a steer on. I use 1and1 and am now aware that using the shared SSL is not too easy. However thanks to the tips in the forum I have made progress. When moving from cart to checkout SSL seems to kick in and I am diverted to https://sslrelay.com/mydomain.co.uk/etcetc. However the locked padlock flashes up for less than a second and then disappears. What is going on here and is it a problem? If so how can I fix it? It would be so nice to see the secure padlock on the checkout page to give my customers some added security and confidence. Secondly SSL in Admin???? I can access this using the https://sslrelay.com/mydomain/ catalog/admin and the secure padlock appears (although the bottom left hand side shows "You are not protected by a secure SSL connection." However I can also access this admin area through http://www.mydomain.co.uk/catalog/admin/ Surely I should not be able to do this as it could be a security gap? Am I going mad?? Sorry if these are stupid questions but many thanks for the fantastic help and pointers so far! Ok, strangely I have got the SSL admin working fine but still cannot get the catalog working fully in SSL. When checking out the site diverts to the ssl page (shared ssl) and is fine. When loging in I am again diverted to ssl pages. However on all of these occassions the treasured "Golden Padlock" flickers on for a second or two and then disappears. My guess would be that it is a link from "outside" but I have managed to disable banners when in the SSL side of the site such as checkout. I have no external counter so must have missed something obvious. Please would someone have a look and make some suggestions please. The site is here http://www.pianocoversonline.co.uk/catalog Many thanks. You will never learn if you don't try. And boy am I trying....! Link to comment Share on other sites More sharing options...
AlanR Posted January 16, 2006 Share Posted January 16, 2006 Please would someone have a look and make some suggestions please. The site is here http://www.pianocoversonline.co.uk/catalog Many thanks. Just look at the source view. You're pulling in all kinds of stuff from http: sources. <script language="javascript"><!-- function session_win() { window.open("http://www.pianocoversonline.co.uk/catalog/ info_shopping_cart.php?osCsid= 51bd45214a195b97c7142e72e247e026","info_shopping_cart"," height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes" ).focus(); } //--></script> var phpmyvisitesURL = "http://www.pianocoversonline.co.uk/stats/phpmyvisites.php"; <script language=javascript src="http://www.pianocoversonline.co.uk/stats/phpmyvisites. js"></script> <img src="http://www.pianocoversonline.co.uk/stats/phpmyvisites. php" alt="phpMyVisites" style="border:0" /> src="http://rcm-uk.amazon.co.uk/e/cm?t=arcadianscric-21&o=2& p=6&l=bn1&mode=video-games-uk&browse=403718&=1&fc1=<1=&lc1 =&bg1=&f=ifr" Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
pafranklin Posted January 16, 2006 Share Posted January 16, 2006 Just look at the source view. You're pulling in all kinds of stuff from http: sources. <script language="javascript"><!-- function session_win() { window.open("http://www.pianocoversonline.co.uk/catalog/ info_shopping_cart.php?osCsid= 51bd45214a195b97c7142e72e247e026","info_shopping_cart"," height=460,width=430,toolbar=no,statusbar=no,scrollbars=yes" ).focus(); } //--></script> var phpmyvisitesURL = "http://www.pianocoversonline.co.uk/stats/phpmyvisites.php"; <script language=javascript src="http://www.pianocoversonline.co.uk/stats/phpmyvisites. js"></script> <img src="http://www.pianocoversonline.co.uk/stats/phpmyvisites. php" alt="phpMyVisites" style="border:0" /> src="http://rcm-uk.amazon.co.uk/e/cm?t=arcadianscric-21&o=2& p=6&l=bn1&mode=video-games-uk&browse=403718&=1&fc1=<1=&lc1 =&bg1=&f=ifr" Thanks for this. I just need to find the reight file with this in. Could you tell e which page pleae? You will never learn if you don't try. And boy am I trying....! Link to comment Share on other sites More sharing options...
AlanR Posted January 16, 2006 Share Posted January 16, 2006 Thanks for this. I just need to find the reight file with this in. Could you tell e which page pleae? https://sslrelay.com/pianocoversonline.co.u...talog/login.php? Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
affordableco Posted January 16, 2006 Share Posted January 16, 2006 Ok, from looking through this entire topic, I will tell you EXACTLY what I did to get both admin and secure areas of my site to work. (Thanks to everyone who posted here) First I made the file called mytest.php with the following lines: <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> Then I uploaded it to my site (root) Then I opened up internet explorer and typed: https://www.mysite.com/mytest.php I saw that it said port 443 I then opened /includes/application_top.php And went to line 40 (approx - mine has has addons) And changed: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; To: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; Then I went to /admin/index.php And went to line 226 (approx - mine has has addons) And changed: $contents = array(); if (getenv('HTTPS') == 'on') { $size = ((getenv('SSL_CIPHER_ALGKEYSIZE')) ? getenv('SSL_CIPHER_ALGKEYSIZE') . '-bit' : '<i>' . BOX_CONNECTION_UNKNOWN . '</i>'); $contents[] = array('params' => 'class="infoBox"', 'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size)); } else { $contents[] = array('params' => 'class="infoBox"', 'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED); } To: $contents = array(); if (getenv('SERVER_PORT') == '443') { $contents[] = array('params' => 'class="infoBox"', 'text' => tep_image(DIR_WS_ICONS . 'locked.gif', ICON_LOCKED, '', '', 'align="right"') . sprintf(BOX_CONNECTION_PROTECTED, $size)); } else { $contents[] = array('params' => 'class="infoBox"', 'text' => tep_image(DIR_WS_ICONS . 'unlocked.gif', ICON_UNLOCKED, '', '', 'align="right"') . BOX_CONNECTION_UNPROTECTED); } Then I went to /admin/includes/configure.php And I made it look like this: (There should be https Twice) define('HTTP_SERVER', 'https://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.mysite.com'); define('HTTPS_CATALOG_SERVER', 'https://www.mysite.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module Then I went to /inludes/configure.php And I made it look like this: (there should be https Once) define('HTTP_SERVER', 'http://www.mysite.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.mysite.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.mysite.com'); define('HTTPS_COOKIE_DOMAIN', 'www.mysite.com'); Both the secure checkout work and the admin pages. I have a godaddy dedicated Cert. However, I have already helped my buddy get his to work and he uses some other company for SSL. So if you do this EXACTLY how I have done, you will get it to work. Any questions, please post here, and I will help as best as I can as this forum has done for me. Link to comment Share on other sites More sharing options...
A2JC4life Posted January 16, 2006 Share Posted January 16, 2006 I have a few questions. First, if I am only using PayPal (IPN) and the check/money order option, do I need SSL, or will that not be necessary until I "upgrade" to a "real" payment gateway? Second, which pages should be showing up as secure? Third, how do I secure the admin tool? Fourth, how do I know where to copy my catalog files to? I have an SSL folder in my site's root directory, but I don't see anything like http_docs or https_docs. My files are currently all in public_html (top directory); there is no private_html. Once I figure this out, do I have to copy *everything* to that directory? I am currently working with a shared cert from my webhost. The security alert popup says that the cert name does not match my site name. Am I correct in assuming that is just part of its being a shared cert, or is there something I've input incorrectly that has created this particular warning? (I know that the root name will show up as untrusted.) Link to comment Share on other sites More sharing options...
sylverstone Posted January 18, 2006 Share Posted January 18, 2006 it's been 47 hours. i've been *really* busy. colocated server had one ip i could use for a cert (and it had my cert on it already). built an os commerce site for a friend of a friend. she got exited about the results and told the world. all of a sudden i have to get 22 osc customers on one ip with one cert. i got it working, but it's an ugly hack (in my eyes) and i'm hoping someone can tell me a cleaner way to do this. test site to make this work is http://www.kindertunes.net/catalog ssl certificate is at https://secure.l7.net the catalog lives in /home/shelley/www.kindertunes.net/catalog/ ssl root is /home/dd/secure.l7.net/ includes/configure.php: define('HTTP_SERVER', 'http://www.kindertunes.net'); define('HTTPS_SERVER', 'https://secure.L7.net/secure.kindertunes.net/catalog'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.kindertunes.net'); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/'); <snip> define('DIR_FS_CATALOG', '/home/shelley/www.kindertunes.net/catalog/'); <snip> define('DB_SERVER', 'localhost'); define('DB_DATABASE', 'kindertunes'); define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); this works perfectly. after i did this: cd /home/dd/secure.l7.net/ ln -s /home/shelley/www.kindertunes.net/ secure.kindertunes.net/ however, it broke at the continue button after checkout. it was trying to go to http://www.kindertunes.net/catalog/catalog...hp?blahblahblah i fixed that with this: cd /home/shelley/www.kindertunes.net/catalog ln -s /home/shelley/www.kindertunes.net/catalog catalog anyone have any suggestions? (other than get some sleep?) kinda looking for a cleaner way, or potential problems, etc... thanks :) -dd Link to comment Share on other sites More sharing options...
riddler Posted January 18, 2006 Share Posted January 18, 2006 Urgent help required before i pull my hair out!! Hi all, currently hitting a major brick wall when swapping over to SSL. Have installed the cert with no probs at all via PLESK & get a nice lock & no messages. Have run myenv.php & got nice correct results. Im running a 1and1 root server running LINUX. SSL cert is for www.rapidstands.com & store is in root. Have read the lot & all seem A Ok ( i think unless ive seriously overlooked somthing) I have run numerous re-installs from other folders to test but still no Joy. All i get every time i 404 Not Found Error??? Heres my configs: Includes/config.php // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.rapidstands.com'); define('HTTPS_SERVER', 'https://www.rapidstands.com'); define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.rapidstands.com'); define('HTTPS_COOKIE_DOMAIN', 'www.rapidstands.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', '/home/httpd/vhosts/rapidstands.com/httpdocs/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); // define our database connection define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', '*****'); define('DB_SERVER_PASSWORD', '******'); define('DB_DATABASE', '******'); define('USE_PCONNECT', 'false'); // use persistent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> Admin/includes/config.php // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.rapidstands.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.rapidstands.com'); define('HTTPS_CATALOG_SERVER', 'https://www.rapidstands.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/httpd/vhosts/rapidstands.com/httpdocs/'); // where the pages are located on the server define('DIR_WS_ADMIN', '/admin/'); // absolute path required define('DIR_FS_ADMIN', '/home/httpd/vhosts/rapidstands.com/httpdocs/admin/'); // absolute pate required define('DIR_WS_CATALOG', '/'); // absolute path required define('DIR_FS_CATALOG', '/home/httpd/vhosts/rapidstands.com/httpdocs/'); // absolute path required define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); // define our database connection define('DB_SERVER', 'localhost'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', '*****'); define('DB_SERVER_PASSWORD', '*****'); define('DB_DATABASE', '******'); define('USE_PCONNECT', 'false'); // use persisstent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?> Aplication top: // set the type of request (secure or not) $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; Ive tried the lot, all the variations from different posts etc.... but all lead to a 404?? Any help will be much appreciated. Have tried on 2 projects now. 1 which i had to abandon due to sheer time taken. All EPDQ is set up etc... all i need is SECURITY? please help me!!! Argghhh!!1 site is @ Kind Regads James Main Site: http://www.rapidstands.com Test Folder: http://www.rapidstands.com/catalog Link to comment Share on other sites More sharing options...
♥Vger Posted January 18, 2006 Share Posted January 18, 2006 Plesk requires the use of two folders, one for http docs and one for https docs. You need to copy your files/folders in your http docs folder to your https docs folder. Once you've got it working right then you can delete your 'admin' folder from the http docs folder. Vger Urgent help required before i pull my hair out!! Hi all, currently hitting a major brick wall when swapping over to SSL. Have installed the cert with no probs at all via PLESK & get a nice lock & no messages. Have run myenv.php & got nice correct results. Im running a 1and1 root server running LINUX. SSL cert is for www.rapidstands.com & store is in root. Have read the lot & all seem A Ok ( i think unless ive seriously overlooked somthing) I have run numerous re-installs from other folders to test but still no Joy. All i get every time i 404 Not Found Error??? Link to comment Share on other sites More sharing options...
riddler Posted January 18, 2006 Share Posted January 18, 2006 Plesk requires the use of two folders, one for http docs and one for https docs. You need to copy your files/folders in your http docs folder to your https docs folder. Once you've got it working right then you can delete your 'admin' folder from the http docs folder. Vger Arghhhhhhhhhhhhh!!!!!! & thats it????? My friend you are a star!! Obviously i think this could be the main prob. for most people on here using 1and1 & plesk. I havnt seen any documentation stating this?? Thanks a lot. Im there!!!!! :thumbsup: Link to comment Share on other sites More sharing options...
AlanR Posted January 18, 2006 Share Posted January 18, 2006 Plesk requires the use of two folders, one for http docs and one for https docs. You need to copy your files/folders in your http docs folder to your https docs folder. Once you've got it working right then you can delete your 'admin' folder from the http docs folder. Vger If it's a root server he can configure Plesk to work in non standard ways and eliminate the two folder issue (which sucks). I don't have any experience doing this but I did Google up this thread. http://forum.ev1servers.net/showthread.php?threadid=2706 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
♥Vger Posted January 18, 2006 Share Posted January 18, 2006 Don't take this as 100% accurate - but: You need to create a vhost_ssl.conf file in /home/httpd/vhosts/domainname.com/conf/ DocumentRoot /home/httpd/vhosts/site.com/httpdocs<Directory /home/httpd/vhosts/site.com/httpdocs> <IfModule mod_perl.c> <Files ~ (\.pl)> SetHandler perl-script PerlHandler ModPerl::Registry Options ExecCGI allow from all PerlSendHeader On </Files> </IfModule> <IfModule sapi_apache2.c> php_admin_flag engine on php_admin_value open_basedir "/home/httpd/vhosts/site.com/httpdocs:/tmp" </IfModule> SSLRequireSSL Options +includes +ExecCGI </Directory> <IfModule sapi_apache2.c> php_admin_flag engine on php_admin_value open_basedir "/home/httpd/vhosts/site.com/httpdocs:/tmp" </IfModule> Vger Link to comment Share on other sites More sharing options...
Guest Posted January 19, 2006 Share Posted January 19, 2006 I'm slightly confused. I believe my host (gomama) installed the godaddy ssl cert (there is more stuff on my site's root ssl folder now). I have changed/added as per the instructions here for the configure.php files. I do NOT have any error message at all. However, when I logged into my own customer account (for test purposes and such), I did not get any padlock icon in the browser window NOR does the URL change to https. What have I missed? My site is not live yet: www.moonlightdelights.com/catalog/index.php Don't mind the "dust", I still have loads to do yet. I also uploaded a robot.txt file, I hope it's right. Link to comment Share on other sites More sharing options...
riddler Posted January 19, 2006 Share Posted January 19, 2006 Don't take this as 100% accurate - but:Vger The day just gets better & better!! Worked a treat!! When i was using the 2 folders it said that the httpdocs/images folder didnt exist?? Very strange, on another site when i tested in the 2 folders but wasnt sure this was correct it was saying the download folder didnt exist?? Hmmmm... Anyway, no 2 folders needed now with VGER`s conf file. Top Man!! Kind Regards James (one happy bunny!!) Link to comment Share on other sites More sharing options...
♥Vger Posted January 19, 2006 Share Posted January 19, 2006 Top Man!! Top woman! But in the spirit of Open Source, I got that from somewhere else, and kept a record of it (just in case). Looks like it proved useful. Vger Link to comment Share on other sites More sharing options...
AlanR Posted January 19, 2006 Share Posted January 19, 2006 But in the spirit of Open Source, I got that from somewhere else, and kept a record of it (just in case). Looks like it proved useful. Even better, we know it is a working solution now. This should also also work on shared servers (if one knows how to access the correct directory). riddler: Did you need to restart Apache? Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
♥Vger Posted January 19, 2006 Share Posted January 19, 2006 The solution should have worked, as it came from someone who runs a Plesk server themselves - if I could remember who posted it and where then I could attribute it correctly - but I didn't save that info, only the code. Vger Link to comment Share on other sites More sharing options...
riddler Posted January 20, 2006 Share Posted January 20, 2006 Even better, we know it is a working solution now. This should also also work on shared servers (if one knows how to access the correct directory). riddler: Did you need to restart Apache? Actually, when i start/stopped apache it fell over?? So.... I did a simlink to the http folder by doing this from root using putty. Login as Root, and run the following comments: 1. cd home/httpd/vhosts/xxx.com/ 2. mv httpsdocs _httpsdocs 3. ln -sd httpdocs httpsdocs This renames the httpsdocs folder insted of deleting it & mirrors the httpdocs folder. Working ok now. But hit another prob. when i log in now as a customer i get a blank screen????? Grrrr!! But at least the SSL prob is solved. VGER sorry i presumed u were male!! oops! Link to comment Share on other sites More sharing options...
riddler Posted January 20, 2006 Share Posted January 20, 2006 Have re-uploaded login.php & hey presto??? Very strange considering i have not edited this file?? Link to comment Share on other sites More sharing options...
riddler Posted January 20, 2006 Share Posted January 20, 2006 Have re-uploaded login.php & hey presto??? Very strange considering i have not edited this file?? Now i cant see any Modules??? Link to comment Share on other sites More sharing options...
Sharon_U Posted January 24, 2006 Share Posted January 24, 2006 The BIG dilema haunting me today is getting the SSL working. I do not see the padlock at the bottom of my screen. I've read sections of the knowledge base and read this post a couple times -and it's going over my head what to do next. Can I please get some advise? I have a shared SSL. Here is my code: define('HTTP_SERVER', 'http://sharonunlimited.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://server1.sslpage.com/~sharonu'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', false); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'sharonunlimited.com'); define('HTTPS_COOKIE_DOMAIN', 'server1.sslpage.com/~sharonu'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); How can I go about troubleshooting? Can anyone see a problem here?? My admin/includes/configure is set up similarly. Thanks anyone/every one! Sharon Link to comment Share on other sites More sharing options...
♥Vger Posted January 24, 2006 Share Posted January 24, 2006 You need to turn off the 'Force Cookie Use' setting, because you can't use this feature with a shared ssl cert. It looks as though you've now set 'enable_ssl' to true in both configure.php files - because I am getting the padlock. However, there is a problem with images on your https pages being drawn from an http connection, and this is causing the 'mixed content' error message I get when switching to https pages. Link to comment Share on other sites More sharing options...
Sharon_U Posted January 24, 2006 Share Posted January 24, 2006 Hello again. Forgive me.. this just went over my head and my admin area now has a error message so I can't go change the force cookies to off. 1) If I repeat the error here can you help me in this section of the forum? 2) I don't know what you mean by the images being drawn from an http and not https. Do the images need SSL because of the shopping cart? If this is the case then the whole website should be referenced https: etc. Then is my code wrong? Thanks so much for your valuable time! Sharon Link to comment Share on other sites More sharing options...
♥Vger Posted January 24, 2006 Share Posted January 24, 2006 Your path to images in your includes/configure.php file should read only 'images/' and nothing else - no you should not make all of your store https (search engines don't rank https pages). Post the error here and someone will look at it for you, but if it says "$this in uploads.php" then look at the link below my name. Vger Link to comment Share on other sites More sharing options...
Sharon_U Posted January 24, 2006 Share Posted January 24, 2006 Hi Vger, Sharon again here. I fixed the error I was having with admin then changed force cookies setting to false. Ok there. I made some other changes and wondered if you can take a look at the padlock on my site one more time. Does my site seem normal? Is the padlock coming and going when it should? For example, does it stay on for you after you go past the create account screen? (sharonunlimited.com) I appreciate your help so very much! Keeping my finger on this tread... Sharon Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.