Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

ssl warning on contact us submit??


walkman

Recommended Posts

When I try to submit a 'contact us' message, or when I try to 'add to cart' on product_info.php I get the following error:

 

'although this page is encrypted, the info is being sent over an unencrypted connection'

 

 

SSL is working fine on my account and the checkout process.

 

 

 

*** Are these pages supposed to be secure?

 

 

Any ideas on what would cause these warning?

 

Thx.

Link to comment
Share on other sites

When I try to submit a 'contact us' message, or when I try to 'add to cart' on product_info.php I get the following error:

 

'although this page is encrypted, the info is being sent over an unencrypted connection'

SSL is working fine on my account and the checkout process.

*** Are these pages supposed to be secure?

Any ideas on what would cause these warning?

 

Thx.

 

 

post a url

 

Charles

A kite flies highest AGAINST the wind !

 

"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, a lover in one hand, martini in the other, body thoroughly used up, totally worn out and screaming ~ WOO HOO!! What a ride!"

Link to comment
Share on other sites

Ah, perfect ... a response from the SSL master!! :-)

 

 

seatshield.com

 

 

I get the warning on submit from contact_us and when I 'add to cart'.

 

 

I get the warning msg on submit in both IE and firefox, and both my desktop & laptop. However, a friend said he didn't get it when he tested. I'm not sure if it might have something to do with cookie settings or what.

 

 

I also did a file compare to see if I might have added something to contact_us, but nothing stood out.

 

Thx.

 

p.s. Your "SSL basics" post was very good.

Link to comment
Share on other sites

hmm ... I tried it, but I still get the warning message.

 

I thought I could specify different domain names for http & https. That's what simplyeasier recommended in his reference (although I do it the opposite way).

 

 

I assume you meant one should be http://www. & the other https://www.

 

 

Here is my configure.php after the change you recommended.

 

===========================================

define('HTTP_SERVER', 'http://www.seatshield.com');

define('HTTPS_SERVER', 'https://www.seatshield.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'www.seatshield.com');

define('HTTPS_COOKIE_DOMAIN', 'www.seatshield.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

It turns out that I am only getting the warning messge when I use FireFox. IE doesn't report a problem.

 

I did a google and found the message listed below.

 

 

Has anyone else experienced this problem with firefox and OSC? I imagine it might scare off some customers.

 

 

======================================

 

> When I want to login at my online bank account, I get the warning that:

>

> 'Although this page is encrypted, the information you have entered is to

> be sent over an unencrypted connection and could easily be read by a

> third party.'

>

 

 

The "action" for this form is not https but rather is javascript.

The browser doesn't know (prior to interpreting the javascript)

what the javascript is going to do with the form data, so it assumes

the worst, and you get this warning. Perhaps the warning should say

"The data from this form is being sent through a script rather than

directly and immediately through secure https, and so I cannot be

sure that the data will be sent securely to the server."

 

In this case, the javascript appears to me to post the form data

securely to the server.

 

Communicator 4.x handled this case by waiting to see whether the

subsequent outgoing network connection done by the script was http

or https, and warning only if it was not https. But mozilla warns

before the script is run, as I understand it. Sigh.

 

--

Link to comment
Share on other sites

It still doesn't explain why the page is expected to be https anyway. Even when logged in and coming to the page from having been in a secure part of the site the contact_us.php page should still be http.

 

Perhaps specifying NONSSL in the root level php page would solve the problem.

 

Vger

Link to comment
Share on other sites

I think you're on the right track.

 

My "Base Href =" is not being set properly. If I go with the standard osc code the base ref always shows up as "http://" and nothing is SSL.

 

I found a fix that said to use: $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL';

 

When I do that base ref always shows up as "https://" & everythign works except for the contact us & add to cart. I guess it only affects firefox for the reason above.

Link to comment
Share on other sites

Ok - final reply: I was able to fix the problem with the following code change in application_top.php.

 

 

replace:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

 

 

With:

 

$request_type = (getenv('HTTPS') == 'on' or getenv('SERVER_PORT') == 443) ? 'SSL' : 'NONSSL';

 

 

 

After:

 

define('PROJECT_VERSION', 'osCommerce 2.2-MS2');

 

// set the type of request (secure or not)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...