Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL Issue - No Padlock


MrSean

Recommended Posts

Hi,

My host installed an SSL sertificate for me. They confirmed that it is working, however I do not see the padlock in the bottom of the page. If I right click the page and do properties, I see that I have a valid certificate. Here is a link to a test page: https://slcmarketing.biz/catalog/ . I also would like to know if I have to type https, or if it will redirect automaticly. Any and all help would be much appreciated.

 

Thanks in advance!

Link to comment
Share on other sites

This is a part of my catalog/includes/configure.php file:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://slcmarketing.biz'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://slcmarketing.biz'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'slcmarketing.biz');

define('HTTPS_COOKIE_DOMAIN', 'slcmarketing.biz');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

define('DIR_WS_MONERIS', DIR_WS_INCLUDES. 'moneris/');

 

It seems to be in sync with the info in the link.

Link to comment
Share on other sites

I am hosted at GoDaddy on an economy w/ php plan using Linux OS w/ FP extensions. That is all the info I can gather...

 

I went to my site without the https, and it was added to the url automatically once I got to the sign in page. Once I attempt to log in as a customer, it tells me that I am being redirected to a non-secure page (delivery info page).. Once I enter the info, and click nextm, I am brought to another secure page (https://slcmarketing.biz/catalog/checkout_payment.php). The checkout process works fine as do the changes from secure pages to non-secure ones. Can my problem be linked to the fact that I have to add code to the header.php and footer.php files?

Link to comment
Share on other sites

PHP installed as an ISAPI module on IIS apparently doesn't interpret getenv() correctly. It doesn't throw an error, but it also doesn't return anything. (As far as I know - I don't really use Windows servers.) That's why I asked about the hosting.

 

Still, I believe your problem is occuring somewhere around line 41 in includes/application_top.php:

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

In login.php add the following

 

echo '<pre>getenv():';

var_dump(getenv('HTTPS'));

echo '$_SERVER';

var_dump($_SERVER['HTTPS']);

echo '</pre>';

 

Before

require(DIR_WS_INCLUDES . 'header.php');

 

Around line 92.

 

It should look like this:

 

<?php 
echo '<pre>getenv(): ';
 var_dump(getenv('HTTPS'));
 echo 'Server: ';
 var_dump( $_SERVER['HTTPS'] );
 echo '</pre>';
 require(DIR_WS_INCLUDES . 'header.php');
?>

 

Then access https://slcmarketing.biz/catalog/login.php. There should be two lines of text at the top. Copy and paste them and post them here.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Hmm.

 

Add these two lines:

 

echo '<pre>server port:';

var_dump($_SERVER['SERVER_PORT']);

 

The alter includes/application_top.php around line 41:

 

// set the type of request (secure or not)

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

change to

 

// set the type of request (secure or not)

$request_type = ($_SERVER['SERVER_PORT'] == 143) ? 'SSL' : 'NONSSL';

 

Change 143 to whatever port SERVER_PORT is set to. See if that works.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

I think it was 443... here is what was at the top of the login.php page:

 

server port:string(3) "443"

getenv(): bool(false)

Server: NULL

 

I edited the application_top.php file and I now have the padlock at the bottom of the page. If this solves the problem, can you please give me a brief explanation of what the problem was. Also, how do I now get rid of that text on the login.php page?

Link to comment
Share on other sites

Yes, sorry. Vger's right. The port is usually 443.

 

To remove the lines of text, remove all the lines in login.php I had you add:

 

echo '<pre>getenv():';

var_dump(getenv('HTTPS'));

echo '$_SERVER';

var_dump($_SERVER['HTTPS']);

echo '</pre>';

 

and

 

echo '<pre>server port:';

var_dump($_SERVER['SERVER_PORT']);

 

I can't tell you much more than the server variable HTTPS was not being set. Normally, when you're using SSL/HTTPS, the server variable HTTPS is set to a non-empty value. This value can depend on the webserver and/or the operating system, I believe. I can't tell you why it wasn't set/available, but that was the issue.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

One last thing.. I just logged into the administration and noticed that I still have the "You are not protected by a secure SSL connection." warning in the lower left of the main box...even though I have the padlock on this page as well.

Link to comment
Share on other sites

There's one more place you need to change.

 

in catalog/includes/functions/general.php

 

Line 27

 

if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page

 

to:

 

if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') ) { // We are loading an SSL page

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...