MrSean Posted December 27, 2005 Share Posted December 27, 2005 Hi, My host installed an SSL sertificate for me. They confirmed that it is working, however I do not see the padlock in the bottom of the page. If I right click the page and do properties, I see that I have a valid certificate. Here is a link to a test page: https://slcmarketing.biz/catalog/ . I also would like to know if I have to type https, or if it will redirect automaticly. Any and all help would be much appreciated. Thanks in advance! Link to comment Share on other sites More sharing options...
kgt Posted December 27, 2005 Share Posted December 27, 2005 Read this: http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75 Your base href is not https: <base href="http://slcmarketing.biz/catalog/"> Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 This is a part of my catalog/includes/configure.php file: // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://slcmarketing.biz'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://slcmarketing.biz'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'slcmarketing.biz'); define('HTTPS_COOKIE_DOMAIN', 'slcmarketing.biz'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_MONERIS', DIR_WS_INCLUDES. 'moneris/'); It seems to be in sync with the info in the link. Link to comment Share on other sites More sharing options...
kgt Posted December 27, 2005 Share Posted December 27, 2005 Is your server Windows IIS? Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 I am hosted at GoDaddy on an economy w/ php plan using Linux OS w/ FP extensions. That is all the info I can gather... I went to my site without the https, and it was added to the url automatically once I got to the sign in page. Once I attempt to log in as a customer, it tells me that I am being redirected to a non-secure page (delivery info page).. Once I enter the info, and click nextm, I am brought to another secure page (https://slcmarketing.biz/catalog/checkout_payment.php). The checkout process works fine as do the changes from secure pages to non-secure ones. Can my problem be linked to the fact that I have to add code to the header.php and footer.php files? Link to comment Share on other sites More sharing options...
kgt Posted December 27, 2005 Share Posted December 27, 2005 PHP installed as an ISAPI module on IIS apparently doesn't interpret getenv() correctly. It doesn't throw an error, but it also doesn't return anything. (As far as I know - I don't really use Windows servers.) That's why I asked about the hosting. Still, I believe your problem is occuring somewhere around line 41 in includes/application_top.php: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; In login.php add the following echo '<pre>getenv():'; var_dump(getenv('HTTPS')); echo '$_SERVER'; var_dump($_SERVER['HTTPS']); echo '</pre>'; Before require(DIR_WS_INCLUDES . 'header.php'); Around line 92. It should look like this: <?php echo '<pre>getenv(): '; var_dump(getenv('HTTPS')); echo 'Server: '; var_dump( $_SERVER['HTTPS'] ); echo '</pre>'; require(DIR_WS_INCLUDES . 'header.php'); ?> Then access https://slcmarketing.biz/catalog/login.php. There should be two lines of text at the top. Copy and paste them and post them here. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 getenv(): bool(false) Server: NULL Link to comment Share on other sites More sharing options...
kgt Posted December 27, 2005 Share Posted December 27, 2005 Hmm. Add these two lines: echo '<pre>server port:'; var_dump($_SERVER['SERVER_PORT']); The alter includes/application_top.php around line 41: // set the type of request (secure or not) $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; change to // set the type of request (secure or not) $request_type = ($_SERVER['SERVER_PORT'] == 143) ? 'SSL' : 'NONSSL'; Change 143 to whatever port SERVER_PORT is set to. See if that works. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 Where can I find out what my server port is set to? Sorry if it is a dumb question. Link to comment Share on other sites More sharing options...
♥Vger Posted December 27, 2005 Share Posted December 27, 2005 Try 443 and see if that works. Vger Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 I think it was 443... here is what was at the top of the login.php page: server port:string(3) "443" getenv(): bool(false) Server: NULL I edited the application_top.php file and I now have the padlock at the bottom of the page. If this solves the problem, can you please give me a brief explanation of what the problem was. Also, how do I now get rid of that text on the login.php page? Link to comment Share on other sites More sharing options...
♥Vger Posted December 27, 2005 Share Posted December 27, 2005 $request_type = ($_SERVER['SERVER_PORT'] == 443) ? 'SSL' : 'NONSSL'; That's all the change you should need now. Remove the other debug code and that should be it. Vger Link to comment Share on other sites More sharing options...
kgt Posted December 27, 2005 Share Posted December 27, 2005 Yes, sorry. Vger's right. The port is usually 443. To remove the lines of text, remove all the lines in login.php I had you add: echo '<pre>getenv():'; var_dump(getenv('HTTPS')); echo '$_SERVER'; var_dump($_SERVER['HTTPS']); echo '</pre>'; and echo '<pre>server port:'; var_dump($_SERVER['SERVER_PORT']); I can't tell you much more than the server variable HTTPS was not being set. Normally, when you're using SSL/HTTPS, the server variable HTTPS is set to a non-empty value. This value can depend on the webserver and/or the operating system, I believe. I can't tell you why it wasn't set/available, but that was the issue. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 Thank you guys very much for all your help. It's great to see such an excellent support system in place. Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 One last thing.. I just logged into the administration and noticed that I still have the "You are not protected by a secure SSL connection." warning in the lower left of the main box...even though I have the padlock on this page as well. Link to comment Share on other sites More sharing options...
kgt Posted December 27, 2005 Share Posted December 27, 2005 No show stopper. It's just a check to let you know whether you're using a secure connection. Guess why it's saying you're not? In admin/index.php around line 179, change if (getenv('HTTPS') == 'on') { to if ($_SERVER['SERVER_PORT'] == 443) { Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
MrSean Posted December 27, 2005 Author Share Posted December 27, 2005 Thanks again. It was indeed the problem. Link to comment Share on other sites More sharing options...
AlanR Posted December 27, 2005 Share Posted December 27, 2005 There's one more place you need to change. in catalog/includes/functions/general.php Line 27 if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) { // We are loading an SSL page to: if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') ) { // We are loading an SSL page Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.