RayFrangie Posted January 2, 2006 Share Posted January 2, 2006 Hi All, I'm not too sure if this has been discussed before somewhere in this massive forum, but I need some help with osCommerce Procedures using SSL. Before I start, the following is the specs: Windows 2003 Server Enterprise Edition w/SP1 Internet Information Services (IIS) 6 AustDomains Premium SSL Certificate osCommerce 2.2 Milestone 2 Update 051113 Shop: http://marketplace.rcsystems.com.au SSL Certificate has been installed successfully. Configure.php as follows: // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://marketplace.rcsystems.com.au'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://marketplace.rcsystems.com.au'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'marketplace.rcsystems.com.au'); define('HTTPS_COOKIE_DOMAIN', 'marketplace.rcsystems.com.au'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/'); define('DIR_FS_CATALOG', dirname($HTTP_SERVER_VARS['SCRIPT_FILENAME']) . '/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); The following is whats happening Browse the website fine, no worries. Checkout Procedure, Login Procedure redirects to the HTTPS URL fine. Problem though is it does not establish the SSL Session aka Does not activate SSL I've had a chat with the SSL Cert Providers who have been working on this with me for about a week. This is the email response i've got from them: ****************** Hi Ray, I had another quick look at your page. It seems to be your HTML. Eg. this image pops up with the padlock no problem https://marketplace.rcsystems.com.au/images/az_top_left.gif I think this line may be the culprit <base href="http://marketplace.rcsystems.com.au/"> This is basically telling browsers to treat the page as insecure. You will want to make it read https when it is secure. Kind Regards, Ben Brooks Aust Domains Support t: 08 9349 4665 (Australia Only) t: +61 8 9349 4665 (International) f: +61 08 6210 1656 e: [email protected] w: www.austdomains.com.au *************** I've done some digging around to try and see where this comes from. It seems to get it from HTTP_SERVER or HTTPS_SERVER. I changed the HTTP_SERVER to use the HTTPS URL and what do you know? It works... In a way... The whole site becomes SSL, and the SSL Padlock does appear. But this is obviously not the ideal way of getting things to work, as I'd like search engines to find my website and not completely shut me out. Also i dont see a need of running the entire site as SSL. So basically, 1) Has anyone come across this same issue before... 2) How do i fix it so that the base_href picks up SSL or NONSSL correctly? As a test to replicate the fault: 1) Go to HTTP://marketplace.rcsystems.com.au 2) In the address bar, change the HTTP to HTTPS .... Note the padlock doesn't appear!!! 3) View Source... Look At the base_href line in the <head> section of the page... Still Shows the NON-SSL URL The same issue is throughout the entire site from the Main Page to the Credit Card and Purchasing Pages. Note though if you do log in and shop around, keep an eye on the address bar. It does change to HTTPS as in to go to a SSL Page, but the SSL Session does not activate due to BASE_HREF still showing the HTTP URL and not the HTTPS URL Any help anyone can provide will be greatly appreciated. This is one issue i really want to get rid of sometime soon. Many Thanks in Advance Ray Frangie Managing Director Ray's Computer Systems - Sydney Australia P.O Box. 757 Guildford, NSW, 2161 Ph: +61 (0)2 9788 2946 Mob: +61 (0)415 358 194 Email: [email protected] WWW: http://www.rcsystems.com.au Link to comment Share on other sites More sharing options...
Guest Posted January 3, 2006 Share Posted January 3, 2006 Do not know if it will help, but anyway: Check this out! http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75 ((((((( On chapter 3. ---- 3. Fixing SSL Problems If the problem is an image you are hotlinking you need to ask the owner if you can have access to the image and place it in your own images directory under the encrypted domain and then change the path in your footer so that it now references the image in your domain.... )))))))) END MORE IN LINK )))))) I think this could be the problem, your image is not a relative path, but mostly an absolute one, which SSL does not like very much !!! Check the link for more details an let me know ! Ray Link to comment Share on other sites More sharing options...
RayFrangie Posted January 3, 2006 Author Share Posted January 3, 2006 Do not know if it will help, but anyway: Check this out! http://www.oscommerce.info/kb/osCommerce/G...mon_Problems/75 ((((((( On chapter 3. ---- 3. Fixing SSL Problems If the problem is an image you are hotlinking you need to ask the owner if you can have access to the image and place it in your own images directory under the encrypted domain and then change the path in your footer so that it now references the image in your domain.... )))))))) END MORE IN LINK )))))) I think this could be the problem, your image is not a relative path, but mostly an absolute one, which SSL does not like very much !!! Check the link for more details an let me know ! Ray Hi Ray, Thanks for your reply. This is a lot deeper than relative/absolute paths for images... I always use the relative path, especially when it comes to SSL sites. Its actually a lot more deeper in the code, whereby the $request_type variable was being set to NONSSL for both HTTP and HTTPS websites even though they were specified seperately in configure.php. With this being the case, the <base href> tag it the HTML HEAD of each page was being set to HTTP://<website> causing the browser to think SSL is turned off even though the address bar has HTTPS in it. With the help of a friend who was a PHP Developer for 5 years, i've made the following change which has fixed the problem perfectly. /includes/application_top.php - Line 42 Change this line: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; To this line: $request_type = ($_SERVER["SERVER_PORT"] == 443) ? 'SSL' : 'NONSSL'; This seems to have done the trick in fixing both the SSL Padlock issue and the <base href> HTML Tag Issue. I have logged this as a bug report for future reference: http://www.oscommerce.com/community/bugs,3407/ Many thanks for your reply, and I hope this helps anyone else that's having the same issue Thanks and Regards, Ray Frangie *links and email to non osCommerce, against forum rules* Link to comment Share on other sites More sharing options...
♥Vger Posted January 3, 2006 Share Posted January 3, 2006 Actually, you would have found that fix if you had done a search of these forums for ssl issues. Your bug report is not valid, as it is not a bug within osCommerce - it is down to the way in which your hosting provider has their system set up to handle ssl. osCommerce cannot cover all possibilities for ssl and whilst port 443 is very often the ssl port it is not always the ssl port. Vger Link to comment Share on other sites More sharing options...
RayFrangie Posted January 8, 2006 Author Share Posted January 8, 2006 Actually, you would have found that fix if you had done a search of these forums for ssl issues. Your bug report is not valid, as it is not a bug within osCommerce - it is down to the way in which your hosting provider has their system set up to handle ssl. osCommerce cannot cover all possibilities for ssl and whilst port 443 is very often the ssl port it is not always the ssl port. Vger It's my own dedicated box running Windows 2003 Server Enterprise Edition and IIS6 It was seen as a fault with all browsers even ones running on Linux. Changing that line of code seems to have fixed the problem for all browsers. Link to comment Share on other sites More sharing options...
AlanR Posted January 8, 2006 Share Posted January 8, 2006 It's my own dedicated box running Windows 2003 Server Enterprise Edition and IIS6 It was seen as a fault with all browsers even ones running on Linux. Changing that line of code seems to have fixed the problem for all browsers. Of course. It's not a browser issue. See: http://www.oscommerce.com/forums/index.php?sho...23entry672623 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management) Link to comment Share on other sites More sharing options...
BradenCrisp Posted December 28, 2010 Share Posted December 28, 2010 I was really looking for it. I am contented with your post. Link to comment Share on other sites More sharing options...
MrPhil Posted December 28, 2010 Share Posted December 28, 2010 With the help of a friend who was a PHP Developer for 5 years, i've made the following change which has fixed the problem perfectly. /includes/application_top.php - Line 42 Change this line: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; To this line: $request_type = ($_SERVER["SERVER_PORT"] == 443) ? 'SSL' : 'NONSSL'; I seem to recall hearing that IIS returns getenv('HTTPS') as 1 and not on. osC should really check both forms! So yes, it could be called a bug (of sorts) in osC. Maybe something like: $env_HTTPS = getenv('HTTPS'); $request_type = ($env_HTTPS == 'on' || $env_HTTPS == '1') ? 'SSL' : 'NONSSL'; I've seen conflicting information on how IIS handles the HTTPS environment variable, so maybe someone more knowledgeable in the ways of IIS can speak on this? I don't know if there are any cases where $env_HTTPS will be unset or otherwise cause errors (is isset() needed?). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.