Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Security padlock


worldheadja

Recommended Posts

Posted

I Installed my OsCommerce Template recently and my SSL works but how do i get the small lock to show at the btton right corner of the browser window.

 

Thanks for your help

Posted
I Installed my OsCommerce Template recently and my SSL works but how do i get the small lock to show at the btton right corner of the browser window.

 

Thanks for your help

 

If the padlock isn't there, then the SSL ins't working

 

Please post a link to your website

My Contributions

 

Henry Smith

Posted
If the padlock isn't there, then the SSL ins't working

 

Please post a link to your website

 

 

Wow i though whenever the http:// changes to https:// i thought that was because of the SSL, sorry my bad.

What happened was i installed the template before but i couldn't get the SSL it to work, because the SSL was setup after the first installation of my OsCommerce and because i couldn't get it to work.

I decided to do a fresh installation and select the SSL options during the installation.

 

If my SSL isn't active what do i have to do from here correct this?

 

The link below is my site the http:// changes to htttps:// when products are selected and the customer goes into the checkout area.

 

www.aventdesigns.com

 

Thanks again for your assistance

Posted

OK.. you have the SSL installed partially correct.

 

When going to an https page the padlock shows in FireFox, but has a line through it; which indicated that it is only partially secure.

 

The problem is that all of your images are being pulled from http and not https.

 

Please post your configure.php file found in

 

/catalog/includes/configure.php

 

REMOVE DB name and password

My Contributions

 

Henry Smith

Posted

Here is the config file from the includes folder

 

<?php

/*

osCommerce, Open Source E-Commerce Solutions

http://www.oscommerce.com

 

Copyright © 2003 osCommerce

 

Released under the GNU General Public License

*/

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.aventdesigns.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.aventdesigns.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.aventdesigns.com');

define('HTTPS_COOKIE_DOMAIN', 'www.aventdesigns.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/home/content/w/o/r/*********/html/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

// define our database connection

define('DB_SERVER', '*********'); // eg, localhost - should not be empty for productive servers

define('DB_SERVER_USERNAME', '*******');

define('DB_SERVER_PASSWORD', '*********');

define('DB_DATABASE', '********');

define('USE_PCONNECT', 'false'); // use persistent connections?

define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql'

?>

 

 

 

Thanks You so much for assisting me

Posted

That all looks correct to me.

 

When did you install this? Did you install it?

 

Once an SSL is installed, the web server should be restarted... was it?

My Contributions

 

Henry Smith

Posted
That all looks correct to me.

 

When did you install this? Did you install it?

 

Once an SSL is installed, the web server should be restarted... was it?

 

The SSL was setup over a month ago by my hosting company. I cant say if they restarted there server since then.

Can u tell me what is actually missing here, why i am not seeing the padlock at the button of the window?

Is it a problem that it switches to https:// only after you enter into the check out page?

Posted

No.. it should switch only when entering the my account, check out pages etc... but it's being marked as only partially secure and that may scare some people away - as most people are unable to tell how or what is and isn't secure. They may not want to take a chance of it being their information that isn't secure.

 

I'm at a loss currently - You configure.php matches mine to the T (less the directories).

My Contributions

 

Henry Smith

Posted
No.. it should switch only when entering the my account, check out pages etc... but it's being marked as only partially secure and that may scare some people away - as most people are unable to tell how or what is and isn't secure. They may not want to take a chance of it being their information that isn't secure.

 

I'm at a loss currently - You configure.php matches mine to the T (less the directories).

 

Since i re-installed the new oscommerce i haven't created a sample account. I just did, while it was processing the customer info it switched to https:// but went back to http when it went back to the products but switched back to https:// when i was ready to check. This isn't secure enough?

Does it have anytrhing to do with the products because they are still the demo products?

Can you please if you have the time, create an account to see how it behaves maybe you will spot something i'm not seeing to tell you. Please.

When you say its being marked as only partially secure, do you mean because it switches https:// without the padlock?

Thanks again

Posted

I was wondering if you ever found a solution to this problem, as I am experiencing it as well.

Posted

its because the images aren't on the secure folder.

Posted
its because the images aren't on the secure folder.

 

When you said the images are not on the secure folder what do you mean,The product images?

My SSL was puchased at my hosting company and is made out to www.aventdesigns.com shouldn't this mean that every folder on domain is secure?

 

Is there anyway i can stop the message from comming up that tell my customers they are being forwarded to a none secure page after they have signed in or create an account? eg.. making that customer log-in none secure and allow only the checkout and beyond that secure?

 

Thanks

Posted

no not the product images in general all images, If you check the properties of an image in the secure page it still points to the http site. It should been https. So if you see separate folders for secure/non-secure with your ftp tool or host's cpanel you need to duplicate all images and pretty much all osc files.

 

Now if you don't have separate folders could be either configuration or code that is different when it builds the image paths and has to be corrected. In that case check for changes in the catalog\includes\functions\html_output.php with the current code you have and the default osc file.

Posted

First off:

 

Read these posts

 

http://www.oscommerce.com/forums/index.php?sho...23entry672623

http://www.oscommerce.com/forums/index.php?sho...09entry748409

 

Then, after you manage to get a solid padlock upon visiting

 

https://www.aventdesigns.com/create_account.php

 

you can take the next steps.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted

The first link did it for me [http://www.oscommerce.com/forums/index.php?sho...23entry672623]

 

Commented out line 41 in the application_top.php and added:

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

The line might not be the same for you so be sure to read the whole thing and hopefully it fixes your problem. If you're using GoDaddy, then that line will probably work for you.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...