Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Annoying IE message


Guest

Recommended Posts

Posted

After checking out and checkout successes, when you click continue, a message in IE pops up saying you're leaving a secure connection.

 

And this makes perfect sense, because the check out processes is complete, and you're leaving the Secured Connection. But of course a client has to complain and claims the message should never pop up.

 

 

Any thoughts?

Posted

Did you make any change to application_top.php to get the ssl working correctly?

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted
Did you make any change to application_top.php to get the ssl working correctly?

 

I'm not sure what changes I need to make. I snooped around in the forums and the only change I have made so far is this:

 

Change:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

That's all.. and it had no effect.

Posted
I'm not sure what changes I need to make. I snooped around in the forums and the only change I have made so far is this:

 

Change:

 

$request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

 

to this:

 

$request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL';

 

That's all.. and it had no effect.

You didn't really answer my question. If you've made a change to application_top.php to get a solid padlock you should also make a similar change to /includes/functions/general.php

 

See...

 

http://www.oscommerce.com/forums/index.php?sho...09entry748409

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted
You didn't really answer my question. If you've made a change to application_top.php to get a solid padlock you should also make a similar change to /includes/functions/general.php

 

See...

 

http://www.oscommerce.com/forums/index.php?sho...09entry748409

 

 

 

Thanks for helping me out here AlanR, but I'm still a little confused.

 

In the topic you sent me you wrote this:

 

If you need to make a change to application_top.php for a shared or dedicated ssl which does not return on for the (getenv('HTTPS') query you really should make one additional change in /includes/functions/general.php.

 

I guess I'm confused about what changes I need to make to application_top.php I havn't done anything to it to get a solid pad lock.

 

The way I got my solid padlocks to show was to change:

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

to:

 

<base href="https://www.thesite.com/">

 

On any page that I wanted to make secure

 

 

It doesn't seem like the best solution, but it worked.

 

 

 

Should I have changed something in application_top.php to get my padlocks to show correctly?

 

Thanks alot man,

 

Jrock

Posted
The way I got my solid padlocks to show was to change:

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

to:

 

<base href="https://www.thesite.com/">

 

On any page that I wanted to make secure

It doesn't seem like the best solution, but it worked.

Should I have changed something in application_top.php to get my padlocks to show correctly?

 

Thanks alot man,

 

Jrock

It sure wasn't the best solution. That's just a cludge and a bad one.

 

In my opinion if you're selling your work you have a responsibility to find the correct solutions and not just some hack that kinda makes it work. Your client is rightfully complaining.

 

See:

 

http://www.oscommerce.com/forums/index.php?sho...23entry672623

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted
It sure wasn't the best solution. That's just a cludge and a bad one.

 

 

I agree, but obviouslly I didn't know any better.

 

 

All of your post on this site are VERY informative and usefull, so thank you.

 

I tried creating the myenv.php file that you refered me too. And I'm starting to think it could be a problem with the actual host (AIT). These are the results from the test (using the updated/second myenv.php file):

 

http://www.defensemaster.com/myenv.php shows:

 

$HTTP_HOST == www.defensemaster.com
$HTTPS_HOST ==
getenv('SERVER_PORT') == 80
getenv('HTTPS') ==
getenv('HTTP_X_FORWARDED_SERVER') ==
getenv('HTTP_X_FORWARDED_HOST') ==
getenv('HTTP_X_FORWARDED_BY') ==
$_SERVER['HTTPS'] ==
getenv('DOCUMENT_ROOT') == /usr/local/etc/httpd/htdocs
$DOCUMENT_ROOT == /usr/local/etc/httpd/htdocs

 

 

https://www.defensemaster.com/myenv.php shows:

 

$HTTP_HOST == www.defensemaster.com
$HTTPS_HOST ==
getenv('SERVER_PORT') == 80
getenv('HTTPS') ==
getenv('HTTP_X_FORWARDED_SERVER') ==
getenv('HTTP_X_FORWARDED_HOST') ==
getenv('HTTP_X_FORWARDED_BY') ==
$_SERVER['HTTPS'] ==
getenv('DOCUMENT_ROOT') == /usr/local/etc/httpd/htdocs
$DOCUMENT_ROOT == /usr/local/etc/httpd/htdocs

 

Same exact thing, I'm bafffiled. You're welcome to take a look yourself. I tried myenv.php on a different server and it works GREAT! And it actually helped me to solve a problem on that one.

 

Thank you

Posted
Has anyone else had this problem?

Yes, others have.

 

There's a workaround.

 

Set line 41 to

 

$request_type = ($HTTP_HOST == 'www.defensemaster.com') ? 'SSL' : 'NONSSL';

 

and define the http server in configure.php as

 

define('HTTP_SERVER', 'http://defensemaster.com');

 

That way when the system sees the www url request it'll know it's supposed to be an ssl one.

 

It's a workaround till something better is found or your host cleans up its act.

 

 

edit: Is the host Network Solutions? That's where I've seen this before.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted
Yes, others have.

 

There's a workaround.

 

Set line 41 to

 

$request_type = ($HTTP_HOST == 'www.defensemaster.com') ? 'SSL' : 'NONSSL';

 

and define the http server in configure.php as

 

define('HTTP_SERVER', 'http://defensemaster.com');

 

That way when the system sees the www url request it'll know it's supposed to be an ssl one.

 

It's a workaround till something better is found or your host cleans up its act.

edit: Is the host Network Solutions? That's where I've seen this before.

 

 

Thanks Alan,

 

That works so I don't have to keep replacing

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

With: <base href="https://www.defensemaster.com">

 

 

However, it doesn't seem to help the original problem with IE popping up a message saying "You're Leaving a secured connection" AFTER the order has been proccessed.

 

They're using AIT for hosting, and Authorize.net for the transactions... Once the proccessing for the transaction is complete you're taken to "order success" page (checkout_success.php) with this is the URL bar:

 

https://secure.authorize.net/gateway/transact.dll

 

Once you click continue from "order success" (to return to index.php) it pops up the message.

 

Thanks for the other temp fix!

 

-Jrock

Posted
Thanks Alan,

 

That works so I don't have to keep replacing

 

<base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>">

 

With: <base href="https://www.defensemaster.com">

However, it doesn't seem to help the original problem with IE popping up a message saying "You're Leaving a secured connection" AFTER the order has been proccessed.

 

They're using AIT for hosting, and Authorize.net for the transactions... Once the proccessing for the transaction is complete you're taken to "order success" page (checkout_success.php) with this is the URL bar:

 

https://secure.authorize.net/gateway/transact.dll

 

Once you click continue from "order success" (to return to index.php) it pops up the message.

 

Thanks for the other temp fix!

 

-Jrock

Any fix you make in application_top.php should also be applied to /includes/functions/general.php. See my post above.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Posted
Any fix you make in application_top.php should also be applied to /includes/functions/general.php. See my post above.

 

 

Of course. Took a little tweaking, but seems to sail smooth now.

 

 

As always, your help is very much appreciated

  • 1 month later...
Posted

I have this problem too. I tried the myenv.php to see how the server responds, and it appears to respond with ports for switching, so I modified the application_top.php accordingly:

 

// set the type of request (secure or not)
//  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

That didn't work, so I modified the general.php file also:

 

Old:

  function tep_redirect($url) {
if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') )

NEW:

  function tep_redirect($url) {
if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') )

 

Still get the incorrect redirection after checkout to an https catalog page. I also tried the various other fixes that have been posted for modifying the general.php file, but to no avail.

 

After each of the fixes, all of the ssl pages and non-ssl pages seemed to work and load correctly, with the padlock intact and the admin tool still on ssl.

 

I'm not using a shared ssl.

 

Is there anything else I can do, or is this a server host issue now?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...