Guest Posted March 25, 2006 Posted March 25, 2006 After checking out and checkout successes, when you click continue, a message in IE pops up saying you're leaving a secure connection. And this makes perfect sense, because the check out processes is complete, and you're leaving the Secured Connection. But of course a client has to complain and claims the message should never pop up. Any thoughts?
AlanR Posted March 25, 2006 Posted March 25, 2006 Did you make any change to application_top.php to get the ssl working correctly? Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted March 25, 2006 Posted March 25, 2006 Did you make any change to application_top.php to get the ssl working correctly? I'm not sure what changes I need to make. I snooped around in the forums and the only change I have made so far is this: Change: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to this: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; That's all.. and it had no effect.
AlanR Posted March 25, 2006 Posted March 25, 2006 I'm not sure what changes I need to make. I snooped around in the forums and the only change I have made so far is this: Change: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; to this: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; That's all.. and it had no effect. You didn't really answer my question. If you've made a change to application_top.php to get a solid padlock you should also make a similar change to /includes/functions/general.php See... http://www.oscommerce.com/forums/index.php?sho...09entry748409 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted March 25, 2006 Posted March 25, 2006 You didn't really answer my question. If you've made a change to application_top.php to get a solid padlock you should also make a similar change to /includes/functions/general.php See... http://www.oscommerce.com/forums/index.php?sho...09entry748409 Thanks for helping me out here AlanR, but I'm still a little confused. In the topic you sent me you wrote this: If you need to make a change to application_top.php for a shared or dedicated ssl which does not return on for the (getenv('HTTPS') query you really should make one additional change in /includes/functions/general.php. I guess I'm confused about what changes I need to make to application_top.php I havn't done anything to it to get a solid pad lock. The way I got my solid padlocks to show was to change: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> to: <base href="https://www.thesite.com/"> On any page that I wanted to make secure It doesn't seem like the best solution, but it worked. Should I have changed something in application_top.php to get my padlocks to show correctly? Thanks alot man, Jrock
AlanR Posted March 25, 2006 Posted March 25, 2006 The way I got my solid padlocks to show was to change: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> to: <base href="https://www.thesite.com/"> On any page that I wanted to make secure It doesn't seem like the best solution, but it worked. Should I have changed something in application_top.php to get my padlocks to show correctly? Thanks alot man, Jrock It sure wasn't the best solution. That's just a cludge and a bad one. In my opinion if you're selling your work you have a responsibility to find the correct solutions and not just some hack that kinda makes it work. Your client is rightfully complaining. See: http://www.oscommerce.com/forums/index.php?sho...23entry672623 Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted March 25, 2006 Posted March 25, 2006 It sure wasn't the best solution. That's just a cludge and a bad one. I agree, but obviouslly I didn't know any better. All of your post on this site are VERY informative and usefull, so thank you. I tried creating the myenv.php file that you refered me too. And I'm starting to think it could be a problem with the actual host (AIT). These are the results from the test (using the updated/second myenv.php file): http://www.defensemaster.com/myenv.php shows: $HTTP_HOST == www.defensemaster.com $HTTPS_HOST == getenv('SERVER_PORT') == 80 getenv('HTTPS') == getenv('HTTP_X_FORWARDED_SERVER') == getenv('HTTP_X_FORWARDED_HOST') == getenv('HTTP_X_FORWARDED_BY') == $_SERVER['HTTPS'] == getenv('DOCUMENT_ROOT') == /usr/local/etc/httpd/htdocs $DOCUMENT_ROOT == /usr/local/etc/httpd/htdocs https://www.defensemaster.com/myenv.php shows: $HTTP_HOST == www.defensemaster.com $HTTPS_HOST == getenv('SERVER_PORT') == 80 getenv('HTTPS') == getenv('HTTP_X_FORWARDED_SERVER') == getenv('HTTP_X_FORWARDED_HOST') == getenv('HTTP_X_FORWARDED_BY') == $_SERVER['HTTPS'] == getenv('DOCUMENT_ROOT') == /usr/local/etc/httpd/htdocs $DOCUMENT_ROOT == /usr/local/etc/httpd/htdocs Same exact thing, I'm bafffiled. You're welcome to take a look yourself. I tried myenv.php on a different server and it works GREAT! And it actually helped me to solve a problem on that one. Thank you
AlanR Posted March 25, 2006 Posted March 25, 2006 Has anyone else had this problem? Yes, others have. There's a workaround. Set line 41 to $request_type = ($HTTP_HOST == 'www.defensemaster.com') ? 'SSL' : 'NONSSL'; and define the http server in configure.php as define('HTTP_SERVER', 'http://defensemaster.com'); That way when the system sees the www url request it'll know it's supposed to be an ssl one. It's a workaround till something better is found or your host cleans up its act. edit: Is the host Network Solutions? That's where I've seen this before. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted March 25, 2006 Posted March 25, 2006 Yes, others have. There's a workaround. Set line 41 to $request_type = ($HTTP_HOST == 'www.defensemaster.com') ? 'SSL' : 'NONSSL'; and define the http server in configure.php as define('HTTP_SERVER', 'http://defensemaster.com'); That way when the system sees the www url request it'll know it's supposed to be an ssl one. It's a workaround till something better is found or your host cleans up its act. edit: Is the host Network Solutions? That's where I've seen this before. Thanks Alan, That works so I don't have to keep replacing <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> With: <base href="https://www.defensemaster.com"> However, it doesn't seem to help the original problem with IE popping up a message saying "You're Leaving a secured connection" AFTER the order has been proccessed. They're using AIT for hosting, and Authorize.net for the transactions... Once the proccessing for the transaction is complete you're taken to "order success" page (checkout_success.php) with this is the URL bar: https://secure.authorize.net/gateway/transact.dll Once you click continue from "order success" (to return to index.php) it pops up the message. Thanks for the other temp fix! -Jrock
AlanR Posted March 26, 2006 Posted March 26, 2006 Thanks Alan, That works so I don't have to keep replacing <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> With: <base href="https://www.defensemaster.com"> However, it doesn't seem to help the original problem with IE popping up a message saying "You're Leaving a secured connection" AFTER the order has been proccessed. They're using AIT for hosting, and Authorize.net for the transactions... Once the proccessing for the transaction is complete you're taken to "order success" page (checkout_success.php) with this is the URL bar: https://secure.authorize.net/gateway/transact.dll Once you click continue from "order success" (to return to index.php) it pops up the message. Thanks for the other temp fix! -Jrock Any fix you make in application_top.php should also be applied to /includes/functions/general.php. See my post above. Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)
Guest Posted March 26, 2006 Posted March 26, 2006 Any fix you make in application_top.php should also be applied to /includes/functions/general.php. See my post above. Of course. Took a little tweaking, but seems to sail smooth now. As always, your help is very much appreciated
sfergus Posted May 24, 2006 Posted May 24, 2006 I have this problem too. I tried the myenv.php to see how the server responds, and it appears to respond with ports for switching, so I modified the application_top.php accordingly: // set the type of request (secure or not) // $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; That didn't work, so I modified the general.php file also: Old: function tep_redirect($url) { if ( (ENABLE_SSL == true) && (getenv('HTTPS') == 'on') ) NEW: function tep_redirect($url) { if ( (ENABLE_SSL == true) && (getenv('SERVER_PORT') == '443') ) Still get the incorrect redirection after checkout to an https catalog page. I also tried the various other fixes that have been posted for modifying the general.php file, but to no avail. After each of the fixes, all of the ssl pages and non-ssl pages seemed to work and load correctly, with the padlock intact and the admin tool still on ssl. I'm not using a shared ssl. Is there anything else I can do, or is this a server host issue now?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.