Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Unsecure SSL


Guest

Recommended Posts

I recently purchased the Turbo SSL from GoDaddy and when I went to install it I think I got it figured out when I go ahead and test it with firefox the broken padlock shows up signifying an insecure connection. How can I fix this? Also, when I am in the admin section just using the http:// there is no padlock and when i go in https:// there is a regular secure one. What gives? Did I mess something up? Thanks for any help.

 

EDIT: I forgot, when I look in the bottom left corner of the Admin section there is still the message saying that I am not protected by SSL encryption.

Link to comment
Share on other sites

I recently purchased the Turbo SSL from GoDaddy and when I went to install it I think I got it figured out when I go ahead and test it with firefox the broken padlock shows up signifying an insecure connection. How can I fix this? Also, when I am in the admin section just using the http:// there is no padlock and when i go in https:// there is a regular secure one. What gives? Did I mess something up? Thanks for any help.

 

EDIT: I forgot, when I look in the bottom left corner of the Admin section there is still the message saying that I am not protected by SSL encryption.

Had the same problem. check this contribution out.

http://www.oscommerce.com/community/contri...ch,secure+admin

My Contributions

 

Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly

Password Protect Admin

"No matter where you go....There you are" - Buccaroo Bonsai

Link to comment
Share on other sites

Thanks, but the regular main catalog still is showing a partially encrpyted certificate. Is this a certificate problem or is it something to do with my coding and server?

Link to comment
Share on other sites

It's probably your coding. Typically an image or a Flash object is being referred to with a hard-coded http URL rather than using tep_image to get the location. In Firefox, select Tools..Page Info..Media while viewing an https page. Look for any references that aren't https.

Link to comment
Share on other sites

When I did that every single image is being shown as http:// including all the oscommerce images. I do have my banner that I have just saved on my server, could this be it?

Link to comment
Share on other sites

Did you do this while viewing an https page? That's when it matters. If so, then the test in includes/application_top.php which sets $request_type is not getting the correct result.

 

Upload this as a PHP file to your server and open it using an https URL.

<? print_r ($_ENV); ?>

 

Compare the values shown against the test done in application_top. Depending on your web host, you may need to test a different variable such as HTTP_X_FORWARDED_SERVER.

 

The banner could definitely be a problem - they often are.

Link to comment
Share on other sites

Thanks for the tips. I tried them and I think I have found out that the application_top.php file is bad. When I try to use the https version it gives me errors.

Warning: main(includes/configure.php): failed to open stream: No such file or directory in /home/content/s/c/o/scootercentral/html/shop/includes/application_top.php on line 29

 

Then when I just remove that section of code it comes back saying that lines 52, 54, and 61 are also unable to be found. But yet I do have those files on my server. Should I recreate those files?

Link to comment
Share on other sites

Some web hosts make you upload a separate copy of your files for SSL content. You do need application_top.php there, so you had better find out why it isn't there (which is what it is complaining about.)

Link to comment
Share on other sites

You are best using the Google toolbar whilst on this site and doing a search for GoDaddy, selecting 'Current Site' as your search option. You'll get lots of hits which may help to resolve your problem.

 

As a general point the GoDaddy Turbo SSL cert works fine on osCommerce websites - unless they happen to also be hosted by GoDaddy.

 

Vger

Link to comment
Share on other sites

Doesn't help me as I don't know what GoDaddy needs, but looking again at the path shown it suggests they don't require separate uploads. So go look on the server to see if application_top.php is where it's supposed to be.

Link to comment
Share on other sites

I have the two application_top.php files in /includes/ and then in /admin/includes/

 

I think thats where they should be.

Link to comment
Share on other sites

Yes, but the path being looked for is /home/content/s/c/o/scootercentral/html/shop/includes/application_top.php. Assuming that your store is installed under /shop that seems reasonable, but is it? Perhaps you have the DIR_FS_CATALOG define incorrect?

Link to comment
Share on other sites

I really do appreciate the help Steve and here's what the DIR_FS_CATALOG is defined as.

  define('DIR_FS_CATALOG', '/home/content/s/c/o/scootercentral/html/shop/');

Link to comment
Share on other sites

I have a new thing that I noticed. If I change the coding in /includes/configure.php from:

  define('HTTP_SERVER', 'http://www.thescootercentral.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.thescootercentral.com'); // eg, https://localhost - should not be empty for productive servers

to

  define('HTTP_SERVER', 'https://www.thescootercentral.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://www.thescootercentral.com'); // eg, https://localhost - should not be empty for productive servers

 

where both servers are defined as the https everything works perfectly. But I dont want everysingle page to be encrypted just the required ones for oscommerce.

Link to comment
Share on other sites

Well, now I'm confused. You said you were getting a PHP script error on your https side, but evidently not. That said, I visited your store and it seems to al be working correctly - http pages are fine and so are the https pages. What's the problem?

Link to comment
Share on other sites

I was getting the error only when I was going to http://www.thescootercentral.com/shop/incl...ication_top.php. But I made it so that you can view the entire site in HTTPS just a few minutes ago. The main problem I was having is that when you go to log-in to your account it gives me a partially encrypted page instead of full encryption. So then I was trying to fix that.

Link to comment
Share on other sites

You should not be trying to open application_top.php in a web browser. It's not intended for that, and in fact a .htaccess file in the includes folder should make it impossible to reference that.

 

I didn't see a partially encrypted page when I tried your site earlier. Everything looked fine. Do you still have a problem?

Link to comment
Share on other sites

If you check again and try to login you will see that the bpage is partially encrypted. The reason it seemed fine earlier is that I had made it so that the HTTP server was defined as the HTTPS server as well.

Link to comment
Share on other sites

Actually, when I tried it before it seemed to be just fine. Your problem now is the determination of $request_type as I described earlier. It is returning NONSSL even on an SSL page.

 

I'll also comment that a Flash splash page will make it much harder for search engines to index your site.

Link to comment
Share on other sites

Ok so the problem is with the $request_type? How can I fix that?

 

And as far as the opening page being flash do you think I should change that or just put one of the META tag contributions on?

Link to comment
Share on other sites

See the suggestion I made in post 6. My opinion is that the splash page should be removed and your store's content moved into the top level of the site. A splash page is a barrier between you and your customers.

Link to comment
Share on other sites

You won't know until you do the test I suggested. Upload that PHP line as a PHP file to your site and open it in the browser with an https URL. Then post the results.

Link to comment
Share on other sites

Array ( [SCRIPT_NAME] => /testing.php [PATH_TRANSLATED] => /home/content/s/c/o/scootercentral/html/testing.php [SCRIPT_FILENAME] => /cgi-bin/php [DOCUMENT_ROOT] => /home/content/s/c/o/scootercentral/html [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7 [HTTP_ACCEPT_ENCODING] => gzip,deflate [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5 [HTTP_CONNECTION] => keep-alive [HTTP_COOKIE] => phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bi%3A-1%3B%7D [HTTP_HOST] => www.thescootercentral.com [HTTP_KEEP_ALIVE] => 300 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.5) Gecko/20060719 Firefox/1.5.0.5 [REMOTE_ADDR] => 24.254.94.169 [REMOTE_PORT] => 2918 [SCRIPT_URI] => http://www.thescootercentral.com/testing.php [SCRIPT_URL] => /testing.php [SERVER_ADMIN] => [email protected] [SERVER_NAME] => www.thescootercentral.com [SERVER_PORT] => 80 [SERVER_SOFTWARE] => Apache [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /testing.php [PATH_INFO] => /testing.php [PATH] => /bin:/usr/bin:/usr/local/bin )

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...