Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Getting shopping_cart.php secured, wrong code?


jpweber

Recommended Posts

My shopping_cart.php:

 

I altered the code. The original code is:

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_SHOPPING_CART));

 

I changed it to:

$breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_SHOPPING_CART, '', 'SSL'));

 

I figured that this would automatically take people to the https:// shopping_cart.php page, but presumably it doesn't. I'd like shopping_cart.php to be secure. But when you click the "Add to Cart" button, it always takes you to the non-secured http:// shopping_cart.php page.

 

Does anyone have any suggestions on how I can get this to go to https:// all the time, instead of http://, when going to the shopping_cart.php page, or clicking the "Add to Cart" button?

 

Thanks a lot for any suggestions!

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

hi KG. Makes sense what you're saying, and that's my thought, too. But on product_info.php, here is the code that puts the button there:

 

<tr><td align="center">

<?php echo tep_draw_hidden_field('products_id', $product_info['products_id']) . tep_image_submit('button_in_cart.gif', IMAGE_BUTTON_IN_CART); ?>

</td></tr>

 

So there is no tep_href_link() function where I can put the SSL parameter. I don't even know how it links! lol ..... but that's the code, right there, for the button on product_info.php. I'm still a php newb, even though I've been studying for 3 months now. Any suggestions? I want shopping_cart to be https:// secure.

 

Thanks a lot KG for taking the time to read my post and respond,

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

okay, I just tried this on product_info.php

 

<?php echo tep_draw_hidden_field('products_id', $product_info['products_id']) . tep_image_submit('button_in_cart.gif', IMAGE_BUTTON_IN_CART, '', 'SSL'));

 

And that didn't work. That gave me:

Parse error: syntax error, unexpected ')', expecting ',' or ';' in /home/mysite/public_html/catalog/product_info.php on line 312

 

Ugh. This is a difficult one! Thanks for any suggestions, though,

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

That's not the way forms work. You have to follow the trail. Form submissions work by specifying the "destination" in the form tag. Look in the tep_draw_form() function on that page. In includes/application_top, where changes made to the cart are handled, you'll find lines like this:

 

tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));

 

If you have Display Cart After Adding Product in Configuration > My Store set to true, then $goto = FILENAME_SHOPPING_CART. So you'd need something like:

 

if( $goto == FILENAME_SHOPPING_CART ) tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters), 'SSL'));
else tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));

 

You also need to make sure all other links to the shopping cart (the little arrow on the shopping cart box, any links at the top, etc) use SSL.

 

Why does this need to be done anyways?

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Well, don't you think it would add to consumer confident if they knew that the contents of their shopping cart looked protected, with the lock at the bottom of the screen, and the https:// ?? I just think it'd give the customer a safe, more professional feel. Am I off base in this thinking?

 

I haven't altered application_top yet, but I may back it up and test it out,

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

Well, the checkout process needs to be secured, but there's no reason the shopping cart needs to be secured. You're not collecting personal information when people add products to their shopping cart. The only reason you'd need it is if you've got some sort of customized store that is actually collecting personal information when adding products to a shopping cart. I can't even think of an example of such a thing.

 

If you check out Amazon.com and the billions of other e-commerce sites out there, I doubt you'll find many that have a secure shopping cart.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

yeah, I mean, you're right ... you're not collecting personal information ... I guess I just wanted to have that "feel" for the customer. I'm trying to make my OSC tailored to the "dummy user" who would just feel safer if they saw that lock and the https:// .... but perhaps it's too difficult for a newb like me to tinker with. Thanks for sharing the information, though. I'll probably leave it be for now.

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

Well, the checkout process needs to be secured, but there's no reason the shopping cart needs to be secured. You're not collecting personal information when people add products to their shopping cart. The only reason you'd need it is if you've got some sort of customized store that is actually collecting personal information when adding products to a shopping cart. I can't even think of an example of such a thing.

Actually I would prefer to keep a constant secure connection once a customer logs in because he may go through account or checkout pages and then switch to the shopping cart of products listings. The sessions related with his account or payment etc (or some other variables). should stay with encrypted pages; my $.02

Link to comment
Share on other sites

Though I understand that there are plenty of people who feel overwhelmed by technical babble about online scams and fraud and probably would think that the little padlock on their cart is a good and necessary thing, it's not something that's truly needed. You can make it more apparant that your actual checkout is secure by changing the checkout link on the shopping cart page to say something like "Secure Checkout." This would encourage those people who don't quite understand what's supposed to be secure and when they're supposed to see that little padlock.

 

It's not impossible to get the shopping cart secured, but I don't personally think it's worth the effort unless you have a specific reason for doing it.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Actually I would prefer to keep a constant secure connection once a customer logs in because he may go through account or checkout pages and then switch to the shopping cart of products listings. The sessions related with his account or payment etc (or some other variables). should stay with encrypted pages; my $.02

 

I can agree with that. It's actually simpler than trying to secure just the shopping cart (and makes more sense) - ie if they're logged on, make HTTP_SERVER = HTTPS_SERVER. Or am I missing something?

 

I don't see much of a point in trying to secure just the shopping cart though.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

yea it should be simple, the way I did it for a store was in the tep_href_link function near the start I just added

 

	if( tep_session_is_registered('customer_id') ) {
  $connection = 'SSL';
}

 

and left the osc default to do the rest. I may customized few other things but that was the main one.

Link to comment
Share on other sites

Emag, where did you do this at? I mean, I have 24 instances of:

 

if (!tep_session_is_registered('customer_id')) {

$navigation->set_snapshot();

tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));

 

But I'm still not understanding how, once they log in to the secure login page, they stay secured throughout the whole thing.

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

No, he's saying you put it at the top of includes/html_output.php:

 

////
// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;

 

Change it to:

 

////
// The HTML href link wrapper function
 function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;
if( tep_session_is_registered('customer_id') ) {
  $connection = 'SSL';
}

 

It's just changing it in one place - you don't need to edit anything else. This changes it so that if the customer is logged in, the connection is always assumed to be over SSL, so all links that use tep_href_link should use HTTPS instead of HTTP. The customer_id session variable is not set if they're not logged in, and should always be set if they are. So, if it's set, use HTTPS.

Contributions

 

Discount Coupon Codes

Donations

Link to comment
Share on other sites

Excellent info, enig, and thank you very much, KG. I know it's not necessary for every page, but I like it when it's https, and the lock is there through their entire experience on my site, so I definitely appreciate your help in all this.

 

J

Jason

 

Simple 1-2-3 Intructions on how to get, install and configure SSL

 

The Google Sandbox explained

 

Simple to follow instructions on how to change the look of your OSC

 

How To Make A Horrible OSC Website

 

my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP

 

my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...