jpweber Posted August 2, 2006 Share Posted August 2, 2006 My shopping_cart.php: I altered the code. The original code is: $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_SHOPPING_CART)); I changed it to: $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_SHOPPING_CART, '', 'SSL')); I figured that this would automatically take people to the https:// shopping_cart.php page, but presumably it doesn't. I'd like shopping_cart.php to be secure. But when you click the "Add to Cart" button, it always takes you to the non-secured http:// shopping_cart.php page. Does anyone have any suggestions on how I can get this to go to https:// all the time, instead of http://, when going to the shopping_cart.php page, or clicking the "Add to Cart" button? Thanks a lot for any suggestions! J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
kgt Posted August 2, 2006 Share Posted August 2, 2006 Everywhere you see the add to cart button you need to add that second 'SSL' parameter to the tep_href_link() function in that file. So every link that links TO the shopping cart needs to have that parameter added. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
jpweber Posted August 2, 2006 Author Share Posted August 2, 2006 hi KG. Makes sense what you're saying, and that's my thought, too. But on product_info.php, here is the code that puts the button there: <tr><td align="center"> <?php echo tep_draw_hidden_field('products_id', $product_info['products_id']) . tep_image_submit('button_in_cart.gif', IMAGE_BUTTON_IN_CART); ?> </td></tr> So there is no tep_href_link() function where I can put the SSL parameter. I don't even know how it links! lol ..... but that's the code, right there, for the button on product_info.php. I'm still a php newb, even though I've been studying for 3 months now. Any suggestions? I want shopping_cart to be https:// secure. Thanks a lot KG for taking the time to read my post and respond, J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
jpweber Posted August 2, 2006 Author Share Posted August 2, 2006 okay, I just tried this on product_info.php <?php echo tep_draw_hidden_field('products_id', $product_info['products_id']) . tep_image_submit('button_in_cart.gif', IMAGE_BUTTON_IN_CART, '', 'SSL')); And that didn't work. That gave me: Parse error: syntax error, unexpected ')', expecting ',' or ';' in /home/mysite/public_html/catalog/product_info.php on line 312 Ugh. This is a difficult one! Thanks for any suggestions, though, J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
kgt Posted August 3, 2006 Share Posted August 3, 2006 That's not the way forms work. You have to follow the trail. Form submissions work by specifying the "destination" in the form tag. Look in the tep_draw_form() function on that page. In includes/application_top, where changes made to the cart are handled, you'll find lines like this: tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); If you have Display Cart After Adding Product in Configuration > My Store set to true, then $goto = FILENAME_SHOPPING_CART. So you'd need something like: if( $goto == FILENAME_SHOPPING_CART ) tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters), 'SSL')); else tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); You also need to make sure all other links to the shopping cart (the little arrow on the shopping cart box, any links at the top, etc) use SSL. Why does this need to be done anyways? Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
jpweber Posted August 3, 2006 Author Share Posted August 3, 2006 Well, don't you think it would add to consumer confident if they knew that the contents of their shopping cart looked protected, with the lock at the bottom of the screen, and the https:// ?? I just think it'd give the customer a safe, more professional feel. Am I off base in this thinking? I haven't altered application_top yet, but I may back it up and test it out, J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
kgt Posted August 3, 2006 Share Posted August 3, 2006 Well, the checkout process needs to be secured, but there's no reason the shopping cart needs to be secured. You're not collecting personal information when people add products to their shopping cart. The only reason you'd need it is if you've got some sort of customized store that is actually collecting personal information when adding products to a shopping cart. I can't even think of an example of such a thing. If you check out Amazon.com and the billions of other e-commerce sites out there, I doubt you'll find many that have a secure shopping cart. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
jpweber Posted August 3, 2006 Author Share Posted August 3, 2006 yeah, I mean, you're right ... you're not collecting personal information ... I guess I just wanted to have that "feel" for the customer. I'm trying to make my OSC tailored to the "dummy user" who would just feel safer if they saw that lock and the https:// .... but perhaps it's too difficult for a newb like me to tinker with. Thanks for sharing the information, though. I'll probably leave it be for now. J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
Guest Posted August 3, 2006 Share Posted August 3, 2006 Well, the checkout process needs to be secured, but there's no reason the shopping cart needs to be secured. You're not collecting personal information when people add products to their shopping cart. The only reason you'd need it is if you've got some sort of customized store that is actually collecting personal information when adding products to a shopping cart. I can't even think of an example of such a thing. Actually I would prefer to keep a constant secure connection once a customer logs in because he may go through account or checkout pages and then switch to the shopping cart of products listings. The sessions related with his account or payment etc (or some other variables). should stay with encrypted pages; my $.02 Link to comment Share on other sites More sharing options...
kgt Posted August 3, 2006 Share Posted August 3, 2006 Though I understand that there are plenty of people who feel overwhelmed by technical babble about online scams and fraud and probably would think that the little padlock on their cart is a good and necessary thing, it's not something that's truly needed. You can make it more apparant that your actual checkout is secure by changing the checkout link on the shopping cart page to say something like "Secure Checkout." This would encourage those people who don't quite understand what's supposed to be secure and when they're supposed to see that little padlock. It's not impossible to get the shopping cart secured, but I don't personally think it's worth the effort unless you have a specific reason for doing it. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
kgt Posted August 3, 2006 Share Posted August 3, 2006 Actually I would prefer to keep a constant secure connection once a customer logs in because he may go through account or checkout pages and then switch to the shopping cart of products listings. The sessions related with his account or payment etc (or some other variables). should stay with encrypted pages; my $.02 I can agree with that. It's actually simpler than trying to secure just the shopping cart (and makes more sense) - ie if they're logged on, make HTTP_SERVER = HTTPS_SERVER. Or am I missing something? I don't see much of a point in trying to secure just the shopping cart though. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
Guest Posted August 3, 2006 Share Posted August 3, 2006 yea it should be simple, the way I did it for a store was in the tep_href_link function near the start I just added if( tep_session_is_registered('customer_id') ) { $connection = 'SSL'; } and left the osc default to do the rest. I may customized few other things but that was the main one. Link to comment Share on other sites More sharing options...
jpweber Posted August 3, 2006 Author Share Posted August 3, 2006 Emag, where did you do this at? I mean, I have 24 instances of: if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); But I'm still not understanding how, once they log in to the secure login page, they stay secured throughout the whole thing. J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
kgt Posted August 3, 2006 Share Posted August 3, 2006 No, he's saying you put it at the top of includes/html_output.php: //// // The HTML href link wrapper function function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { global $request_type, $session_started, $SID; Change it to: //// // The HTML href link wrapper function function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { global $request_type, $session_started, $SID; if( tep_session_is_registered('customer_id') ) { $connection = 'SSL'; } It's just changing it in one place - you don't need to edit anything else. This changes it so that if the customer is logged in, the connection is always assumed to be over SSL, so all links that use tep_href_link should use HTTPS instead of HTTP. The customer_id session variable is not set if they're not logged in, and should always be set if they are. So, if it's set, use HTTPS. Contributions Discount Coupon Codes Donations Link to comment Share on other sites More sharing options...
jpweber Posted August 3, 2006 Author Share Posted August 3, 2006 Excellent info, enig, and thank you very much, KG. I know it's not necessary for every page, but I like it when it's https, and the lock is there through their entire experience on my site, so I definitely appreciate your help in all this. J Jason Simple 1-2-3 Intructions on how to get, install and configure SSL The Google Sandbox explained Simple to follow instructions on how to change the look of your OSC How To Make A Horrible OSC Website my toolbox: All things WordPress-related - All things Adobe-related - PHP Designer 2007 - Codecanyon Junkie - Crimson Editor - Winmerge - phpMyAdmin - WS_FTP my installed contributions: Category Banners, File Upload feature-.77, Header Tags, Sort_Product_Attributes_1, XSellv2.3, Price Break 1.11.2, wishlist 3.5, rollover_category_images_v1.2, Short_Description_v2.1, UPSXML_v1_2_3, quickbooks qbi_v2_10, allprods v4.4, Mouseover-effect for image-buttons 1.0, Ultimate_SEO, AAP 1.41, Auto Select State Value, Fast Easy Checkout, Dynamic SiteMap v2.0, Image Magic, Links Manager 1.14, Featured Products, Customer Testimonials, Article Manager, FAQ System, and I'm sure more ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.