Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Admin tool not automatically secured via ssl


Guest

Recommended Posts

Hello. Forgive me if this is a repeat question. I've searched around a bit and got answers to most of my questions. However, I am still in need of at least one more answer that I hope someone will be able to assist me in obtaining.

 

When I access the administration section (I have changed the admin folder name and setup .htaccess to require authentication against my encrypted .htpasswd file) the URL is http:// and I have an unprotected connection.

 

If I manually edit the URL to https:// I get a secured, encrypted connection.

 

However, once I click on any link to any section within the admin tool, the URL defaults back to http:// and if I wish to have secure communications with the server I have to edit the URL again to https://

 

I have followed the steps to edit the admin/includes/config.php (changed from admin/ of course) and the catalog/includes/config.php

 

Obviously I have over looked something but I am not sure what. I would definitely prefer that any access to the admin folder be directed to https:// rather than http://

 

Anyone have ideas what I may have missed?

 

Here is an edited (for security) /catalog/includes/config.php

 

--snip--

 

define('HTTP_SERVER', 'http://www.[mydomain].com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://www.[mydomain].com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.[mydomain].com');

define('HTTPS_COOKIE_DOMAIN', 'www.[mydomain].com');

define('HTTP_COOKIE_PATH', '/catalog/');

define('HTTPS_COOKIE_PATH', '/catalog/');

define('DIR_WS_HTTP_CATALOG', '/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/catalog/');

 

--snip--

 

and /[edited-admin]/includes/config.php ---- where [edited-admin] = name of admin folder

 

--snip--

 

define('HTTP_SERVER', 'http://www.[mydomain].com'); // eg, http://localhost - should not be empty for productive servers

define('HTTP_CATALOG_SERVER', 'http://www.[mydomain].com');

define('HTTPS_CATALOG_SERVER', 'https://www.[mydomain].com');

define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module

define('DIR_FS_DOCUMENT_ROOT', '/[edit]/[username]/html/catalog/'); // where the pages are located on the server

define('DIR_WS_ADMIN', '/catalog/[edited-admin]/'); // absolute path required

define('DIR_FS_ADMIN', '/[edit]/[username]/html/catalog/[edited-admin]/'); // absolute pate required

define('DIR_WS_CATALOG', '/catalog/'); // absolute path required

define('DIR_FS_CATALOG', '/[edit]/[username]/html/catalog/'); // absolute path required

 

--snip--

 

Seems the cart is working great other than this issue. When clicking 'My Account' the user is automatically forwarded to a secure page. Likewise with the 'Checkout' link is clicked the user is forwarded to a secure page.

 

Thanks

 

badsign

Link to comment
Share on other sites

Update:

 

Didn't see an edit option for original post. Just wanted to update this thread and advise that I found a solution.

 

Here's a link

 

The first http define in your admin/includes/configure.php file needs to use your secure path.

 

define('HTTP_SERVER', 'Your secure path here'); // eg, http://localhost or - https://localhost should not be NULL for productive servers

 

I updated my /admin/includes/config.php as described above and the admin tool is 100% ssl protected with no issues.

 

Thanks everyone. This forum is so valuable it only adds to the excellence which is osCommerce.

 

badsign

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...