Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Enabling SSL for logged-in users


sarpanch

Recommended Posts

Hi everyone,

 

I am trying to setup OSCommerce on one of my sites. Its a brilliant open source program.

Now here's a little modification I want to make.

 

I use SSL on my site & its working great with OSCommerce.

Is it possible that whenever a user logins, the site should change from http to https.

 

Looking forward to all your replies.

 

Thanks

Link to comment
Share on other sites

It should do this automatically? When a customer logs in (hits My Account for example) the store should move over to a secure connection so they can log in with their username and password. The entire My Account area is set for https:// - as are all the checkout pages.

 

You have to set ENABLE_SSL in your /includes/configure.php file to true

Link to comment
Share on other sites

Thats true.

But is it possible to switch the complete catalog to SSL?

So that the logged-in user doesn't has to switch betweem a secure and unsecure connection.

 

 

BACKUP your current files before editing. Did I mention to BACKUP your current files, first?

 

/catalog/includes/configure.php

  define('HTTP_SERVER', 'https://www.yourdomain.tld'); 
 define('HTTPS_SERVER', 'https://www.yourdomain.tld');
 define('ENABLE_SSL', true); 
 define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.tld');
 define('HTTPS_COOKIE_DOMAIN', 'www.yourdomain.tld');

 

/catalog/admin/includes/configure.php

  define('HTTP_SERVER', 'https://www.yourdomain.tld'); 
 define('HTTP_CATALOG_SERVER', 'https://www.yourdomain.tld');
 define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.tld');
 define('ENABLE_SSL_CATALOG', 'true'); 
 define('DIR_FS_DOCUMENT_ROOT', '/home/username/public_html'); 
 define('DIR_WS_ADMIN', '/catalog/admin/'); 
 define('DIR_FS_ADMIN', '/home/username/public_html/catalog/admin/'); // 
 define('DIR_WS_CATALOG', '/catalog/'); 
 define('DIR_FS_CATALOG', '/home/username/public_html/catalog/');

 

Notice the S in:

HTTP_SERVER and HTTP_CATALOG_SERVER

 

If the following file is present you will need to change it: catalog/includes/local/configure.php

 

Line 18, 'ENABLE_SSL', 0 (Change 0 to 1)

BACKUP your current files before editing. Did I mention to BACKUP your current files, first?

 

"I'm not a hero, I'm a firefighter; it is my job to save lives. I'm a Jesus Christ Firefighter saving souls from the flames!"

 

Installed contribs: Almost XP Buttons *** Attribute Sort *** Auto Thumbnail Change *** Column Product Listing (for SPPC v4.0) *** Contact Us Registered *** Country-State Selector 1.3.3J *** CC# Db Mask 1.3 *** Email Order Clickable Link *** Extra Images *** Linkpoint API CVM *** Loginbox Best *** New Spiders *** New Attrib Mgr v.5.0 w/ New Attrib Include *** Multi Product Update *** MySQL Cron *** Pricing per Category *** Product Listing in Columns v2.2 [later upgraded to CPL(SPPC)] *** Product Sort v1.6 *** Seperate Pricing Per Customer v4.15 *** Simple Down for Maintenance [Gokou] *** Ultimate_SEO_URLs_v2.2.2 *** UPS Worldship Export 1.3 *** Welcome Email username & password

Link to comment
Share on other sites

@jhsands

Thanks for the reply, but I guess that would enable SSL even for guests.

 

What am looking to do is tweak the code so that the guests should surf the site over a normal http connection. This won't hurt the search engine bots. And when they log-in, the connection should switch over to https.

 

I use the "if (tep_session_is_registered('customer_id'))" check at many places to customize the content for guests & logged-in users & I was wondering if something like this could be implemented for SSL too.

 

@jasonabc

I think I should have framed my query in a better way. Hope the above query makes things clear. Am not looking to switch my cart to SSL for all users but only when a user log-ins.

Link to comment
Share on other sites

I understand what you meant. Switching "the entire catalog to SSL" when a user has logged in is (I repeat) inefficient and completly unneccessary.

 

Why are you encrypting catalog and product pages? These pages are not passing any sensitive data whatsoever so SSL is not needed and the encryption just slows the whole thing down.

Link to comment
Share on other sites

You can do it by going to includes/functions/html_output.php and adding this code:

  
  if( tep_session_is_registered('customer_id') ) {
  $connection = 'SSL';
}

after this code:

function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) {
global $request_type, $session_started, $SID;

if (!tep_not_null($page)) {
  die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>');
}

 

Which I always thought was a neat trick. Code by enigma, as I recall.

 

It also might be advisable to use if you don't require cookies, since otherwise, if I understand correctly, the session id is being passed in plain text over the internet if your users don't accept cookies. Which could allow hackers to log in to your users accounts.

Always BACK UP your files and your database before making any changes. Before asking questions, check out the Knowledge Base. Check out the contributions to see if your problem's solved there. Search the forums.

 

Useful threads: Store Speed Optimization How to make a horrible shop Basics for design change How to search the forums

 

Useful contributions: Easypopulate Fast, Easy Checkout Header Tag Controller

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...