sarpanch Posted August 31, 2006 Share Posted August 31, 2006 Hi everyone, I am trying to setup OSCommerce on one of my sites. Its a brilliant open source program. Now here's a little modification I want to make. I use SSL on my site & its working great with OSCommerce. Is it possible that whenever a user logins, the site should change from http to https. Looking forward to all your replies. Thanks Link to comment Share on other sites More sharing options...
jasonabc Posted September 1, 2006 Share Posted September 1, 2006 It should do this automatically? When a customer logs in (hits My Account for example) the store should move over to a secure connection so they can log in with their username and password. The entire My Account area is set for https:// - as are all the checkout pages. You have to set ENABLE_SSL in your /includes/configure.php file to true Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix Link to comment Share on other sites More sharing options...
sarpanch Posted September 1, 2006 Author Share Posted September 1, 2006 Thats true. But is it possible to switch the complete catalog to SSL? So that the logged-in user doesn't has to switch betweem a secure and unsecure connection. Link to comment Share on other sites More sharing options...
jhsands Posted September 1, 2006 Share Posted September 1, 2006 Thats true.But is it possible to switch the complete catalog to SSL? So that the logged-in user doesn't has to switch betweem a secure and unsecure connection. BACKUP your current files before editing. Did I mention to BACKUP your current files, first? /catalog/includes/configure.php define('HTTP_SERVER', 'https://www.yourdomain.tld'); define('HTTPS_SERVER', 'https://www.yourdomain.tld'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'www.yourdomain.tld'); define('HTTPS_COOKIE_DOMAIN', 'www.yourdomain.tld'); /catalog/admin/includes/configure.php define('HTTP_SERVER', 'https://www.yourdomain.tld'); define('HTTP_CATALOG_SERVER', 'https://www.yourdomain.tld'); define('HTTPS_CATALOG_SERVER', 'https://www.yourdomain.tld'); define('ENABLE_SSL_CATALOG', 'true'); define('DIR_FS_DOCUMENT_ROOT', '/home/username/public_html'); define('DIR_WS_ADMIN', '/catalog/admin/'); define('DIR_FS_ADMIN', '/home/username/public_html/catalog/admin/'); // define('DIR_WS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', '/home/username/public_html/catalog/'); Notice the S in: HTTP_SERVER and HTTP_CATALOG_SERVER If the following file is present you will need to change it: catalog/includes/local/configure.php Line 18, 'ENABLE_SSL', 0 (Change 0 to 1) BACKUP your current files before editing. Did I mention to BACKUP your current files, first? "I'm not a hero, I'm a firefighter; it is my job to save lives. I'm a Jesus Christ Firefighter saving souls from the flames!" Installed contribs: Almost XP Buttons *** Attribute Sort *** Auto Thumbnail Change *** Column Product Listing (for SPPC v4.0) *** Contact Us Registered *** Country-State Selector 1.3.3J *** CC# Db Mask 1.3 *** Email Order Clickable Link *** Extra Images *** Linkpoint API CVM *** Loginbox Best *** New Spiders *** New Attrib Mgr v.5.0 w/ New Attrib Include *** Multi Product Update *** MySQL Cron *** Pricing per Category *** Product Listing in Columns v2.2 [later upgraded to CPL(SPPC)] *** Product Sort v1.6 *** Seperate Pricing Per Customer v4.15 *** Simple Down for Maintenance [Gokou] *** Ultimate_SEO_URLs_v2.2.2 *** UPS Worldship Export 1.3 *** Welcome Email username & password Link to comment Share on other sites More sharing options...
jasonabc Posted September 1, 2006 Share Posted September 1, 2006 But is it possible to switch the complete catalog to SSL? Yes. But this is 1) extremely inefficient 2) completely unneccessary Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix Link to comment Share on other sites More sharing options...
sarpanch Posted September 1, 2006 Author Share Posted September 1, 2006 @jhsands Thanks for the reply, but I guess that would enable SSL even for guests. What am looking to do is tweak the code so that the guests should surf the site over a normal http connection. This won't hurt the search engine bots. And when they log-in, the connection should switch over to https. I use the "if (tep_session_is_registered('customer_id'))" check at many places to customize the content for guests & logged-in users & I was wondering if something like this could be implemented for SSL too. @jasonabc I think I should have framed my query in a better way. Hope the above query makes things clear. Am not looking to switch my cart to SSL for all users but only when a user log-ins. Link to comment Share on other sites More sharing options...
jasonabc Posted September 1, 2006 Share Posted September 1, 2006 I understand what you meant. Switching "the entire catalog to SSL" when a user has logged in is (I repeat) inefficient and completly unneccessary. Why are you encrypting catalog and product pages? These pages are not passing any sensitive data whatsoever so SSL is not needed and the encryption just slows the whole thing down. Jason My Contributions: Paypal Payflow PRO | Rollover Category Images | Authorize.net Invoice Number Fix Link to comment Share on other sites More sharing options...
sarpanch Posted September 1, 2006 Author Share Posted September 1, 2006 Hmm, I guess I missed the 'slowing down' part. Thanks for your inputs. I won't be doing this tweak. But just for learning sake, you said its possible. Mind sharing the methodology on how to implement that. Link to comment Share on other sites More sharing options...
Gil_e_n Posted September 1, 2006 Share Posted September 1, 2006 You can do it by going to includes/functions/html_output.php and adding this code: if( tep_session_is_registered('customer_id') ) { $connection = 'SSL'; } after this code: function tep_href_link($page = '', $parameters = '', $connection = 'NONSSL', $add_session_id = true, $search_engine_safe = true) { global $request_type, $session_started, $SID; if (!tep_not_null($page)) { die('</td></tr></table></td></tr></table><br><br><font color="#ff0000"><b>Error!</b></font><br><br><b>Unable to determine the page link!<br><br>'); } Which I always thought was a neat trick. Code by enigma, as I recall. It also might be advisable to use if you don't require cookies, since otherwise, if I understand correctly, the session id is being passed in plain text over the internet if your users don't accept cookies. Which could allow hackers to log in to your users accounts. Always BACK UP your files and your database before making any changes. Before asking questions, check out the Knowledge Base. Check out the contributions to see if your problem's solved there. Search the forums. Useful threads: Store Speed Optimization How to make a horrible shop Basics for design change How to search the forums Useful contributions: Easypopulate Fast, Easy Checkout Header Tag Controller Link to comment Share on other sites More sharing options...
sarpanch Posted September 1, 2006 Author Share Posted September 1, 2006 Neat trick for sure!.. Thanks buddy. And yea, I feel cookies should be enforced no matter what. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.