Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

SSL & Cart Synchronization

ChasD

By ChasD
in General Support

Recommended Posts

ChasD

ChasD

Posted
Posted

I recently installed OSC on a shared host with IPOWERWEB (collective arrrrrrgh) and I have thoroughly plowed through the excellent guide "OSC SSL for the Innocent" but still have a few issues I could use a hand with.

 

Here's my current setup:

 

1. Shared SSL cert on IPOWERWEB

2. OSC is installed in root directory

 

/includes/configure.php

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'http://expphotoart.com); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://host123.ipowerweb.com/~expphoto); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'expphotoart.com');
 define('HTTPS_COOKIE_DOMAIN', 'host123.ipowerweb.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/~expphoto/'); //this has to be here otherwise you get 'Cookies Disabled' browser error!
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/expphoto/public_html/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

admin/includes/configure.php

 

// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
 define('HTTP_SERVER', 'https://host123.ipowerweb.com/~expphoto'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://expphotoart.com');
 define('HTTPS_CATALOG_SERVER', 'https://host123.ipowerweb.com/~expphoto');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/expphoto/public_html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/expphoto/public_html/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/home/expphoto/public_html/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

/includes/application_top.php

// set the type of request (secure or not)
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

Symptoms of my problems:

 

1. The configuration shown is the most functional of all configurations I've tried.

I can browse to www.expphotoart.com via http no problmes. I can browse catalog via http no problems. I can add items to guest cart via http no problems. When I click, 'checkout' in guest cart I am prompted to log-in (makes the switch to https no problem) however there is no message indicating that my cart will be merged into the member cart (first hint of a problem). Finally, after logging in (remember this is a part of the checkout process) I am returned to the index.php under https://host123.ipowerweb.com/~expphoto/index.php) when I think I should be taken back to the shopping cart (on the https side) - I believe??? in order to restart the checkout process. In any case, if from the https index.php I click on the Cart button it takes me back to the Guest (http) cart - might be a problem - where I click Checkout and it appears as though I can proceed through checkout no problem (it even looks like when I checkout that the contents from the guest cart were indeed put into the members cart successfully). This may sound fine, but consider #2...

 

2. Let's say during checkout in #1 above I decide that I need to add another item to my shopping cart - so I don't complete checkout but rather click on Home and I'm back at the http index.php. I then choose another item from the catalog and add it to my cart (guest cart). The guest cart screen comes up and shows two items in the cart. At this point I'm ready to checkout. I click Checkout (from within the guest cart) and it appears as though I can proceed to go through the order process (i.e. no prompt to re-login as it seems to recognize that I'm already logged in) - HOWEVER at the confirmation page, it shows that I am only purchasing one item - the first item in my cart... PROBLEM. This would indicate to me that no synchronization occured between guest cart and member cart even though when I clicked checkout in the guest cart, it did realize I was already logged in and took me straight to the checkout process (but evidently WITHOUT updating the contents of the member cart).

 

3. The final wrinkle... in #2 above after I've added that second item to the guest cart, if I were to click Home or Continue Shopping and then from the top menu bar choose Checkout - I am prompted once again to Login (this is via https://host123.ipowerweb.com and the message about merging the guest cart to the member cart showsup now) - also the number of items in the shopping cart shown on the index.php page goes from 2 to 1 - again I think this is an indication of what is in the guest cart (http) vs. what is in the member cart (https). All in all this might be standard behavior and when it happened I fully expected that upon logging in again that the member cart (https) would be updated to be the same as the guest cart, BUT surprise of surprises (NOT) I get stuck in a Login Loop whereby when I login it takes me immediately back to the login screen (even though on the main header it looks like I'm logged in as I'm only given a link to log off).

 

I've banged my head quite a bit on this one - I pray for some help from the SSL gods (or demons)!

 

Thanks,

 

Chuck

Vger

♥Vger

Posted
Posted

define('HTTP_COOKIE_DOMAIN', 'expphotoart.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

 

and make sure that in osC admin --> Configuration --> Sessions that 'Force Cookie Use' is set to 'false'. It doesn't work with shared ssl's.

 

Vger

ChasD

ChasD

Posted
  • Author
Posted
define('HTTP_COOKIE_DOMAIN', 'expphotoart.com');

define('HTTPS_COOKIE_DOMAIN', '');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '');

 

and make sure that in osC admin --> Configuration --> Sessions that 'Force Cookie Use' is set to 'false'. It doesn't work with shared ssl's.

 

Vger

 

VGER! - Awesome! Works first try - this should be pinned or contributed somewhere where other poor IPOWERWEB subscribers can find this.

 

One final problem as an aside... I have a folder password set for the Admin folder (via VDeck Password protect) - it seems to prompt/accept the password to the main config menu the first time I go there, but when I click on CATALOG and the redirect occurs to https - I'm prompted again for username/psswd to the folder - only this time it rejects my passoword. The only way I've been able to get in is to remove password protect on the admin folder, make my changes, then reapply - is there a better fix for this?

 

Also, looks like I lost my images (english flag icon and product thumbnails) in admin. I know there was info on this in the "SSL for the Innocent" guide, but is there an easy fix (something with how image paths are referenced?)?

 

Thanks Again! --Chuck

 

Here's the code that works for SSL on IPOWERWEB, w/shared server, & shared SSL cert:

 

/includes/configure.php

(Replace MySite.com with the domain name of your website)

(Replace host123 with the proper host number as shown in your IPOWERWEB welcome email - listed as your temp URL)

(Replace username with the username provided in your welcome email - this is the master username used to login to VDECK as well)

  define('HTTP_SERVER', 'http://MySite.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://host123.ipowerweb.com/~username'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'MySite.com');
 define('HTTPS_COOKIE_DOMAIN', '');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/username/public_html/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

/admin/includes/configure.php

 define('HTTP_SERVER', 'https://host123.ipowerweb.com/~username'); // eg, http://localhost - should not be empty for productive servers
 define('HTTP_CATALOG_SERVER', 'http://MySite.com');
 define('HTTPS_CATALOG_SERVER', 'https://host123.ipowerweb.com/~username');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
 define('DIR_FS_DOCUMENT_ROOT', '/home/username/public_html/'); // where the pages are located on the server
 define('DIR_WS_ADMIN', '/admin/'); // absolute path required
 define('DIR_FS_ADMIN', '/home/username/public_html/admin/'); // absolute pate required
 define('DIR_WS_CATALOG', '/'); // absolute path required
 define('DIR_FS_CATALOG', '/home/username/public_html/'); // absolute path required
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

 

/includes/application_top.php (about line 41)

// set the type of request (secure or not)
// $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';
 $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';
/

 

Many thanks again VGER!

gunnl

gunnl

Posted
Posted

Hi folks

 

I'm having this problem with my admin interface. It shows "You are not protected by a secure SSL connection".

 

Could any of you point out to me what is missing in my cofing files? My ssl certificate is issued to www.bushido.is

 

A - catalog
// Define the webserver and path parameters
// * DIR_FS_* = Filesystem directories (local/physical)
// * DIR_WS_* = Webserver directories (virtual/URL)
define('HTTP_SERVER', 'http://www.bushido.is'); // eg, http://localhost - should not be empty for productive servers
define('HTTPS_SERVER', 'https://www.bushido.is'); // eg, https://localhost - should not be empty for productive servers
define('ENABLE_SSL', true); // secure webserver for checkout procedure?
define('HTTP_COOKIE_DOMAIN', 'http://www.bushido.is');
define('HTTPS_COOKIE_DOMAIN', 'https://www.bushido.is');
define('HTTP_COOKIE_PATH', '/test/');
define('HTTPS_COOKIE_PATH', '/test/');
define('DIR_WS_HTTP_CATALOG', '/test/');
define('DIR_WS_HTTPS_CATALOG', '/test/');

B - admin
define('HTTP_SERVER', 'http://www.bushido.is'); // eg, http://localhost - should not be empty for productive servers
define('HTTP_CATALOG_SERVER', 'http://www.bushido.is');
define('HTTPS_CATALOG_SERVER', 'https://www.bushido.is');
define('ENABLE_SSL_CATALOG', true); // secure webserver for catalog module
define('DIR_FS_DOCUMENT_ROOT', '/var/www/is/bushido.is/html/test/'); // where the pages are located on the server
define('DIR_WS_ADMIN', '/test/admin/'); // absolute path required
define('DIR_FS_ADMIN', '/var/www/is/bushido.is/html/test/admin/'); // absolute pate required
define('DIR_WS_CATALOG', '/test/'); // absolute path required
define('DIR_FS_CATALOG', '/var/www/is/bushido.is/html/test/'); // absolute path required

 

Your help would be greatly appreciative :)

 

I'm hoping to go live this coming week :D

 

Kind regards

Gunnlaugur

Regards

Gunnlaugur

  • 2 weeks later...
Guest

Guest

Posted
Posted

IPOWERWEB USERS: PLEASE READ!!!

This is GREAT!!! Thanks for Vger for the fix and also to ChasD for taking time to post the actual code. This fixed several issues I was having. Like ChasD I kept getting kicked back to log in again when I wanted to check out plus I was also having the same issue when attempting to write a review or the "notify me of updates" This solution fixed all of the problems. Again, thanks to everyone. :D

  • 3 weeks later...
ChasD

ChasD

Posted
  • Author
Posted
IPOWERWEB USERS: PLEASE READ!!!

This is GREAT!!! Thanks for Vger for the fix and also to ChasD for taking time to post the actual code. This fixed several issues I was having. Like ChasD I kept getting kicked back to log in again when I wanted to check out plus I was also having the same issue when attempting to write a review or the "notify me of updates" This solution fixed all of the problems. Again, thanks to everyone. :D

 

UPDATE FOR IPOWERWEB USERS!!!

 

If you followed the config in this post to solve your shopping cart synch problems, you will likely be left with a small problem when you are in catalog admin. The problem I was having was although everything worked just fine, the links were broked to the catalog product images (in catalog admin) and to the language icons (in catalog admin) - i.e. I was getting the little red 'x' box for the product image thumbnail when I looked at each item in each catalog category and when I went to 'edit' an item, the flag icon was not there in the product details page. Below is a fix for this:

 

The issue apparently is with the construct of the URL (in admin) to the catalog images and language icons.

 

Here's the change made to /admin/includes/configure.php:

 

Code before the change...

define('DIR_WS_CATALOG', '/'); // absolute path required

 

Code after the change that fixed this problem... (replace ~username below with your IPOWERWEB master username - e.g. in my case, my username would be ~expphoto)

define('DIR_WS_CATALOG', '/~username/'); // absolute path required

 

You can read the dedicated post for this here.

  • 4 years later...
Mazi

Mazi

Posted
Posted

Hey folks,

 

after having read several threads for hours and having tried all different configurations I could think of, I'm finally out of ideas.

I have a similar problem (using OSC 2.2RC2) as described above: Whenaver someone tries to log in he gets stuck in a loop.

 

Here are my shop details:

Login URL: https://www.survey-templates.com/login.php

 

Config from /catalog/includes:

  define('HTTP_SERVER', 'https://www.survey-templates.com');
 define('HTTPS_SERVER', 'https://www.survey-templates.com');
 define('ENABLE_SSL', true);
 define('HTTP_COOKIE_DOMAIN', 'www.survey-templates.com');
 define('HTTPS_COOKIE_DOMAIN', 'www.survey-templates.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', '/');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');
 define('DIR_FS_CATALOG', '/home/htdocs/web27/html/mazi/ls/shop/catalog/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

- I'm using my own certificate which is issued for "www.survey-templates.com".

- Sessions are created and stored at MySQL database

- To create an account click the "buy now" button at https://www.survey-templates.com/index.php/cPath/1 and create a new account there.

 

I had a look at /catalog/login.php and noticed that I won't get past this line:

if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {

 

...though the required parameters seem to be passed because after clicking "Sign in" for the first time the URL changes to:

https://www.survey-templates.com/login.php/action/process?osCsid=q9bmkvbmms77t6r6gh6qjq0no4

 

I think this must have to do with some config settings which might be wrong.

 

I would be sooo glad if anybody could have a look at the config and the problem description in detail and give some advice. If there is anything else you need to help just let me know.

 

Thaaannks!

 

Mazi

germ

germ

Posted
Posted 

define('HTTP_SERVER', 'https://www.survey-templates.com');

 

That's wrong.

 

Needs to be:

 

define('HTTP_SERVER', 'http://www.survey-templates.com');

 

Having the whole shop SSL all the time is a bad idea (IMHO).

 

Part of the problem is your links are screwed.

 

Links like this:

 

https://www.YOUR-SITE.com/login.php/action/process

 

Should be:

 

https://www.YOUR-SITE.com/login.php?action=process

 

In your Admin, set 'Use Search-Engine Safe URLs (still in development)' to false.

 

Save it.

 

Sometimes you have to set 'Use Cache' to false (or clear the cache) to see any change.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

  • 1 month later...
Guest

Guest

Posted
Posted

freakin awesome.. thanks for everyone's help

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...