bswen Posted October 1, 2006 Posted October 1, 2006 admin/includes/configure.php: ... define('HTTP_SERVER', 'http://www.twohandsworldshop.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers define('HTTP_CATALOG_SERVER', 'http://www.twohandsworldshop.com'); define('HTTPS_CATALOG_SERVER', 'https://twohandsworldshop.com'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module ... catalog/includes/configure.php ... define('HTTP_SERVER', 'http://twohandsworldshop.com'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://twohandsworldshop.com'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.twohandsworlshop.com'); define('HTTPS_COOKIE_DOMAIN', 'twohandsworldshop.com'); define('HTTP_COOKIE_PATH', ''); define('HTTPS_COOKIE_PATH', ''); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); ... I have a cert through Thawte. It works properly when using https protocol in address, but osCommerce is not using it. I believe the above settings should activate SSL in osCommerce checkout... I'm missing something, what is it? Thanks for the support, this community rocks as this is the first time I've had to post in four weeks of customizing my osc install.
bswen Posted October 2, 2006 Author Posted October 2, 2006 I've got to get the SSL working... bumping to top. I've been over the config and through the forums. SSL should be working. osC is simply not using the 'SSL' setting the the tep_href_link function. osC never enters SSL mode, never switches to the https protocol. Take a look at my site and have a look for yourself. Does anyone have any ideas?
♥Vger Posted October 2, 2006 Posted October 2, 2006 Take a look in both of the includes/local folders, and if you find alternative configure.php files inside those 'local' folders then delete or rename them. They override the main configure.php files - if they exist. Also make sure that when you upload changed configure.php files that they are actually overwriting the online files - because if the online configure.php files are 'Read Only' (which they should be) then you need to change permissions before uploading changed files, to allow the online files to be overwritten. Reset permissions afterwards. Vger
bswen Posted October 2, 2006 Author Posted October 2, 2006 I did indeed have copies of configure.php in my includes/local/ directory. I did not know they existed. I renamed them and made sure the changes in catalog/includes/configure.php and admin/includes/configure.php were saved. My SSL is now working like a charm. Thanks Vger, you rock.
wef Posted October 6, 2006 Posted October 6, 2006 Hello, I am new to OSCommerce development, and trying to help client who had a previous developer build site - a combination of web design and OSCommerce for purchases. Site is running but does NOT include SSL (among other things previous developer - and no longer available - forgot!) From various postings, this seems to be the short checklist to get secure SSL transactions: 1. Make sure site has Fixed IP Address (Change and restart Apache Web Server if needed). 2. Obtain SSL certificate with above Fixed IP - use Subdomain.MySite.com and not MySite.com on certificate - since working site is in Subdomain. 3. Install certificate, verify it "works" -- ie no issues of self-signed or certificate chain broken. 4. Change includes/configure.php and admin/includes/configure.php and add appropriate values to HTTPS_SERVER HTTPS_COOKIE_DOMAIN HTTPS_COOKIE_PATH - all of which are currently blank 5. Verify upload - check file date of uploaded files - make sure new files on server. ReadOnly Protect. 6. Verify no other "local copies" of configure.php exist. 7. TEST! 8. SELL! Did I leave something out? Thanks in advance - do not want to look ignorant to my new client.... Walter
qkzoo Posted January 7, 2011 Posted January 7, 2011 I did the changes as listed above, and when I login, the https is working. However, moving between different pages in the site, all OS Commerce pages, it drops the https and reverts back to http. How can I get it to load in https no matter what page the user is on, starting from the main page for instance? Thanks for any help, Andy
♥geoffreywalton Posted January 8, 2011 Posted January 8, 2011 That is the way it is suposed to work only pages where cc info and passwords are entered use SSL. THere are some good links to nfo about SSL in my profile. HTH G Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile Virus Threat Scanner My Contributions Basic install answers. Click here for Contributions / Add Ons. UK your site. Site Move. Basic design info. For links mentioned in old answers that are no longer here follow this link Useful Threads. If this post was useful, click the Like This button over there ======>>>>>.
qkzoo Posted January 8, 2011 Posted January 8, 2011 Ok, that kinda makes sense I guess. Any idea why it might not be kicking in when I login to my OSC Administrative login?
germ Posted January 8, 2011 Posted January 8, 2011 Be sure you specify it when you access the admin, like: https://www.yourdomain.com/admin or https://yourdomain.com/admin (depending on which one the SSL cert is for) Note that both URL's use https If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
qkzoo Posted January 9, 2011 Posted January 9, 2011 I have, and when it loads the login.php page, it reverts back to the "http://" and not "https://" like it should be... any ideas?
germ Posted January 9, 2011 Posted January 9, 2011 If you want the admin to be SSL all the time you have to do this Just be sure you use your domain info in the file, not theirs. The point there being to make the define for HTTP_SERVER in the admin config file a URL that begins with https If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
qkzoo Posted January 9, 2011 Posted January 9, 2011 Ok, I just noticed something, perhaps you can tell me if I'm on or off here. I loaded both configure.php files side by side and were looking at them and I noticed that there is a variable defined in the standard configure file, but not the admin one. catalog/includes/configure.php define('HTTP_SERVER', 'http://example.com'); define('HTTPS_SERVER', 'https://example.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'example.com'); define('HTTPS_COOKIE_DOMAIN', 'example.com'); catalog/admin/includes/configure.php define('HTTP_SERVER', 'http://example.com'); define('HTTP_CATALOG_SERVER', 'http://example.com'); define('HTTPS_CATALOG_SERVER', 'https://example.com'); define('ENABLE_SSL_CATALOG', 'true'); Should that variable be defined in the admin configure.php as well? Note, my url isn't actually example.com, my site isn't ready yet so I don't want it messed with. Thanks, Andy
germ Posted January 9, 2011 Posted January 9, 2011 No, HTTPS_SERVER isn't supposed to be defined in the admin config file. It's in the catalog one because the catalog switches from HTTP to HTTPS at times. The admin has no provision to do this (switch from one to the other). If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
qkzoo Posted January 9, 2011 Posted January 9, 2011 Ok, I tried the suggestion on that page, and Google Chrome loaded the admin login as secure but with a slash through it, like it isn't secure? Any ideas? In Firefox, it says it is "partially" encrypted.
germ Posted January 9, 2011 Posted January 9, 2011 You sure the config file is correct (i.e. using or not using the "www.")? :unsure: SSL certs are configured for only one and either using the "www." when you shouldn't or not using it when you should will cause problems. If you made changes to the config file locally and FTP'd it to the server be sure the file on the server says what you THINK it says. Sometimes permissions on the server won't allow FTP to overwrite the file. Something else to be aware of: In the includes FOLDER (catalog and admin) where the normal configure.php files are there is a FOLDER named local On some installs there may be a configure.php inside the local FOLDER (catalog and admin) If there is, anything in it overrides anything in the normal configure.php files. If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
qkzoo Posted January 9, 2011 Posted January 9, 2011 hmm, this could be tricky. All I know about the SSL installation is that I received an email from HostGator saying that it had been installed, and where to get logos for it. I'll see if I can get a hold of them to find out.
germ Posted January 9, 2011 Posted January 9, 2011 The only other reason I can think of for it to not be secure would be HTTP links to images or scripts, either in the source or the stylesheet. That is of course provided the site recognizes that SSL is active when it's supposed to be. Some don't. :blush: If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
qkzoo Posted January 9, 2011 Posted January 9, 2011 From what my provider is telling me, my SSL config is for "example.com" not "www.example.com", so that clears up that issue. I know what you're talking about as far as permissions as well, I figured that out the hard way a couple days ago. I checked both "local" folders, and the only thing in them was a readme file, so no issues there. Here's a snippet of my config files, perhaps you can tell me if I'm doing something wrong here: catalog/includes/configure.php define('HTTP_SERVER', 'http://example.com'); define('HTTPS_SERVER', 'https://example.com'); define('ENABLE_SSL', true); define('HTTP_COOKIE_DOMAIN', 'example.com'); define('HTTPS_COOKIE_DOMAIN', 'example.com'); define('HTTP_COOKIE_PATH', '/'); define('HTTPS_COOKIE_PATH', '/'); define('DIR_WS_HTTP_CATALOG', '/'); define('DIR_WS_HTTPS_CATALOG', '/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); catalog/admin/includes/configure.php define('HTTP_SERVER', 'https://example.com'); define('HTTP_CATALOG_SERVER', 'http://example.com'); define('HTTPS_CATALOG_SERVER', 'https://example.com'); define('ENABLE_SSL_CATALOG', 'true'); define('DIR_FS_DOCUMENT_ROOT', '/home/adiamond/public_html/'); define('DIR_WS_ADMIN', '/admin/'); define('DIR_FS_ADMIN', '/home/adiamond/public_html/admin/'); define('DIR_WS_CATALOG', '/'); define('DIR_FS_CATALOG', '/home/adiamond/public_html/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');
germ Posted January 9, 2011 Posted January 9, 2011 Not seeing anything amiss there. Did you check the HTML source of the page and the stylesheet for HTTP links to images or scripts? :unsure: Those will screw up SSL pages faster than ants to a picinc... :blush: Without your URL I've just about exhausted my "bag of tricks" here. :'( If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you. "Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice." - Me - "Headers already sent" - The definitive help "Cannot redeclare ..." - How to find/fix it SSL Implementation Help Like this post? "Like" it again over there >
qkzoo Posted January 9, 2011 Posted January 9, 2011 Doh! I just figured it out, forgot the "s" in the admin configure.php file: define('HTTP_CATALOG_SERVER', 'http://example.com'); I added it and it is working now, whew!
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.