Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

*ugh* SSL not working


bswen

Recommended Posts

admin/includes/configure.php:

...
 define('HTTP_SERVER', 'http://www.twohandsworldshop.com'); // eg, http://localhost or - https://localhost should not be NULL for productive servers
 define('HTTP_CATALOG_SERVER', 'http://www.twohandsworldshop.com');
 define('HTTPS_CATALOG_SERVER', 'https://twohandsworldshop.com');
 define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module
...

 

catalog/includes/configure.php

...
 define('HTTP_SERVER', 'http://twohandsworldshop.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://twohandsworldshop.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', 'true'); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.twohandsworlshop.com');
 define('HTTPS_COOKIE_DOMAIN', 'twohandsworldshop.com');
 define('HTTP_COOKIE_PATH', '');
 define('HTTPS_COOKIE_PATH', '');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
...

 

I have a cert through Thawte. It works properly when using https protocol in address, but osCommerce is not using it. I believe the above settings should activate SSL in osCommerce checkout... I'm missing something, what is it?

 

Thanks for the support, this community rocks as this is the first time I've had to post in four weeks of customizing my osc install.

Link to comment
Share on other sites

I've got to get the SSL working... bumping to top. I've been over the config and through the forums. SSL should be working. osC is simply not using the 'SSL' setting the the tep_href_link function. osC never enters SSL mode, never switches to the https protocol.

 

Take a look at my site and have a look for yourself.

 

Does anyone have any ideas?

Link to comment
Share on other sites

Take a look in both of the includes/local folders, and if you find alternative configure.php files inside those 'local' folders then delete or rename them. They override the main configure.php files - if they exist.

 

Also make sure that when you upload changed configure.php files that they are actually overwriting the online files - because if the online configure.php files are 'Read Only' (which they should be) then you need to change permissions before uploading changed files, to allow the online files to be overwritten. Reset permissions afterwards.

 

Vger

Link to comment
Share on other sites

I did indeed have copies of configure.php in my includes/local/ directory. I did not know they existed. I renamed them and made sure the changes in catalog/includes/configure.php and admin/includes/configure.php were saved. My SSL is now working like a charm.

 

Thanks Vger, you rock.

Link to comment
Share on other sites

Hello,

 

I am new to OSCommerce development, and trying to help client who had a previous developer build site - a combination of web design and OSCommerce for purchases. Site is running but does NOT include SSL (among other things previous developer - and no longer available - forgot!) From various postings, this seems to be the short checklist to get secure SSL transactions:

 

1. Make sure site has Fixed IP Address (Change and restart Apache Web Server if needed).

2. Obtain SSL certificate with above Fixed IP - use Subdomain.MySite.com and not MySite.com on certificate - since working site is in Subdomain.

3. Install certificate, verify it "works" -- ie no issues of self-signed or certificate chain broken.

4. Change includes/configure.php and admin/includes/configure.php and add appropriate values to HTTPS_SERVER HTTPS_COOKIE_DOMAIN HTTPS_COOKIE_PATH - all of which are currently blank

5. Verify upload - check file date of uploaded files - make sure new files on server. ReadOnly Protect.

6. Verify no other "local copies" of configure.php exist.

7. TEST!

 

8. SELL!

 

Did I leave something out?

 

Thanks in advance - do not want to look ignorant to my new client....

 

Walter

Link to comment
Share on other sites

  • 4 years later...

I did the changes as listed above, and when I login, the https is working. However, moving between different pages in the site, all OS Commerce pages, it drops the https and reverts back to http. How can I get it to load in https no matter what page the user is on, starting from the main page for instance?

 

Thanks for any help,

 

Andy

Link to comment
Share on other sites

That is the way it is suposed to work only pages where cc info and passwords are entered use SSL.

 

THere are some good links to nfo about SSL in my profile.

 

HTH

 

G

Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Link to comment
Share on other sites

Be sure you specify it when you access the admin, like:

 

https://www.yourdomain.com/admin

 

or

 

https://yourdomain.com/admin

 

(depending on which one the SSL cert is for)

 

Note that both URL's use https

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

If you want the admin to be SSL all the time you have to do this

 

Just be sure you use your domain info in the file, not theirs.

 

The point there being to make the define for HTTP_SERVER in the admin config file a URL that begins with https

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Ok, I just noticed something, perhaps you can tell me if I'm on or off here. I loaded both configure.php files side by side and were looking at them and I noticed that there is a variable defined in the standard configure file, but not the admin one.

 

catalog/includes/configure.php

define('HTTP_SERVER', 'http://example.com');

define('HTTPS_SERVER', 'https://example.com');

define('ENABLE_SSL', true);

define('HTTP_COOKIE_DOMAIN', 'example.com');

define('HTTPS_COOKIE_DOMAIN', 'example.com');

 

catalog/admin/includes/configure.php

define('HTTP_SERVER', 'http://example.com');

define('HTTP_CATALOG_SERVER', 'http://example.com');

define('HTTPS_CATALOG_SERVER', 'https://example.com');

define('ENABLE_SSL_CATALOG', 'true');

 

Should that variable be defined in the admin configure.php as well? Note, my url isn't actually example.com, my site isn't ready yet so I don't want it messed with.

 

 

Thanks,

 

Andy

Link to comment
Share on other sites

No, HTTPS_SERVER isn't supposed to be defined in the admin config file.

 

It's in the catalog one because the catalog switches from HTTP to HTTPS at times.

 

The admin has no provision to do this (switch from one to the other).

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Ok, I tried the suggestion on that page, and Google Chrome loaded the admin login as secure but with a slash through it, like it isn't secure? Any ideas?

 

In Firefox, it says it is "partially" encrypted.

Link to comment
Share on other sites

You sure the config file is correct (i.e. using or not using the "www.")?

:unsure:

 

SSL certs are configured for only one and either using the "www." when you shouldn't or not using it when you should will cause problems.

 

If you made changes to the config file locally and FTP'd it to the server be sure the file on the server says what you THINK it says.

 

Sometimes permissions on the server won't allow FTP to overwrite the file.

 

Something else to be aware of:

 

In the includes FOLDER (catalog and admin) where the normal configure.php files are there is a FOLDER named local

 

On some installs there may be a configure.php inside the local FOLDER (catalog and admin)

 

If there is, anything in it overrides anything in the normal configure.php files.

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

hmm, this could be tricky. All I know about the SSL installation is that I received an email from HostGator saying that it had been installed, and where to get logos for it. I'll see if I can get a hold of them to find out.

Link to comment
Share on other sites

The only other reason I can think of for it to not be secure would be HTTP links to images or scripts, either in the source or the stylesheet.

 

That is of course provided the site recognizes that SSL is active when it's supposed to be.

 

Some don't.

:blush:

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

From what my provider is telling me, my SSL config is for "example.com" not "www.example.com", so that clears up that issue. I know what you're talking about as far as permissions as well, I figured that out the hard way a couple days ago. I checked both "local" folders, and the only thing in them was a readme file, so no issues there. Here's a snippet of my config files, perhaps you can tell me if I'm doing something wrong here:

 

 

catalog/includes/configure.php

define('HTTP_SERVER', 'http://example.com');
define('HTTPS_SERVER', 'https://example.com');
define('ENABLE_SSL', true);
define('HTTP_COOKIE_DOMAIN', 'example.com');
define('HTTPS_COOKIE_DOMAIN', 'example.com');
define('HTTP_COOKIE_PATH', '/');
define('HTTPS_COOKIE_PATH', '/');
define('DIR_WS_HTTP_CATALOG', '/');
define('DIR_WS_HTTPS_CATALOG', '/');
define('DIR_WS_IMAGES', 'images/');
define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
define('DIR_WS_INCLUDES', 'includes/');
define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

 

catalog/admin/includes/configure.php

 define('HTTP_SERVER', 'https://example.com');
 define('HTTP_CATALOG_SERVER', 'http://example.com');
 define('HTTPS_CATALOG_SERVER', 'https://example.com');
 define('ENABLE_SSL_CATALOG', 'true');
 define('DIR_FS_DOCUMENT_ROOT', '/home/adiamond/public_html/');
 define('DIR_WS_ADMIN', '/admin/');
 define('DIR_FS_ADMIN', '/home/adiamond/public_html/admin/');
 define('DIR_WS_CATALOG', '/');
 define('DIR_FS_CATALOG', '/home/adiamond/public_html/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');
 define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
 define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
 define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
 define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
 define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
 define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Link to comment
Share on other sites

Not seeing anything amiss there.

 

Did you check the HTML source of the page and the stylesheet for HTTP links to images or scripts?

:unsure:

 

Those will screw up SSL pages faster than ants to a picinc...

:blush:

 

Without your URL I've just about exhausted my "bag of tricks" here.

:'(

If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Link to comment
Share on other sites

Doh! I just figured it out, forgot the "s" in the admin configure.php file:

 

define('HTTP_CATALOG_SERVER', 'http://example.com');

 

I added it and it is working now, whew!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...