smithveg Posted October 23, 2006 Posted October 23, 2006 Hi, I had buy a SSL for my site, and when i access it in IE, it prompt me the message 'you have some secure and non-secure items in this page' I think this is from the image directory. If i want to put the ssl for /images/ directory. Am i need to tell my host to do it, and i also add the following line of code in admin and catalog configure.php file, define('HTTPS_SERVER', 'https://yourdomain.com/images'); From an article, i forgot which article, i tell me that i need to add a certain php code in certain file. This is very complicated. Someone tell me, how can i have a easy ways to fix this 'secure and non-secure' message. Thanks. You reply would be appreciated. **** Hello World! ^.^ I'm a Internet naive. Browse my working profile Malaysia Web Services - OPerion Website Marketing System
Jack_mcs Posted October 23, 2006 Posted October 23, 2006 No, the line define('HTTPS_SERVER', 'https://yourdomain.com/images'); should be define('HTTPS_SERVER', 'https://yourdomain.com'); You don't need to apply the ssl to specific parts of your shop. The code will do that for you. The problem you are having is that there is a link on your page or in your code that is linking to a non-secure page. You have to find that link to fix it. There is no easy way to do this. If you know of a link to some external site, then that is the problem. There could be more than one. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
smithveg Posted October 23, 2006 Author Posted October 23, 2006 You have to find that link to fix it. There is no easy way to do this. Is that really not related to the images directories in my server? Do you know how can i fix this? Am i needs to fix this page by page? how to make the secure access for others link and images. Thanks. **** Hello World! ^.^ I'm a Internet naive. Browse my working profile Malaysia Web Services - OPerion Website Marketing System
natewlew Posted October 23, 2006 Posted October 23, 2006 I just had the same problem. If you use something like google analytics you have to use the ssl script. Other great Open Source (Free) programs: (Free as in free speech not free beer) The Gimp - An image program. | Firefox - All you have to do is add the Web Developer add-on to make this web browser complete. | FileZilla - An ftp program. | Inkscape - A good program to create images with. | Thunderbird - An email program. | Openoffice.org - An office suite that is compatible with MS Office. | Abiword - Another office suite. | Audacity - A sound recording tool. | ddp's Picks | Wordpress - An easy to use blogging software. | Joomla - An easy to use CMS that has ecommerce plug-ins. | Drupal - Another CMS How do I find these programs? Google Search!
smithveg Posted October 23, 2006 Author Posted October 23, 2006 I just had the same problem. If you use something like google analytics you have to use the ssl script. What's is google analytics? how to applu ssl script? **** Hello World! ^.^ I'm a Internet naive. Browse my working profile Malaysia Web Services - OPerion Website Marketing System
Jack_mcs Posted October 23, 2006 Posted October 23, 2006 Is that really not related to the images directories in my server? Do you know how can i fix this? Am i needs to fix this page by page? how to make the secure access for others link and images. Thanks. No, it's not. The link might load an image but that doesn't make a difference. If you have no idea where to look, an easy way to find the problem is to go to the login.php file and remove the left and right colums, the footer and finally the header. Keep refreshing the screen as you do each one. When the error goes away, you have found the problem area and will need to isolate from there. The problem with using this approach is that it disrupts your login page for a little while. Although it won't stop someone from logging in to the damage is not soo serious. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
smithveg Posted October 23, 2006 Author Posted October 23, 2006 No, it's not. The link might load an image but that doesn't make a difference. If you have no idea where to look, an easy way to find the problem is to go to the login.php file and remove the left and right colums, the footer and finally the header. Keep refreshing the screen as you do each one. Jack If i had find those link that caused the pop-up, how can i fix it? Do i need to add some litle code in that link? Thanks. **** Hello World! ^.^ I'm a Internet naive. Browse my working profile Malaysia Web Services - OPerion Website Marketing System
Jack_mcs Posted October 24, 2006 Posted October 24, 2006 Yes. Before the code, you need to put if ($request_type == NONSSL) { and after } If the code is in an html section of code, then you will probably need to enclose both of the above lines with <?php and ?> like <?php if ($request_type == NONSSL) { ?> Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
smithveg Posted October 24, 2006 Author Posted October 24, 2006 Jack Jack. Thank to your replies. I just realise that i had just move into linux ubuntu platform, so, no IE for me to test the pop-up now. In FF, i try to untick the 'pop-up blocking', but the pop-up still can not come out. Ooo... I can not do testing... **** Hello World! ^.^ I'm a Internet naive. Browse my working profile Malaysia Web Services - OPerion Website Marketing System
Tsuri Japan Posted November 2, 2006 Posted November 2, 2006 So for example in my create_account.php file what would I have to edit to stop the pop up from coming? Please just tell me what to look for in easy html coding and tell me what to put in or replace. I'm a bit confused on the previous messages as to what I'm supposed to do. Just when I got my SSL cert I thought all my headaches were gone but now a whole new bunch have sprung up on me. These pop ups are worse then some sort of porno site or something..... Nigelman :thumbsup:
Tsuri Japan Posted November 2, 2006 Posted November 2, 2006 Ok I took the one persons advice and found out it's my footer that is the problem...... I have links to other sites on it, how can I make this code secure or ok in SSL? <!-- footer //--> <?php include(DIR_WS_INCLUDES . 'footer.php');?> <!-- footer_eof //--> PS sorry the above rant, I was just pissed because it's been a pretty rough couple of 24 hours. :blush: Nigelman :-"
pirosaint Posted November 2, 2006 Posted November 2, 2006 No, it's not. The link might load an image but that doesn't make a difference. If you have no idea where to look, an easy way to find the problem is to go to the login.php file and remove the left and right colums, the footer and finally the header. Keep refreshing the screen as you do each one. When the error goes away, you have found the problem area and will need to isolate from there. The problem with using this approach is that it disrupts your login page for a little while. Although it won't stop someone from logging in to the damage is not soo serious. Jack Hey Jack .. I been following your advises and guess what.. I deleted everything but the forms on the login page and.. still I got the warning window.... It seems that : 1- when the site is in ssl mode doesn't read the ( 'image/' ) folder at all. 2 o it just not reading this : pixel_trans.gif... there's lots of them all over the place... 3 Would be somehow the application_top.php or application_bottom.php files??? Thanks very much for your time.. Would be great if you can respond your thoughts.. This is my site I have the same problem using IE but using firefox.. it shows the lock with the red mark LightGuy.com thanks again nch
Tsuri Japan Posted November 2, 2006 Posted November 2, 2006 GOT IT!! for any one who has links to other sites and you keep getting the pop up on ssl try this.... <?php if ($request_type == NONSSL) { /* only show adsense in NON SSL else it causes warning */ ?> <a href="http://www.sea-fishing.org/topsite/"> <img src="http://www.sea-fishing.org/topsite/button.php?u=Tsurishop" alt="FISHING SITES - Sea Coarse Carp Fly Pier Game Boat Hunting Fishing Tackle Websites" border="0" height=31 width=88 /> </a> <?php } ?> basically this code was the ticket: <?php if ($request_type == NONSSL) { /* only show adsense in NON SSL else it causes warning */ ?> PLACE GOOGLE CODE HERE <?php } ?> Nigelman :thumbsup:
Tsuri Japan Posted November 2, 2006 Posted November 2, 2006 ok well next I'm trying to work on that secure symbol in my admin section so far this is what I've done to no avail...... http://www.oscommerce.com/forums/index.php?s=&...st&p=963259 I don't get it...... I renamed my folder, went to config, set permissions to 777 and changed the ADMIN X 2 to my name, made sure the SSL part was set to TRUE, saved it, changed back the permissions to 444 went into my server side and gave that new folder a new name and password, reset my browser and I still have the not protected icon. I have a SSL cert from geotrust so that's not the problem. Any ideas what I did wrong? Nigelman
pirosaint Posted November 2, 2006 Posted November 2, 2006 GOT IT!! for any one who has links to other sites and you keep getting the pop up on ssl try this.... <?php if ($request_type == NONSSL) { /* only show adsense in NON SSL else it causes warning */ ?> <a href="http://www.sea-fishing.org/topsite/"> <img src="http://www.sea-fishing.org/topsite/button.php?u=Tsurishop" alt="FISHING SITES - Sea Coarse Carp Fly Pier Game Boat Hunting Fishing Tackle Websites" border="0" height=31 width=88 /> </a> <?php } ?> basically this code was the ticket: <?php if ($request_type == NONSSL) { /* only show adsense in NON SSL else it causes warning */ ?> PLACE GOOGLE CODE HERE <?php } ?> Nigelman :thumbsup: hey man ! hi you ding.. thanks for your reply ! but i dont use ad sense.. id like to but i just cant.. by now i have this mess and i dont know how to fix it... well... you said to put that code in front of what?? in the footer.php? or just in front every external link ... in the footer/php?... my problem is.. that when the store is in SSl mode.. it doesn't reads the 'image/' folder... so i got the lock but no images or i got the images but not the lock funny thing in the admin secction is fine... no problems... that pissed me off... how can invert that... oh well so i am lost in this thing thanks for your comments nch
Tsuri Japan Posted November 2, 2006 Posted November 2, 2006 I think the idea of this is it removes those images when ssl is enabled. So in my instance it removed those link images in my footer....that's cool I don't mind as long as the customer dosen't get pop up after pop up. So if you do this it will basically remove those images from any SSL files. Got it? Nigelman :thumbsup:
Jack_mcs Posted November 3, 2006 Posted November 3, 2006 Hey Jack .. I been following your advises and guess what.. I deleted everything but the forms on the login page and.. still I got the warning window.... It seems that : 1- when the site is in ssl mode doesn't read the ( 'image/' ) folder at all. 2 o it just not reading this : pixel_trans.gif... there's lots of them all over the place... 3 Would be somehow the application_top.php or application_bottom.php files??? Thanks very much for your time.. Would be great if you can respond your thoughts.. This is my site I have the same problem using IE but using firefox.. it shows the lock with the red mark LightGuy.com thanks again nch If you are getting a non-securre warning when you go to an ssl page, it means there is a non-secure link on the page. The link could be hidden, but it is there. You will have to get searching until you find it. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
pealtechnologies Posted November 14, 2006 Posted November 14, 2006 ok well i have ssl installed on my site. but it doesnt show any of the images. whats up with this the images are at www.leetmachines.com/images and the roll overs are at www.leetmachines.com/images/images https://www.leetmachines.com doesnt show them http://www.leetmachines.com does http://www.leetmachines.com/images/gaming.gif is found https://www.leetmachines.com/images/gaming.gif is not found
pirosaint Posted November 14, 2006 Posted November 14, 2006 ok well i have ssl installed on my site. but it doesnt show any of the images. whats up with this the images are at www.leetmachines.com/images and the roll overs are at www.leetmachines.com/images/images https://www.leetmachines.com doesnt show them http://www.leetmachines.com does http://www.leetmachines.com/images/gaming.gif is found https://www.leetmachines.com/images/gaming.gif is not found first of all this this isa post from Alanr some where on this forum and also at the contributions. // I guess I better add this tip here, it's the logical place after all. This is for people who are having trouble getting ssl to work, especially shared ssl. The way I've written it is oriented towards a 1&1 server but its use is general and applies to all servers. It's all about setting line 41 in application_top.php for those cases where the standard query does not work. This is line 41: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; Now that's a very narrow test and lots of servers won't respond with on (or at all) to that. So the trick is to find out how the server does respond. Create a little file, I named it myenv.php, with these lines: CODE <?php echo 'HTTP HOST: ' . "$HTTP_HOST"; echo '<br>Server Port: ' . getenv('SERVER_PORT'); echo '<br>SSL Status: ' . getenv('HTTPS'); echo '<br>Fowarded Server: ' . getenv('HTTP_X_FORWARDED_SERVER'); echo '<br>Fowarded Host: ' . getenv('HTTP_X_FORWARDED_HOST'); echo '<br>Fowarded By: ' . getenv('HTTP_X_FORWARDED_BY'); ?> If you put that somewhere on the server, probably root and run it like so: https://ssl.shared.com/mydomain.com/myenv.php you'll be able to see how the server responds to these queries. You'll need to change this to fit your situation but you get the idea. Some dedicated ssls respond with a 1 instead of on to No. 3 for example. Shared servers may respond differently to 4 & 5 but 1&1 gives the same response to both. Once you know how the server answers these queries you can figure out the best solution for line 41 in application_top.php. If, for example, you have a dedicated ssl and query 3 returns a 1 then you simply change line 41 to: $request_type = (getenv('HTTPS') == '1') ? 'SSL' : 'NONSSL'; Frequently on shared servers you'll get no response at all to getenv('HTTPS'). This is where the other responses are useful (and most people have problems). For example shared 1&1 returns ssl.perfora.net to queries 4 and 5. So setting line 41 line as below does the trick (I'm commenting out the original line for reference). // $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; $request_type = (getenv('HTTP_X_FORWARDED_HOST') == 'ssl.perfora.net') ? 'SSL' : 'NONSSL'; Here's another case: The standard ssl port for dedicated ssl is 443 (the standard http port is 80). I've seen dedicated ssl which returns no response for getenv('HTTPS') but does return a 443. In this case you can set line 41, testing for port 443, like so: $request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL'; The best way to use the script is to run it in both http and https environments and look at the differences in the responses. You want to pick a response which is unique to ssl (your https connection), it's no use to pick something which stays the same in both modes, you want to pick something to make a switch. One more thing: ================================================================================ ========================= How do you know if your ssl is switching on and off as it should? Simple, in source view, near the top of every page you'll see in your browser you'll find this line: In http (no ssl engaged, regular pages) <base href="http://www.somedomain.com/catalog/"> (assuming you're using the catalog folder) In https (ssl engaged - my account, checkout, etc.) <base href="https://www.somedomain.com/catalog/"> or for shared ssl something like this: <base href="https://ssl.myhost.com/somedomain/catalog/"> That's it. That's what line 41 is all about, it sets that line. So when you find a broken padlock or the images aren't loading that's the first place you need to look. The goal is to get that switching back and forth as you change from http to https and back. // line 41 of catalog/application_top.php where it says '443' change it to "on": //like this: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; then.. you have to open all the pages where the ssl is gonna work such a: login password account.. etc... and then search in between the <head></head> tags for this line of code: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> and replace everything in between the "" with your ssl domain name.. example: my store: www.lightguy.com.. ssl = "www.lightguy.com" so would be like this: <base href="https://www.lightguy.com"> and that would be all to it.... remember to check you configure.php first: - catalog/includes/configure.php - catalogo/admin/includes/configure.php. there you go.... it took me over a month to get it working.... nch
pirosaint Posted November 14, 2006 Posted November 14, 2006 It took me over a month until i got this... this it was nothing.. 1 hr. hope youll get it nch
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.