Guest Posted November 23, 2006 Posted November 23, 2006 Right, I have read as many posts as I can find about this, and they all tell me its because I'm hot linking images from another page; I'm not. SSL works absolutely fine on Firefox, not a single problem; although the images that use the OSCOMMERCE code: <?php echo tep_image(DIR_WS_IMAGES . 'table_background_default.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?> appear as http:// not https:// in secure mode. In IE, you will get a box appearing asking whether you want to view nonsecure items, which if you click 'yes' will let you use the site fine and all images appear, but the padlock is missing. Click 'no' and all the images that are called using the OSCOMMERCE code don't work (the header image works fine as I directly linked that to always draw from https://). This seems to be a problem with the way that OSCOMMERCE calls its images. I am with 1&1 and use a dedicated certificate: www.xsrcomputers.co.uk. As I have said, the site works fine in Firefox, its only when it comes to IE that issues start poping up (due to the way that IE exagerates the fact that images are a security hole, whereas Firefox doesn't care :)) I have a static site sitting on http://www.xsrcomputers.co.uk which can be secured and there are no problems with that (type in 'https://www.xsrcomputers.co.uk' and it will work fine, fully secure in both Firefox and IE). I'm not a novice at web programming, but I can't for the life of me work this out, hopefully one of you has the answer? Link to site: http://www.xsrcomputers.co.uk/catalog/ Config file: <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.xsrcomputers.co.uk'); // eg, http://localhost - should not be empty for productive servers define('HTTPS_SERVER', 'https://www.xsrcomputers.co.uk'); // eg, https://localhost - should not be empty for productive servers define('ENABLE_SSL', true); // secure webserver for checkout procedure? define('HTTP_COOKIE_DOMAIN', 'www.xsrcomputers.co.uk'); define('HTTPS_COOKIE_DOMAIN', 'www.xsrcomputers.co.uk'); define('HTTP_COOKIE_PATH', '/catalog/'); define('HTTPS_COOKIE_PATH', '/catalog/'); define('DIR_WS_HTTP_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); ?> EDIT: typing in 'https://www.xsrcomputers.co.uk/catalog/ secures the page completely in both Firefox and IE, very odd.... Thank you for your time, Steve
Jack_mcs Posted November 23, 2006 Posted November 23, 2006 I'm not sure what the problem is since you don't really ask a question and it seems you are referring to some previously stated problem. But assuming the problem is that you are getting a non-secure warning on your site, that is because of a non-secure link to some other site. It doesn't have anything to do with your images. It generally turns out to be some link the footer or left or right columns to antother site or code added like google adsense. Jack Support Links: For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc. All of My Addons Get the latest versions of my addons Recommended SEO Addons
Guest Posted November 23, 2006 Posted November 23, 2006 I'm not sure what the problem is since you don't really ask a question and it seems you are referring to some previously stated problem. But assuming the problem is that you are getting a non-secure warning on your site, that is because of a non-secure link to some other site. It doesn't have anything to do with your images. It generally turns out to be some link the footer or left or right columns to antother site or code added like google adsense. Jack Cheers for the fast reply. Sorry about not asking a question :blush: , basically I want to get rid of the nonsecure question. It seems odd that OSCOMMERCE called images are not being secured. I'm looking for how to change their link from http:// to https://. As they are called by OSCOMMERCE it must be an option that I have forgotten to change? There are no hotlinked images on the page at all. The problem is only with OSCOMMERCE called images.
Guest Posted November 23, 2006 Posted November 23, 2006 FIXED!!!! (I'm very happy BTW!) Essentially, the cause for all of this is this line at the top of the secured pages: Code version, in the login.php file for instance: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> Rendered version (right click and checking source): <base href="http://www.xsrcomputers.co.uk/catalog/"> Essentially, the code doesn't realise that the page is SSL and hence doesn't change the base name to https://. I am not 100% sure how to change it so that it does, but a quick fix is to go through all of your secured files and change the code version to a 'static' version, i.e. From: <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> To: <base href="http[b]s[/b]://www.xsrcomputers.co.uk/catalog/"> I really honestly hopes this helps someone not have to go through the trouble that I have :D
Guest Posted November 23, 2006 Posted November 23, 2006 To do this automatically, and not have to manually change every secure page, whack this code into application_top.php in includes: Add below: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; this $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; Cheers to AlanR who wrote this in a contribution
zero_club Posted November 23, 2006 Posted November 23, 2006 To do this automatically, and not have to manually change every secure page, whack this code into application_top.php in includes: Add below: $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; this $request_type = (eregi ($HTTP_HOST, HTTPS_SERVER)) ? 'SSL' : 'NONSSL'; Cheers to AlanR who wrote this in a contribution Hi There, I've a smiliar problem on my site. I took your suggestion above & amended the application_top.php. I managed to get some pages on secure mode. however once click on other links it automatically changed back to non-secure mode. any idea ? thanks
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.