godaisy Posted November 28, 2006 Posted November 28, 2006 I got a secure connection working on the online store (running on a shared SSL), but having trouble setting it up on the admin site. I do have to log on to the admin site, but after logging in I still have the open padlock at the bottom. I've done about 10 searches & can't find any help. Can someone tell me what part of my code is incorrect? thanks <?php /* osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2003 osCommerce Released under the GNU General Public License */ // Define the webserver and path parameters // * DIR_FS_* = Filesystem directories (local/physical) // * DIR_WS_* = Webserver directories (virtual/URL) define('HTTP_SERVER', 'http://www.blueriveranglers.com'); // eg, http://localhost - should not be empty for productive servers define('HTTP_CATALOG_SERVER', 'http://www.blueriveranglers.com'); define('HTTPS_CATALOG_SERVER', 'https://protected.imoutdoorshosting.com/blueriveranglers'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module define('DIR_FS_DOCUMENT_ROOT', '/home/users/web/b1544/im.blueriveranglers/catalog/'); // where the pages are located on the server define('DIR_WS_ADMIN', '/catalog/admin/'); // absolute path required define('DIR_FS_ADMIN', '/home/users/web/b1544/im.blueriveranglers/catalog/admin/'); // absolute pate required define('DIR_WS_CATALOG', '/catalog/'); // absolute path required define('DIR_FS_CATALOG', '/home/users/web/b1544/im.blueriveranglers/catalog/'); // absolute path required define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); // define our database connection define('DB_SERVER', 'blah'); // eg, localhost - should not be empty for productive servers define('DB_SERVER_USERNAME', 'blah'); define('DB_SERVER_PASSWORD', 'blah'); define('DB_DATABASE', 'blah'); define('USE_PCONNECT', 'false'); // use persisstent connections? define('STORE_SESSIONS', 'mysql'); // leave empty '' for default handler or set to 'mysql' ?>
bill110 Posted November 28, 2006 Posted November 28, 2006 Just going into admin does'nt require SSL. Check if it is secure when you look at customer data. Should be https in address bar and padlock there. My Contributions Stylesheet With Descriptions Glassy Grey Boxtops Our Products Meta Tags On The Fly Password Protect Admin "No matter where you go....There you are" - Buccaroo Bonsai
Guest Posted November 28, 2006 Posted November 28, 2006 define('HTTP_SERVER', 'http://www.blueriveranglers.com'); define('HTTP_CATALOG_SERVER', 'http://www.blueriveranglers.com'); define('HTTPS_CATALOG_SERVER', 'https://protected.imoutdoorshosting.com/blueriveranglers'); define('ENABLE_SSL_CATALOG', 'true'); // secure webserver for catalog module For all the pages accessed in the admin area to be secured, you need to change the http to https in the SERVER and CATALOG_SERVER lines of this code as well.
godaisy Posted November 30, 2006 Author Posted November 30, 2006 ^^^the file is catalog/admin/includes/configure.php thanks, I changed all the links to https://, though I still get an open padlock after logging in..UNLESS I manually type https:// into the url, then after I log in the page is secure. The thing is, I thought that from http://blueriveranglers.com/catalog/admin, after logging in it would automatically link me to the secure page. Seems kind of pointless if I have to manually type in https:// to get a secure connection. How do I make it point to https:// after logging in? Or should I not be worried about it?
Druid6900 Posted November 30, 2006 Posted November 30, 2006 ^^^the file is catalog/admin/includes/configure.php thanks, I changed all the links to https://, though I still get an open padlock after logging in..UNLESS I manually type https:// into the url, then after I log in the page is secure. The thing is, I thought that from http://blueriveranglers.com/catalog/admin, after logging in it would automatically link me to the secure page. Seems kind of pointless if I have to manually type in https:// to get a secure connection. How do I make it point to https:// after logging in? Or should I not be worried about it? No, you really shouldn't be worried about it. The SSL certificate is, basically, for areas of the site, such as account creation, my account, checkout and, for some reason, log off, where customer information is flowing from the customer to the store and from the store to the owner. Admin isn't really one of those places. The OsC code know when to impliment the SSL function (if you have a certificate, of course) and does so for the necessary pages. As long as your admin area is a protected URL, either through your Hosting Control Panel or through a .htaccess/.htpasswd combo, that's sufficient. It seems that the only thing that covering your whole site does is slow it down. No Good Deed EVER Goes Unpunished
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.